Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: von meinem WEB.DE Account werden Spam-Mails verschickt

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 06.01.2012, 16:17   #1
cska133
 
von meinem WEB.DE Account werden Spam-Mails verschickt - Standard

von meinem WEB.DE Account werden Spam-Mails verschickt



hallo,

zum 2. Mal in den letzten 10 Tagen sehe ich in meinem Outbox bei Web.de komische Emails als versendet, die ich aber nicht verschickt habe hä?
Sie sehen so aus (see Screenshot).
Die Email Adressen, an die die Emails (in beiden Fällen) gerichtet sind, kenne ich - es sind Adressen von 2 Anwendungen, die ich seit langem benutze (Comodo und PopPeeper).
Interessant ist dass ich zum Zeitpunkt, als die Email verschickt wurde (am 5.1) mit meinem PC gar nicht online war... wenn das überhaupt mit meinem PC zusammenhängt unentschlossen

weiss jemand etwas darüber?

danke


PS: Sowie ich mich erinnern kann, war ich mit dem Account von Zuhause und von der Arbeit eingeloggt. Wobei ich auch mit anderen Account an beiden PC eingeloggt war, aber Spam-Mails werden nur von diesem verschickt.

Ich bin bereit Eure Anweisungen zu befolgen! Danke
Angehängte Grafiken
Dateityp: png Spam Emails.png (16,3 KB, 346x aufgerufen)

Alt 07.01.2012, 17:02   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
von meinem WEB.DE Account werden Spam-Mails verschickt - Standard

von meinem WEB.DE Account werden Spam-Mails verschickt



Wurde das Passwort zu web.de geändert? War es vllt zu einfach gestrickt?

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 01.02.2012, 11:44   #3
cska133
 
von meinem WEB.DE Account werden Spam-Mails verschickt - Standard

von meinem WEB.DE Account werden Spam-Mails verschickt



sorry, erst jetzt war ich wieder heim.

Heim die Ergebnisse von ESET Online Scan:
von Partition C:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=0275d386434b3f4a8b79f4447f0ba6fb
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-24 02:57:30
# local_time=2012-01-24 03:57:30 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7600 NT 
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=3073 16777213 80 75 19437077 44411298 0 0
# compatibility_mode=5893 16776573 100 94 62807252 79805357 0 0
# compatibility_mode=8192 67108863 100 0 313 313 0 0
# scanned=226869
# found=0
# cleaned=0
# scan_time=13766
         
von D:
Code:
ATTFilter
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=0275d386434b3f4a8b79f4447f0ba6fb
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-24 05:43:04
# local_time=2012-01-24 06:43:04 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7600 NT 
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=3073 16777213 80 75 19456084 44426705 0 0
# compatibility_mode=5893 16776573 100 94 62826259 79824364 0 0
# compatibility_mode=8192 67108863 100 0 19320 19320 0 0
# scanned=41458
# found=2
# cleaned=0
# scan_time=8291
D:\Installationen\SkypeLauncher.exe	möglicherweise Variante von Win32/Bifrose.ECDRBXB Trojaner (Säubern nicht möglich)	00000000000000000000000000000000	I
D:\Installationen\AudioFiles-Converter (MP3-WMA-WAV)\AudioFiles Universal Converter 1.91.exe	Mehrere Bedrohungen (Säubern nicht möglich)	00000000000000000000000000000000	I
         
Beide Dateien wurden auf Virustotal.com zusätzlich getestet und dort wurden Befunde bestätigt.



Ergebnisse von Malwarebytes:
von C:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.24.04

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Jatak81 :: JATAK_81 [Administrator]

24.01.2012 20:04:42
mbam-log-2012-01-24 (20-04-42).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 389595
Laufzeit: 2 Stunde(n), 52 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

von D:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.01.02

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Jatak81 :: JATAK_81 [Administrator]

01.02.2012 11:07:57
mbam-log-2012-02-01 (11-07-57).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 213748
Laufzeit: 54 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         



Zitat:
Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
Hier 2 alte Logs:
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6302

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

07.04.2011 21:22:14
mbam-log-2011-04-07 (21-22-14).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 165890
Laufzeit: 2 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Windows\Temp\tmp0000000132065b11eac2d69b (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\Temp\tmp00000001391a16854da50208 (Trojan.Dropper) -> Quarantined and deleted successfully.
         
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4757

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

06.10.2010 21:37:46
mbam-log-2010-10-06 (21-37-46).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 249642
Laufzeit: 59 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
D:\Programme\MIRANDA Messenger\Plugin Backups\autorun.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
         

Danke für die Hilfe
__________________

Alt 01.02.2012, 13:22   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
von meinem WEB.DE Account werden Spam-Mails verschickt - Standard

von meinem WEB.DE Account werden Spam-Mails verschickt



Zitat:
D:\Installationen\SkypeLauncher.exe möglicherweise Variante von Win32/Bifrose.ECDRBXB
Aus welcher Quelle ist SkypeLauncher? Ich will das wissen um einschätzen zu können ob das eher ein Fehlalarm ist oder nicht
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 01.02.2012, 18:36   #5
cska133
 
von meinem WEB.DE Account werden Spam-Mails verschickt - Standard

von meinem WEB.DE Account werden Spam-Mails verschickt



oh waja, das ist ewig her, keine ahnung!
Auf jeden Fall das benutze ich nicht und habe nie benutzt. Also löschen oder?


Alt 02.02.2012, 12:27   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
von meinem WEB.DE Account werden Spam-Mails verschickt - Standard

von meinem WEB.DE Account werden Spam-Mails verschickt



Ja dann lösch es einfach
__________________
--> von meinem WEB.DE Account werden Spam-Mails verschickt

Alt 03.02.2012, 13:25   #7
cska133
 
von meinem WEB.DE Account werden Spam-Mails verschickt - Standard

von meinem WEB.DE Account werden Spam-Mails verschickt



ja, und sonst was noch? Es wurden andere Sachen bzw. in früheren Scans gefunden?
Ist das alles ?

Alt 03.02.2012, 13:58   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
von meinem WEB.DE Account werden Spam-Mails verschickt - Standard

von meinem WEB.DE Account werden Spam-Mails verschickt



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.02.2012, 18:10   #9
cska133
 
von meinem WEB.DE Account werden Spam-Mails verschickt - Standard

von meinem WEB.DE Account werden Spam-Mails verschickt



OTL.txt

Code:
ATTFilter
OTL logfile created on: 10.02.2012 15:46:02 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Jatak81\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,84 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 50,92% Memory free
7,68 Gb Paging File | 5,76 Gb Available in Paging File | 75,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 190,74 Gb Free Space | 81,90% Space Free | Partition Type: NTFS
Drive D: | 232,49 Gb Total Space | 180,68 Gb Free Space | 77,71% Space Free | Partition Type: NTFS
 
Computer Name: JATAK_81 | User Name: Jatak81 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.02.10 15:38:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jatak81\Desktop\OTL.exe
PRC - [2012.01.16 14:15:14 | 000,924,632 | ---- | M] (Mozilla Corporation) -- D:\Programme\FIREFOX Browser\firefox.exe
PRC - [2012.01.16 14:15:09 | 000,016,856 | ---- | M] (Mozilla Corporation) -- D:\Programme\FIREFOX Browser\plugin-container.exe
PRC - [2012.01.03 14:10:44 | 001,494,424 | ---- | M] (Adobe Systems Incorporated) -- D:\Programme\ADOBE Reader\Reader\AcroRd32.exe
PRC - [2011.11.28 19:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- D:\Programme\AVAST AntiVirus\Alwil Software\Avast5\AvastUI.exe
PRC - [2011.11.16 21:13:28 | 001,613,824 | ---- | M] (Mortal Universe) -- D:\Programme\POP Peeper\POPPeeper.exe
PRC - [2010.05.20 23:59:32 | 000,305,152 | ---- | M] (OpenOffice.org) -- D:\Programme\OpenOffice\OpenOffice.org 3\program\swriter.exe
PRC - [2010.05.20 23:59:30 | 011,312,128 | ---- | M] (OpenOffice.org) -- D:\Programme\OpenOffice\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.20 23:59:28 | 011,318,784 | ---- | M] (OpenOffice.org) -- D:\Programme\OpenOffice\OpenOffice.org 3\program\soffice.exe
PRC - [2010.03.04 15:30:10 | 000,095,744 | ---- | M] (CrispyBytes Software) -- D:\Programme\DateInTray\DateInTray.exe
PRC - [2009.09.12 15:31:36 | 000,357,384 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009.09.12 15:30:48 | 005,048,488 | ---- | M] (Acronis) -- D:\Programme\ACRONIS TrueImage Backup Tool\TrueImageMonitor.exe
PRC - [2008.05.21 20:16:42 | 001,077,248 | ---- | M] (Singer's Creations) -- D:\Programme\Weather Watcher\ww.exe
PRC - [2007.09.25 22:18:54 | 000,561,152 | ---- | M] (UASSOFT.COM) -- C:\Program Files (x86)\Multimedia Mouse Driver\V5\KMProcess.exe
PRC - [2007.09.17 21:51:14 | 001,470,464 | ---- | M] (UASSOFT.COM) -- C:\Program Files (x86)\Multimedia Mouse Driver\V5\KMConfig.exe
PRC - [2007.03.06 13:51:14 | 000,212,992 | ---- | M] (UASSOFT.COM) -- C:\Program Files (x86)\Multimedia Mouse Driver\V5\StartAutorun.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.01.20 20:39:12 | 000,045,568 | ---- | M] () -- C:\Users\Jatak81\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_weblink.DEU
MOD - [2012.01.18 20:11:37 | 000,014,336 | ---- | M] () -- C:\Users\Jatak81\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_Updater.DEU
MOD - [2012.01.16 17:20:39 | 002,529,792 | ---- | M] () -- C:\Users\Jatak81\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_Annots.DEU
MOD - [2012.01.16 17:20:38 | 001,180,160 | ---- | M] () -- C:\Users\Jatak81\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_PPKLite.DEU
MOD - [2012.01.16 17:20:38 | 000,100,352 | ---- | M] () -- C:\Users\Jatak81\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_EScript.DEU
MOD - [2012.01.16 17:20:37 | 001,311,744 | ---- | M] () -- C:\Users\Jatak81\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_AcroForm.DEU
MOD - [2012.01.16 17:20:37 | 000,316,416 | ---- | M] () -- C:\Users\Jatak81\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_DigSig.DEU
MOD - [2012.01.16 17:20:15 | 009,387,520 | ---- | M] () -- C:\Users\Jatak81\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_rdlang32.deu
MOD - [2012.01.16 14:15:13 | 002,124,760 | ---- | M] () -- D:\Programme\FIREFOX Browser\mozjs.dll
MOD - [2012.01.03 14:10:48 | 000,056,832 | ---- | M] () -- D:\Programme\ADOBE Reader\Reader\Locale\de_DE\BRdlang32.DEU
MOD - [2012.01.03 14:10:44 | 000,249,232 | ---- | M] () -- D:\Programme\ADOBE Reader\Reader\sqlite.dll
MOD - [2011.11.17 00:12:17 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011.01.12 18:10:21 | 000,166,400 | ---- | M] () -- D:\Programme\OpenOffice\OpenOffice.org 3\program\libxslt.dll
MOD - [2010.05.04 15:36:28 | 000,970,752 | ---- | M] () -- D:\Programme\OpenOffice\OpenOffice.org 3\program\libxml2.dll
MOD - [2007.08.05 21:53:32 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Multimedia Mouse Driver\V5\MouseHook.dll
MOD - [2007.08.05 20:31:02 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\Multimedia Mouse Driver\V5\keydll.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.08.27 13:38:22 | 000,251,760 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2009.08.05 14:20:12 | 000,488,800 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009.08.04 11:15:06 | 000,826,224 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2009.08.03 17:17:56 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009.07.28 14:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- D:\Programme\AVAST AntiVirus\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011.06.14 19:46:31 | 001,355,968 | ---- | M] (Lavasoft) [Disabled | Stopped] -- D:\Programme\AD-AWARE (Lavasoft) AntiSpyware Tool\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011.01.17 22:30:48 | 002,466,032 | ---- | M] (COMODO) [Auto | Running] -- D:\Programme\COMODO Firewall\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2010.06.29 15:46:44 | 002,326,920 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2009.09.12 15:32:46 | 000,891,432 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009.08.17 10:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009.08.10 19:55:58 | 000,248,688 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009.08.06 15:02:50 | 000,116,104 | ---- | M] (Toshiba Europe GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO)
SRV - [2009.07.14 19:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.22 19:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009.03.10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007.04.13 20:09:56 | 000,792,112 | ---- | M] (Nero AG) [On_Demand | Stopped] -- D:\Programme\NERO Burning\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2003.02.04 07:22:30 | 000,181,312 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ScsiAccess.EXE -- (ScsiAccess)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.11.28 18:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011.11.28 18:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011.11.28 18:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011.11.28 18:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011.11.28 18:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011.11.28 18:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.06.29 19:45:41 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2010.06.29 15:46:46 | 000,250,400 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2010.06.29 15:46:41 | 001,455,648 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm251.sys -- (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251)
DRV:64bit: - [2010.06.29 15:46:39 | 000,929,312 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2010.06.29 15:46:33 | 000,254,496 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2010.06.09 16:10:16 | 000,046,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nm3.sys -- (nm3)
DRV:64bit: - [2010.03.31 03:10:18 | 000,450,048 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8187B.sys -- (RTL8187B)
DRV:64bit: - [2009.08.27 08:07:06 | 007,369,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.07.30 20:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009.07.30 19:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009.07.30 17:46:22 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.07.24 15:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009.07.20 17:48:32 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.07.14 15:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.10 06:45:12 | 000,139,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2009.06.22 17:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009.06.20 03:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.06.19 19:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.04 17:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.05.22 21:52:30 | 000,215,040 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: D:\Programme\VLC MediaPlayer\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.4: D:\Programme\VLC MediaPlayer\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Programme\ADOBE Reader\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@sun.com/npsopluginmi;version=1.0: D:\Programme\OpenOffice\OpenOffice.org 3\program [2011.01.12 18:09:59 | 000,000,000 | ---D | M]
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: D:\Programme\AVAST AntiVirus\Alwil Software\Avast5\WebRep\FF [2011.12.29 21:05:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: D:\Programme\FIREFOX Browser\components [2012.01.16 14:15:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: D:\Programme\FIREFOX Browser\plugins [2012.01.14 21:35:45 | 000,000,000 | ---D | M]
 
[2010.01.19 20:29:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Extensions
[2011.12.28 19:00:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL\extensions
[2011.11.25 19:48:20 | 000,000,000 | ---D | M] (Old Location Bar) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0}
[2011.11.25 19:48:20 | 000,000,000 | ---D | M] (External Application Buttons [de]) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL\extensions\{8ea2f18c-4168-4331-95b8-f7f30c253612}
[2011.11.25 19:48:23 | 000,000,000 | ---D | M] (NoUn Buttons) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL\extensions\{99f30549-35d4-11d9-8a2a-396c6e707e82}
[2011.12.09 21:11:40 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.12.28 19:00:30 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.11.26 18:36:26 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011.11.25 19:48:20 | 000,000,000 | ---D | M] (Custom Buttons) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL\extensions\custombuttons@xsms.org
[2011.11.25 19:48:19 | 000,000,000 | ---D | M] (Custom Buttons²) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL\extensions\CustomButtons2@cbtnext.org
[2011.11.16 20:53:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (1)\extensions
[2011.11.16 20:53:29 | 000,000,000 | ---D | M] (Panic Button) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (1)\extensions\{24cea704-946d-11da-a72b-0800200c9a66}
[2011.11.16 20:53:29 | 000,000,000 | ---D | M] (Old Location Bar) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (1)\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0}
[2011.11.16 20:53:30 | 000,000,000 | ---D | M] (Clear Cache Button) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (1)\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}
[2011.11.16 20:53:30 | 000,000,000 | ---D | M] (IE View) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (1)\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2011.11.16 20:53:30 | 000,000,000 | ---D | M] (External Application Buttons [de]) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (1)\extensions\{8ea2f18c-4168-4331-95b8-f7f30c253612}
[2011.11.16 20:53:30 | 000,000,000 | ---D | M] (Update Notifier [de]) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (1)\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2011.11.16 20:53:33 | 000,000,000 | ---D | M] (NoUn Buttons) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (1)\extensions\{99f30549-35d4-11d9-8a2a-396c6e707e82}
[2011.11.16 20:53:33 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (1)\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.11.16 20:53:34 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (1)\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2011.11.16 20:53:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (1)\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.11.16 20:53:29 | 000,000,000 | ---D | M] (Custom Buttons) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (1)\extensions\custombuttons@xsms.org
[2011.11.16 20:53:29 | 000,000,000 | ---D | M] (Custom Buttons²) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (1)\extensions\CustomButtons2@cbtnext.org
[2011.11.24 17:16:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (2)\extensions
[2011.11.24 17:16:06 | 000,000,000 | ---D | M] (Old Location Bar) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (2)\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0}
[2011.11.24 17:16:06 | 000,000,000 | ---D | M] (External Application Buttons [de]) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (2)\extensions\{8ea2f18c-4168-4331-95b8-f7f30c253612}
[2011.11.24 17:16:09 | 000,000,000 | ---D | M] (NoUn Buttons) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (2)\extensions\{99f30549-35d4-11d9-8a2a-396c6e707e82}
[2011.11.24 17:16:09 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (2)\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.11.24 17:16:10 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (2)\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.11.24 17:16:05 | 000,000,000 | ---D | M] (Custom Buttons) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (2)\extensions\custombuttons@xsms.org
[2011.11.24 17:16:05 | 000,000,000 | ---D | M] (Custom Buttons²) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (2)\extensions\CustomButtons2@cbtnext.org
[2011.11.25 19:44:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (3)\extensions
[2011.11.25 19:44:30 | 000,000,000 | ---D | M] (Old Location Bar) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (3)\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0}
[2011.11.25 19:44:30 | 000,000,000 | ---D | M] (External Application Buttons [de]) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (3)\extensions\{8ea2f18c-4168-4331-95b8-f7f30c253612}
[2011.11.25 19:44:32 | 000,000,000 | ---D | M] (NoUn Buttons) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (3)\extensions\{99f30549-35d4-11d9-8a2a-396c6e707e82}
[2011.11.25 19:44:32 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (3)\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.11.25 19:44:33 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (3)\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.11.25 19:44:30 | 000,000,000 | ---D | M] (Custom Buttons) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (3)\extensions\custombuttons@xsms.org
[2011.11.25 19:44:29 | 000,000,000 | ---D | M] (Custom Buttons²) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (3)\extensions\CustomButtons2@cbtnext.org
[2011.08.23 20:54:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\0s4fkwt4.default (0)\extensions
[2011.07.19 15:50:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\0s4fkwt4.default (0)\extensions\trash
[2011.07.13 00:35:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\1n8kfg9y.default (1)\extensions
[2011.07.13 00:01:45 | 000,000,000 | ---D | M] (Panic Button) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\1n8kfg9y.default (1)\extensions\{24cea704-946d-11da-a72b-0800200c9a66}
[2011.07.13 00:01:45 | 000,000,000 | ---D | M] (Old Location Bar) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\1n8kfg9y.default (1)\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0}
[2011.07.13 00:01:45 | 000,000,000 | ---D | M] (Clear Cache Button) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\1n8kfg9y.default (1)\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}
[2011.07.13 00:01:45 | 000,000,000 | ---D | M] (IE View) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\1n8kfg9y.default (1)\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2011.07.13 00:01:45 | 000,000,000 | ---D | M] (External Application Buttons [de]) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\1n8kfg9y.default (1)\extensions\{8ea2f18c-4168-4331-95b8-f7f30c253612}
[2011.07.13 00:01:45 | 000,000,000 | ---D | M] (Update Notifier [de]) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\1n8kfg9y.default (1)\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2011.07.13 00:01:46 | 000,000,000 | ---D | M] (NoUn Buttons) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\1n8kfg9y.default (1)\extensions\{99f30549-35d4-11d9-8a2a-396c6e707e82}
[2011.07.13 00:33:59 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\1n8kfg9y.default (1)\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.07.13 00:01:47 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\1n8kfg9y.default (1)\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2011.07.13 00:01:47 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\1n8kfg9y.default (1)\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.07.13 00:01:45 | 000,000,000 | ---D | M] (Custom Buttons) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\1n8kfg9y.default (1)\extensions\custombuttons@xsms.org
[2011.07.13 00:01:44 | 000,000,000 | ---D | M] (Custom Buttons²) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\1n8kfg9y.default (1)\extensions\CustomButtons2@cbtnext.org
[2011.11.25 19:07:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\2nlcv4u9.zum Test & Loeschen\extensions
[2011.11.04 18:52:48 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\2nlcv4u9.zum Test & Loeschen\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.11.25 19:07:14 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\2nlcv4u9.zum Test & Loeschen\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.11.25 19:00:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\2nlcv4u9.zum Test & Loeschen - Kopie\extensions
[2011.11.25 19:00:03 | 000,000,000 | ---D | M] (Panic Button) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\2nlcv4u9.zum Test & Loeschen - Kopie\extensions\{24cea704-946d-11da-a72b-0800200c9a66}
[2011.11.25 19:00:03 | 000,000,000 | ---D | M] (Old Location Bar) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\2nlcv4u9.zum Test & Loeschen - Kopie\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0}
[2011.11.25 19:00:04 | 000,000,000 | ---D | M] (External Application Buttons [de]) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\2nlcv4u9.zum Test & Loeschen - Kopie\extensions\{8ea2f18c-4168-4331-95b8-f7f30c253612}
[2011.11.25 19:00:04 | 000,000,000 | ---D | M] (Update Notifier [de]) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\2nlcv4u9.zum Test & Loeschen - Kopie\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2011.11.25 19:00:07 | 000,000,000 | ---D | M] (NoUn Buttons) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\2nlcv4u9.zum Test & Loeschen - Kopie\extensions\{99f30549-35d4-11d9-8a2a-396c6e707e82}
[2011.11.25 19:00:07 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\2nlcv4u9.zum Test & Loeschen - Kopie\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.11.25 19:00:08 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\2nlcv4u9.zum Test & Loeschen - Kopie\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2011.11.25 19:00:09 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\2nlcv4u9.zum Test & Loeschen - Kopie\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.11.25 19:00:10 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\2nlcv4u9.zum Test & Loeschen - Kopie\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011.11.25 19:00:03 | 000,000,000 | ---D | M] (Custom Buttons) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\2nlcv4u9.zum Test & Loeschen - Kopie\extensions\custombuttons@xsms.org
[2011.11.25 19:00:02 | 000,000,000 | ---D | M] (Custom Buttons²) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\2nlcv4u9.zum Test & Loeschen - Kopie\extensions\CustomButtons2@cbtnext.org
[2011.01.31 22:31:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\cbfyyiyv.Profil wegen RTF+DOC\extensions
[2011.07.12 23:40:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default\extensions
[2010.04.13 19:20:24 | 000,000,000 | ---D | M] (Panic Button) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default\extensions\{24cea704-946d-11da-a72b-0800200c9a66}
[2011.04.04 08:51:23 | 000,000,000 | ---D | M] (Old Location Bar) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0}
[2010.04.13 19:20:19 | 000,000,000 | ---D | M] (Clear Cache Button) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}
[2010.04.13 19:20:24 | 000,000,000 | ---D | M] (IE View) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2010.04.13 19:20:24 | 000,000,000 | ---D | M] (External Application Buttons [de]) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default\extensions\{8ea2f18c-4168-4331-95b8-f7f30c253612}
[2010.04.13 19:20:24 | 000,000,000 | ---D | M] (Update Notifier [de]) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2010.04.13 19:20:19 | 000,000,000 | ---D | M] (NoUn Buttons) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default\extensions\{99f30549-35d4-11d9-8a2a-396c6e707e82}
[2011.04.08 14:08:06 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010.06.11 22:34:03 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2011.06.23 10:44:03 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.06.23 10:43:13 | 000,000,000 | ---D | M] (Custom Buttons) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default\extensions\custombuttons@xsms.org
[2010.04.13 19:20:22 | 000,000,000 | ---D | M] (Custom Buttons²) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default\extensions\CustomButtons2@cbtnext.org
[2010.01.19 20:29:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default - Kopie\extensions
[2010.03.18 19:57:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default - Original\extensions
[2010.03.18 19:57:34 | 000,000,000 | ---D | M] (Panic Button) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default - Original\extensions\{24cea704-946d-11da-a72b-0800200c9a66}
[2010.03.18 19:57:34 | 000,000,000 | ---D | M] (Old Location Bar) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default - Original\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0}
[2010.03.18 19:57:34 | 000,000,000 | ---D | M] (Clear Cache Button) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default - Original\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}
[2010.03.18 19:57:34 | 000,000,000 | ---D | M] (IE View) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default - Original\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2010.03.18 19:57:35 | 000,000,000 | ---D | M] (Googlebar Lite) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default - Original\extensions\{79c50f9a-2ffe-4ee0-8a37-fae4f5dacd4f}
[2010.03.18 19:57:35 | 000,000,000 | ---D | M] (External Application Buttons [de]) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default - Original\extensions\{8ea2f18c-4168-4331-95b8-f7f30c253612}
[2010.03.18 19:57:35 | 000,000,000 | ---D | M] (Update Notifier [de]) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default - Original\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2010.03.18 19:57:36 | 000,000,000 | ---D | M] (NoUn Buttons) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default - Original\extensions\{99f30549-35d4-11d9-8a2a-396c6e707e82}
[2010.03.18 19:57:37 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default - Original\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.03.18 19:57:30 | 000,000,000 | ---D | M] (Cache Status) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default - Original\extensions\cache@status.org
[2010.03.18 19:57:32 | 000,000,000 | ---D | M] (Custom Buttons²) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default - Original\extensions\CustomButtons2@cbtnext.org
[2010.03.18 19:57:32 | 000,000,000 | ---D | M] ("Searchbar Autocomplete Order") -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default - Original\extensions\searchbarAutocompleteOrder@alice
[2010.03.18 19:57:34 | 000,000,000 | ---D | M] (SQLite Manager) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default - Original\extensions\SQLiteManager@mrinalkant.blogspot.com
[2011.11.25 18:58:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\nrz0inro.0000000000000000\extensions
[2011.11.24 17:07:33 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\nrz0inro.0000000000000000\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.11.25 18:58:26 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\nrz0inro.0000000000000000\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.11.16 21:44:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\osaut18e.WEGEN_FLACKERTN\extensions
[2011.11.16 21:14:29 | 000,000,000 | ---D | M] (Panic Button) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\osaut18e.WEGEN_FLACKERTN\extensions\{24cea704-946d-11da-a72b-0800200c9a66}
[2011.11.16 21:14:29 | 000,000,000 | ---D | M] (Old Location Bar) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\osaut18e.WEGEN_FLACKERTN\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0}
[2011.11.16 21:14:29 | 000,000,000 | ---D | M] (Clear Cache Button) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\osaut18e.WEGEN_FLACKERTN\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}
[2011.11.16 21:14:30 | 000,000,000 | ---D | M] (External Application Buttons [de]) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\osaut18e.WEGEN_FLACKERTN\extensions\{8ea2f18c-4168-4331-95b8-f7f30c253612}
[2011.11.16 21:14:30 | 000,000,000 | ---D | M] (Update Notifier [de]) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\osaut18e.WEGEN_FLACKERTN\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2011.11.16 21:14:31 | 000,000,000 | ---D | M] (NoUn Buttons) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\osaut18e.WEGEN_FLACKERTN\extensions\{99f30549-35d4-11d9-8a2a-396c6e707e82}
[2011.11.16 21:14:31 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\osaut18e.WEGEN_FLACKERTN\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.11.16 21:14:32 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\osaut18e.WEGEN_FLACKERTN\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2011.11.16 21:44:45 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\osaut18e.WEGEN_FLACKERTN\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.11.16 21:14:29 | 000,000,000 | ---D | M] (Custom Buttons) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\osaut18e.WEGEN_FLACKERTN\extensions\custombuttons@xsms.org
[2011.11.16 21:14:29 | 000,000,000 | ---D | M] (Custom Buttons²) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\osaut18e.WEGEN_FLACKERTN\extensions\CustomButtons2@cbtnext.org
[2011.01.31 21:05:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\qcy11sxi.Ganz-ganz_NEU\extensions
[2010.03.01 16:23:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\rm5kexch.Ganz_NEU\extensions
[2012.01.16 14:22:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\rpa4aq9j.NEU\extensions
[2011.08.23 20:45:08 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\rpa4aq9j.NEU\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.01.16 14:22:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\rpa4aq9j.NEU\extensions\staged
[2011.12.02 21:05:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\xwdndx2p.________\extensions
[2011.11.25 19:17:51 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\xwdndx2p.________\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.11.25 19:17:52 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\xwdndx2p.________\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.11.25 15:55:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\xwdndx2p.________ - Kopie\extensions
[2011.11.25 19:31:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\zoen1t1f.Standard-Benutzer\extensions
[2011.11.25 19:31:58 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\zoen1t1f.Standard-Benutzer\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] D:\Programme\COMODO Firewall\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast5] D:\Programme\AVAST AntiVirus\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [KMConfig] "C:\Program Files (x86)\Multimedia Mouse Driver\V5\StartAutorun.exe" KMConfig.exe File not found
O4 - HKLM..\Run: [TrueImageMonitor.exe] D:\Programme\ACRONIS TrueImage Backup Tool\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [tuloxFreeWBF]  File not found
O4 - HKCU..\Run: [DateInTray] D:\Programme\DateInTray\DateInTray.exe (CrispyBytes Software)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKCU..\Run: [WeatherWatcher] D:\Programme\Weather Watcher\ww.exe (Singer's Creations)
O4 - HKLM..\RunOnceEx: []  File not found
O4 - Startup: C:\Users\Jatak81\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\POP Peeper.lnk = D:\Programme\POP Peeper\POPPeeper.exe (Mortal Universe)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = Reg Error: Unknown registry data type File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {72376E32-8AF2-473F-BE32-E5D0F39C865D} hxxp://www.cyberlink.com/prog/win7/js/UpdateAdvisor.cab (CUpdateAdvisorCtrl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 195.50.140.182 195.50.140.114
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18837B9E-14C3-4626-ABAA-05812D25A579}: DhcpNameServer = 192.168.1.1 195.50.140.182 195.50.140.114
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18837B9E-14C3-4626-ABAA-05812D25A579}: NameServer = 192.168.1.1,195.50.140.182
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6556F80-DEDB-4C79-BEDB-9EB447F983CF}: DhcpNameServer = 192.168.1.1 195.50.140.182 195.50.140.114
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) -C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
O37 - HKLM\...exe [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
 
 
MsConfig:64bit - StartUpFolder: C:^Users^Jatak81^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^TRDCReminder.lnk - C:\PROGRA~2\TOSHIBA\TRDCRE~1\TRDCRE~1.EXE - (TOSHIBA Europe)
MsConfig:64bit - StartUpReg: 00TCrdMain - hkey= - key= - C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - D:\Programme\ADOBE Reader\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: CheckPoint Cleanup - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: HWSetup - hkey= - key= - C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
MsConfig:64bit - StartUpReg: KeNotify - hkey= - key= - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
MsConfig:64bit - StartUpReg: mcagent_exe - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: SmartFaceVWatcher - hkey= - key= - C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: SmoothView - hkey= - key= - C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: SVPWUTIL - hkey= - key= - C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
MsConfig:64bit - StartUpReg: Teco - hkey= - key= - C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: TOSHIBA Online Product Information - hkey= - key= - C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
MsConfig:64bit - StartUpReg: Toshiba Registration - hkey= - key= - C:\Programme\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
MsConfig:64bit - StartUpReg: Toshiba TEMPRO - hkey= - key= - C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
MsConfig:64bit - StartUpReg: ToshibaServiceStation - hkey= - key= - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: TosNC - hkey= - key= - C:\Programme\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: TosReelTimeMonitor - hkey= - key= - C:\Programme\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: TosSENotify - hkey= - key= - C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: TosWaitSrv - hkey= - key= - C:\Programme\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: TPwrMain - hkey= - key= - C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: TWebCamera - hkey= - key= - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
MsConfig:64bit - StartUpReg: WinampAgent - hkey= - key= - D:\Programme\WinAmp\winampa.exe ()
MsConfig:64bit - StartUpReg: ZoneAlarm Client - hkey= - key= -  File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - D:\Programme\AD-AWARE (Lavasoft) AntiSpyware Tool\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: MCODS - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MpfService - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: vsmon - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Lavasoft Ad-Aware Service - D:\Programme\AD-AWARE (Lavasoft) AntiSpyware Tool\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: vsmon - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{1DE4C716-4A8E-44BE-A053-EF43EEAE57F6} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\Windows\SysWow64\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.10 15:38:45 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Jatak81\Desktop\OTL.exe
[2012.01.24 12:02:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.10 15:47:39 | 000,095,203 | ---- | M] () -- C:\Users\Jatak81\Desktop\HARRIS--How You Sound.pdf
[2012.02.10 15:42:02 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.10 15:38:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jatak81\Desktop\OTL.exe
[2012.02.10 14:51:32 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.10 09:53:34 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.10 09:53:34 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.10 09:44:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.10 09:44:55 | 3092,938,752 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.08 19:59:48 | 002,161,367 | ---- | M] () -- C:\Users\Jatak81\Desktop\Bewerbung Krastev.zip
[2012.02.03 22:34:18 | 000,104,626 | ---- | M] () -- C:\Users\Jatak81\Desktop\runner-up_essay_choi10.pdf
[2012.01.24 19:07:17 | 000,067,827 | ---- | M] () -- C:\Users\Jatak81\Desktop\Immatrikulation(2).pdf
[2012.01.16 18:54:46 | 001,491,530 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.01.16 18:54:46 | 000,658,478 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.01.16 18:54:46 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.01.16 18:54:46 | 000,130,950 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.01.16 18:54:46 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.10 15:47:39 | 000,095,203 | ---- | C] () -- C:\Users\Jatak81\Desktop\HARRIS--How You Sound.pdf
[2012.02.03 22:34:18 | 000,104,626 | ---- | C] () -- C:\Users\Jatak81\Desktop\runner-up_essay_choi10.pdf
[2012.01.24 19:07:17 | 000,067,827 | ---- | C] () -- C:\Users\Jatak81\Desktop\Immatrikulation(2).pdf
[2012.01.16 16:09:13 | 000,001,155 | ---- | C] () -- C:\Users\Jatak81\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype - Verknüpfung.lnk
[2011.12.16 22:47:01 | 006,050,070 | ---- | C] () -- C:\Users\Jatak81\AppData\Local\census.cache
[2011.12.16 22:46:25 | 000,125,538 | ---- | C] () -- C:\Users\Jatak81\AppData\Local\ars.cache
[2011.12.16 22:33:30 | 000,000,036 | ---- | C] () -- C:\Users\Jatak81\AppData\Local\housecall.guid.cache
[2011.11.19 13:50:17 | 000,003,584 | ---- | C] () -- C:\Users\Jatak81\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.09.03 16:23:16 | 000,000,001 | ---- | C] () -- C:\Users\Jatak81\AppData\Local\llftool.4.05.agreement
[2011.05.17 21:27:12 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.10.15 23:14:41 | 000,007,668 | ---- | C] () -- C:\Users\Jatak81\AppData\Local\resmon.resmoncfg
[2010.08.31 12:32:31 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2010.07.25 20:06:21 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
[2010.07.14 19:22:32 | 000,000,022 | ---- | C] () -- C:\Windows\kodakpcd.ini
[2010.05.27 16:55:41 | 000,024,575 | ---- | C] () -- C:\Windows\SysWow64\Usengwinsyspios.dll
[2010.05.27 15:20:31 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2009.08.27 08:05:12 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009.08.27 08:05:12 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009.08.27 08:05:12 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009.08.27 08:05:12 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009.04.28 03:37:00 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\SPCtl.dll
[2009.01.05 13:44:10 | 000,053,248 | ---- | C] () -- C:\Windows\bdoscandel.exe
[2009.01.05 13:44:10 | 000,000,483 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2003.02.04 07:22:30 | 000,181,312 | ---- | C] () -- C:\Windows\SysWow64\ScsiAccess.EXE
[2000.09.08 14:53:50 | 000,073,839 | ---- | C] () -- C:\Windows\SysWow64\KodakOneTouch.dll
 
========== LOP Check ==========
 
[2010.09.27 12:57:43 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\Acronis
[2011.12.22 23:22:21 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\Ashampoo
[2010.05.07 22:18:26 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\Ectaco
[2011.09.10 17:17:28 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\FreeAudioPack
[2010.01.27 21:35:08 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\LingvoSoft
[2010.01.27 23:06:56 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\OpenOffice.org
[2011.11.26 18:37:49 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\QuickScan
[2010.01.19 16:43:04 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\Toshiba
[2011.06.29 10:00:45 | 000,000,502 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011.11.18 13:27:55 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.09.27 12:57:43 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\Acronis
[2011.10.24 19:26:08 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\Adobe
[2010.07.27 12:34:30 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\Ahead
[2011.12.22 23:22:21 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\Ashampoo
[2011.10.09 17:20:37 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\dvdcss
[2010.05.07 22:18:26 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\Ectaco
[2011.09.10 17:17:28 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\FreeAudioPack
[2010.01.20 13:19:01 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\Google
[2010.01.19 16:33:41 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\Identities
[2010.01.27 21:35:08 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\LingvoSoft
[2009.09.08 09:13:26 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\Macromedia
[2010.10.06 19:30:34 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\Malwarebytes
[2009.07.14 19:18:18 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\Media Center Programs
[2011.10.24 19:26:08 | 000,000,000 | --SD | M] -- C:\Users\Jatak81\AppData\Roaming\Microsoft
[2011.08.23 19:01:58 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\Mozilla
[2010.01.27 23:06:56 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\OpenOffice.org
[2011.11.26 18:37:49 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\QuickScan
[2012.02.10 15:46:07 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\Skype
[2011.11.10 20:14:35 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\Skype - Kopie
[2010.01.19 16:43:04 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\Toshiba
[2011.08.12 20:13:13 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\vlc
 
< %APPDATA%\*.exe /s >
[2009.08.05 17:37:36 | 000,038,208 | ---- | M] () -- C:\Users\Jatak81\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.06.04 17:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009.06.04 17:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\drivers\iaStor.sys
[2009.06.04 17:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys
[2009.06.04 17:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:B755D674

< End of report >
         

Alt 10.02.2012, 18:12   #10
cska133
 
von meinem WEB.DE Account werden Spam-Mails verschickt - Standard

von meinem WEB.DE Account werden Spam-Mails verschickt



... und Extras.txt

Code:
ATTFilter
OTL Extras logfile created on: 10.02.2012 15:46:02 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Jatak81\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,84 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 50,92% Memory free
7,68 Gb Paging File | 5,76 Gb Available in Paging File | 75,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 190,74 Gb Free Space | 81,90% Space Free | Partition Type: NTFS
Drive D: | 232,49 Gb Total Space | 180,68 Gb Free Space | 77,71% Space Free | Partition Type: NTFS
 
Computer Name: JATAK_81 | User Name: Jatak81 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.chm [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.cmd [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.com [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.cpl [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.exe [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.hlp [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.hta [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.html [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.inf [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.ini [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.url [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.js [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.jse [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.pif [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.reg [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.scr [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.vbe [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.vbs [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.wsf [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.wsh [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programme\FIREFOX Browser\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VLC MediaPlayer\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "D:\Programme\CEWE-Fotobuch\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "D:\Programme\CEWE-Fotobuch\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "D:\Programme\VLC MediaPlayer\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Programme\WinAmp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Programme\WinAmp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Programme\WinAmp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- Reg Error: Key error.
batfile [open] -- Reg Error: Key error.
batfile [print] -- Reg Error: Key error.
chm.file [open] -- Reg Error: Key error.
cmdfile [edit] -- Reg Error: Key error.
cmdfile [open] -- Reg Error: Key error.
cmdfile [print] -- Reg Error: Key error.
comfile [open] -- Reg Error: Key error.
cplfile [cplopen] -- Reg Error: Key error.
exefile [open] -- Reg Error: Key error.
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- Reg Error: Key error.
htafile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- Reg Error: Key error.
inffile [open] -- Reg Error: Key error.
inffile [print] -- Reg Error: Key error.
inifile [open] -- Reg Error: Key error.
inifile [print] -- Reg Error: Key error.
InternetShortcut [open] -- Reg Error: Key error.
InternetShortcut [print] -- Reg Error: Key error.
jsfile [edit] -- Reg Error: Key error.
jsfile [open] -- Reg Error: Key error.
jsfile [print] -- Reg Error: Key error.
jsefile [edit] -- Reg Error: Key error.
jsefile [open] -- Reg Error: Key error.
jsefile [print] -- Reg Error: Key error.
piffile [open] -- Reg Error: Key error.
regfile [edit] -- Reg Error: Key error.
regfile [open] -- Reg Error: Key error.
regfile [merge] -- Reg Error: Key error.
regfile [print] -- Reg Error: Key error.
scrfile [config] -- Reg Error: Key error.
scrfile [install] -- Reg Error: Key error.
scrfile [open] -- Reg Error: Key error.
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- Reg Error: Key error.
txtfile [print] -- Reg Error: Key error.
txtfile [printto] -- Reg Error: Key error.
vbefile [edit] -- Reg Error: Key error.
vbefile [open] -- Reg Error: Key error.
vbefile [print] -- Reg Error: Key error.
vbsfile [edit] -- Reg Error: Key error.
vbsfile [open] -- Reg Error: Key error.
vbsfile [print] -- Reg Error: Key error.
wsffile [edit] -- Reg Error: Key error.
wsffile [open] -- Reg Error: Key error.
wsffile [print] -- Reg Error: Key error.
wshfile [open] -- Reg Error: Key error.
Unknown [openas] -- Reg Error: Key error.
Folder [open] -- Reg Error: Key error.
Folder [explore] -- Reg Error: Key error.
Drive [find] -- Reg Error: Key error.
Applications\iexplore.exe [open] -- Reg Error: Key error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}" = TOSHIBA Bulletin Board
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8C5B5A11-CBF8-451B-B201-77FAB0D0B77D}" = Microsoft Network Monitor 3.4
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963E5FEB-1367-46B9-851D-A957F1A3747F}" = Microsoft Network Monitor: NetworkMonitor Parsers 3.4
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C2DDF845-7107-40E8-8D2A-8719F1799570}" = TOSHIBA ReelTime
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CutePDF Writer Installation" = CutePDF Writer 2.8
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{015E4B8A-29B5-4AE3-BD08-38220FADFF4C}" = aspi
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0823A2E3-69DD-A37A-7CD9-1CBEB037545C}" = Toshiba Photo Service - powered by myphotobook
"{08F32589-5E39-42B8-8BC5-6A8126ED2A70}" = Microsoft Visual C++ 2008 Redistributable Package
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{10E98E14-832C-4AF7-A4D1-6A9EF83B282E}" = VCAMCEN
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 29
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{469730CC-78DF-4CD3-B286-562D459EA619}" = ESSCAM
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69BD6399-3D8F-45B7-81D9-819361F5101D}" = PCDLNCH
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{78F79C84-BFD5-4D79-A07D-F39A3CF428DC}" = HLPIndex
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}" = ESSCT
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00D1-0407-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (German)
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97A39919-9FEA-48B7-AB2B-4F99212D1E98}" = HDD Regenerator
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{9E4FF410-471F-49E3-9358-74FF0D5E9901}" = Toshiba TEMPRO
"{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}" = SFR2
"{A2104078-AAA5-449E-95DD-55C9443A1031}" = Nero 7 Essentials
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
"{A6F18A67-B771-4191-8A33-36D2E742D6D9}" = ESSANUP
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9495514-098A-4869-A464-C455857BC464}" = Multimedia Mouse Driver
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}" = Acronis True Image Home
"{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}" = SFR
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C82185E8-C27B-4EF4-2010-2222BC2C2B6D}" = Microsoft MapPoint Europa 2010
"{CA60320D-6A16-49C8-A34F-84EEF4799567}" = ESSTUTOR
"{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}" = ESSAdpt
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare Software
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E83BA61A-5D77-4DD5-9C92-A3447F11E27D}" = eBay
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2D0C1B1-80FF-46F9-BA61-33B01A07FAFC}" = HLPCCTR
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Ashampoo Burning Studio 2012_is1" = Ashampoo Burning Studio 2012 v10.0.15
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"CutePDF Professional (Evaluation)_is1" = CutePDF Professional 3.2 (Evaluation)
"DateInTray" = DateInTray 1.6
"ESET Online Scanner" = ESET Online Scanner v3
"eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Toshiba Photo Service - powered by myphotobook
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.4.0
"Gaberoff Koral Free German Dictionary 1.0" = Gaberoff Koral Free German Dictionary 1.0
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"Hard Disk Low Level Format Tool_is1" = Hard Disk Low Level Format Tool 4.05
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IconCool Editor v4.0" = IconCool Editor v4.0
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}" = TOSHIBA Bulletin Board
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{A9495514-098A-4869-A464-C455857BC464}" = Multimedia Mouse Driver
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{C2DDF845-7107-40E8-8D2A-8719F1799570}" = TOSHIBA ReelTime
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"LingvoSoft Dictionary German-Russian for Windows" = LingvoSoft Dictionary German-Russian for Windows
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Miranda IM" = Miranda IM 0.9.29
"MozBackup" = MozBackup 1.4.9
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"POP Peeper" = POP Peeper
"ReOrganize_is1" = ReOrganize!
"Revo Uninstaller" = Revo Uninstaller 1.91
"StrongDC++" = StrongDC++ 2.41
"The Treasures Of Montezuma" = The Treasures Of Montezuma
"The Treasures Of Montezuma 2" = The Treasures Of Montezuma 2
"tulox Freeware-Wörterbuch (Französisch)" = tulox Freeware-Wörterbuch (Französisch)
"VLC media player" = VLC media player 1.1.4
"Weather Watcher_is1" = Weather Watcher
"WildTangent toshiba Master Uninstall" = WildTangent-Spiele
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinZip" = WinZip
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 14.12.2011 12:23:33 | Computer Name = Jatak_81 | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert
 werden. "ESENT"-Fehler: -1032.
 
Error - 15.12.2011 06:13:51 | Computer Name = Jatak_81 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnscfg.exe, Version: 12.0.7600.16385,
 Zeitstempel: 0x4a5bd026  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16695,
 Zeitstempel: 0x4cc7b325  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000004b18f
ID
 des fehlerhaften Prozesses: 0xf84  Startzeit der fehlerhaften Anwendung: 0x01ccbb123c95ffec
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnscfg.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 7c018923-2705-11e1-bb57-002622f08946
 
Error - 15.12.2011 06:41:23 | Computer Name = Jatak_81 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnscfg.exe, Version: 12.0.7600.16385,
 Zeitstempel: 0x4a5bd026  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16695,
 Zeitstempel: 0x4cc7b325  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000053bca
ID
 des fehlerhaften Prozesses: 0x404  Startzeit der fehlerhaften Anwendung: 0x01ccbb161552062e
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnscfg.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 54c165f1-2709-11e1-bb57-002622f08946
 
Error - 17.12.2011 12:37:53 | Computer Name = Jatak_81 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnscfg.exe, Version: 12.0.7600.16385,
 Zeitstempel: 0x4a5bd026  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16695,
 Zeitstempel: 0x4cc7b325  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000053bca
ID
 des fehlerhaften Prozesses: 0xf28  Startzeit der fehlerhaften Anwendung: 0x01ccbcda36f55339
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnscfg.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 76aedc72-28cd-11e1-bb30-002622f08946
 
Error - 24.12.2011 09:54:15 | Computer Name = Jatak_81 | Source = ESENT | ID = 490
Description = Catalog Database (1076) Catalog Database: Versuch, Datei "C:\Windows\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
 für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
 Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
 wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
 
Error - 24.12.2011 09:54:16 | Computer Name = Jatak_81 | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert
 werden. "ESENT"-Fehler: -1032.
 
Error - 26.12.2011 10:21:06 | Computer Name = Jatak_81 | Source = ESENT | ID = 490
Description = Catalog Database (1100) Catalog Database: Versuch, Datei "C:\Windows\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
 für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
 Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
 wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
 
Error - 26.12.2011 10:21:06 | Computer Name = Jatak_81 | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert
 werden. "ESENT"-Fehler: -1032.
 
Error - 26.12.2011 10:21:19 | Computer Name = Jatak_81 | Source = ESENT | ID = 490
Description = Catalog Database (1100) Catalog Database: Versuch, Datei "C:\Windows\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
 für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
 Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
 wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
 
Error - 26.12.2011 10:21:19 | Computer Name = Jatak_81 | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert
 werden. "ESENT"-Fehler: -1032.
 
[ System Events ]
Error - 24.12.2011 09:57:22 | Computer Name = Jatak_81 | Source = Service Control Manager | ID = 7022
Description = Der Dienst "avast! Antivirus" wurde nicht richtig gestartet.
 
Error - 24.12.2011 10:08:59 | Computer Name = Jatak_81 | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.
 
Error - 26.12.2011 10:30:27 | Computer Name = Jatak_81 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet: 
  %%-2147023436
 
Error - 29.12.2011 16:55:46 | Computer Name = Jatak_81 | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 ConfigFree Service erreicht.
 
Error - 29.12.2011 16:55:46 | Computer Name = Jatak_81 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ConfigFree Service" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 30.12.2011 11:08:25 | Computer Name = Jatak_81 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet: 
  %%-2147023436
 
Error - 02.01.2012 17:22:37 | Computer Name = Jatak_81 | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows-Fehlerberichterstattungsdienst erreicht.
 
Error - 03.01.2012 06:25:24 | Computer Name = Jatak_81 | Source = Service Control Manager | ID = 7022
Description = Der Dienst "avast! Antivirus" wurde nicht richtig gestartet.
 
Error - 03.01.2012 06:46:44 | Computer Name = Jatak_81 | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Stromversorgung" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%0.
 
Error - 07.01.2012 10:38:51 | Computer Name = Jatak_81 | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.
 
 
< End of report >
         

Alt 10.02.2012, 19:48   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
von meinem WEB.DE Account werden Spam-Mails verschickt - Standard

von meinem WEB.DE Account werden Spam-Mails verschickt



Ich musste in der Zwischenzeit meinen OTL-Baustein updaten...sry geht um den Haken bei Scanne alle Benutzer

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.02.2012, 15:11   #12
cska133
 
von meinem WEB.DE Account werden Spam-Mails verschickt - Standard

von meinem WEB.DE Account werden Spam-Mails verschickt



otl.txt

Code:
ATTFilter
OTL logfile created on: 14.02.2012 14:49:24 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = D:\OTL
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,84 Gb Total Physical Memory | 2,37 Gb Available Physical Memory | 61,66% Memory free
7,68 Gb Paging File | 6,10 Gb Available in Paging File | 79,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 190,22 Gb Free Space | 81,68% Space Free | Partition Type: NTFS
Drive D: | 232,49 Gb Total Space | 180,71 Gb Free Space | 77,73% Space Free | Partition Type: NTFS
 
Computer Name: JATAK_81 | User Name: Jatak81 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.02.10 15:38:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\OTL\OTL.exe
PRC - [2012.01.16 14:15:14 | 000,924,632 | ---- | M] (Mozilla Corporation) -- D:\Programme\FIREFOX Browser\firefox.exe
PRC - [2012.01.16 14:15:09 | 000,016,856 | ---- | M] (Mozilla Corporation) -- D:\Programme\FIREFOX Browser\plugin-container.exe
PRC - [2011.11.28 19:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- D:\Programme\AVAST AntiVirus\Alwil Software\Avast5\AvastUI.exe
PRC - [2011.11.16 21:13:28 | 001,613,824 | ---- | M] (Mortal Universe) -- D:\Programme\POP Peeper\POPPeeper.exe
PRC - [2010.12.20 19:31:26 | 002,790,728 | ---- | M] (COMODO) -- D:\Programme\COMODO Firewall\COMODO\COMODO Internet Security\cfpupdat.exe
PRC - [2010.03.04 15:30:10 | 000,095,744 | ---- | M] (CrispyBytes Software) -- D:\Programme\DateInTray\DateInTray.exe
PRC - [2009.09.12 15:31:36 | 000,357,384 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009.09.12 15:30:48 | 005,048,488 | ---- | M] (Acronis) -- D:\Programme\ACRONIS TrueImage Backup Tool\TrueImageMonitor.exe
PRC - [2008.05.21 20:16:42 | 001,077,248 | ---- | M] (Singer's Creations) -- D:\Programme\Weather Watcher\ww.exe
PRC - [2007.09.25 22:18:54 | 000,561,152 | ---- | M] (UASSOFT.COM) -- C:\Program Files (x86)\Multimedia Mouse Driver\V5\KMProcess.exe
PRC - [2007.09.17 21:51:14 | 001,470,464 | ---- | M] (UASSOFT.COM) -- C:\Program Files (x86)\Multimedia Mouse Driver\V5\KMConfig.exe
PRC - [2007.03.06 13:51:14 | 000,212,992 | ---- | M] (UASSOFT.COM) -- C:\Program Files (x86)\Multimedia Mouse Driver\V5\StartAutorun.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.01.16 14:15:13 | 002,124,760 | ---- | M] () -- D:\Programme\FIREFOX Browser\mozjs.dll
MOD - [2011.11.17 00:12:17 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2007.08.05 21:53:32 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Multimedia Mouse Driver\V5\MouseHook.dll
MOD - [2007.08.05 20:31:02 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\Multimedia Mouse Driver\V5\keydll.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.08.27 13:38:22 | 000,251,760 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2009.08.05 14:20:12 | 000,488,800 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009.08.04 11:15:06 | 000,826,224 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2009.08.03 17:17:56 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009.07.28 14:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- D:\Programme\AVAST AntiVirus\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011.06.14 19:46:31 | 001,355,968 | ---- | M] (Lavasoft) [Disabled | Stopped] -- D:\Programme\AD-AWARE (Lavasoft) AntiSpyware Tool\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011.01.17 22:30:48 | 002,466,032 | ---- | M] (COMODO) [Auto | Running] -- D:\Programme\COMODO Firewall\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2010.06.29 15:46:44 | 002,326,920 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2009.09.12 15:32:46 | 000,891,432 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009.08.17 10:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009.08.10 19:55:58 | 000,248,688 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009.08.06 15:02:50 | 000,116,104 | ---- | M] (Toshiba Europe GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO)
SRV - [2009.07.14 19:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.22 19:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009.03.10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007.04.13 20:09:56 | 000,792,112 | ---- | M] (Nero AG) [On_Demand | Stopped] -- D:\Programme\NERO Burning\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2003.02.04 07:22:30 | 000,181,312 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ScsiAccess.EXE -- (ScsiAccess)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.11.28 18:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011.11.28 18:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011.11.28 18:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011.11.28 18:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011.11.28 18:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011.11.28 18:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.06.29 19:45:41 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2010.06.29 15:46:46 | 000,250,400 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2010.06.29 15:46:41 | 001,455,648 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm251.sys -- (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251)
DRV:64bit: - [2010.06.29 15:46:39 | 000,929,312 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2010.06.29 15:46:33 | 000,254,496 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2010.06.09 16:10:16 | 000,046,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nm3.sys -- (nm3)
DRV:64bit: - [2010.03.31 03:10:18 | 000,450,048 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8187B.sys -- (RTL8187B)
DRV:64bit: - [2009.08.27 08:07:06 | 007,369,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.07.30 20:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009.07.30 19:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009.07.30 17:46:22 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.07.24 15:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009.07.20 17:48:32 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.07.14 15:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.10 06:45:12 | 000,139,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2009.06.22 17:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009.06.20 03:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.06.19 19:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.04 17:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.05.22 21:52:30 | 000,215,040 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: D:\Programme\VLC MediaPlayer\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.4: D:\Programme\VLC MediaPlayer\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Programme\ADOBE Reader\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@sun.com/npsopluginmi;version=1.0: D:\Programme\OpenOffice\OpenOffice.org 3\program [2011.01.12 18:09:59 | 000,000,000 | ---D | M]
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: D:\Programme\AVAST AntiVirus\Alwil Software\Avast5\WebRep\FF [2011.12.29 21:05:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: D:\Programme\FIREFOX Browser\components [2012.01.16 14:15:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: D:\Programme\FIREFOX Browser\plugins [2012.01.14 21:35:45 | 000,000,000 | ---D | M]
 
[2010.01.19 20:29:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Extensions
[2011.12.28 19:00:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL\extensions
[2011.11.25 19:48:20 | 000,000,000 | ---D | M] (Old Location Bar) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0}
[2011.11.25 19:48:20 | 000,000,000 | ---D | M] (External Application Buttons [de]) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL\extensions\{8ea2f18c-4168-4331-95b8-f7f30c253612}
[2011.11.25 19:48:23 | 000,000,000 | ---D | M] (NoUn Buttons) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL\extensions\{99f30549-35d4-11d9-8a2a-396c6e707e82}
[2011.12.09 21:11:40 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.12.28 19:00:30 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.11.26 18:36:26 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011.11.25 19:48:20 | 000,000,000 | ---D | M] (Custom Buttons) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL\extensions\custombuttons@xsms.org
[2011.11.25 19:48:19 | 000,000,000 | ---D | M] (Custom Buttons&#178;) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL\extensions\CustomButtons2@cbtnext.org
[2011.11.16 20:53:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (1)\extensions
[2011.11.16 20:53:29 | 000,000,000 | ---D | M] (Panic Button) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (1)\extensions\{24cea704-946d-11da-a72b-0800200c9a66}
[2011.11.16 20:53:29 | 000,000,000 | ---D | M] (Old Location Bar) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (1)\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0}
[2011.11.16 20:53:30 | 000,000,000 | ---D | M] (Clear Cache Button) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (1)\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}
[2011.11.16 20:53:30 | 000,000,000 | ---D | M] (IE View) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (1)\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2011.11.16 20:53:30 | 000,000,000 | ---D | M] (External Application Buttons [de]) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (1)\extensions\{8ea2f18c-4168-4331-95b8-f7f30c253612}
[2011.11.16 20:53:30 | 000,000,000 | ---D | M] (Update Notifier [de]) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (1)\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2011.11.16 20:53:33 | 000,000,000 | ---D | M] (NoUn Buttons) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (1)\extensions\{99f30549-35d4-11d9-8a2a-396c6e707e82}
[2011.11.16 20:53:33 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (1)\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.11.16 20:53:34 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (1)\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2011.11.16 20:53:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (1)\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.11.16 20:53:29 | 000,000,000 | ---D | M] (Custom Buttons) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (1)\extensions\custombuttons@xsms.org
[2011.11.16 20:53:29 | 000,000,000 | ---D | M] (Custom Buttons&#178;) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (1)\extensions\CustomButtons2@cbtnext.org
[2011.11.24 17:16:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (2)\extensions
[2011.11.24 17:16:06 | 000,000,000 | ---D | M] (Old Location Bar) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (2)\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0}
[2011.11.24 17:16:06 | 000,000,000 | ---D | M] (External Application Buttons [de]) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (2)\extensions\{8ea2f18c-4168-4331-95b8-f7f30c253612}
[2011.11.24 17:16:09 | 000,000,000 | ---D | M] (NoUn Buttons) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (2)\extensions\{99f30549-35d4-11d9-8a2a-396c6e707e82}
[2011.11.24 17:16:09 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (2)\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.11.24 17:16:10 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (2)\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.11.24 17:16:05 | 000,000,000 | ---D | M] (Custom Buttons) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (2)\extensions\custombuttons@xsms.org
[2011.11.24 17:16:05 | 000,000,000 | ---D | M] (Custom Buttons&#178;) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (2)\extensions\CustomButtons2@cbtnext.org
[2011.11.25 19:44:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (3)\extensions
[2011.11.25 19:44:30 | 000,000,000 | ---D | M] (Old Location Bar) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (3)\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0}
[2011.11.25 19:44:30 | 000,000,000 | ---D | M] (External Application Buttons [de]) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (3)\extensions\{8ea2f18c-4168-4331-95b8-f7f30c253612}
[2011.11.25 19:44:32 | 000,000,000 | ---D | M] (NoUn Buttons) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (3)\extensions\{99f30549-35d4-11d9-8a2a-396c6e707e82}
[2011.11.25 19:44:32 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (3)\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.11.25 19:44:33 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (3)\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.11.25 19:44:30 | 000,000,000 | ---D | M] (Custom Buttons) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (3)\extensions\custombuttons@xsms.org
[2011.11.25 19:44:29 | 000,000,000 | ---D | M] (Custom Buttons&#178;) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (3)\extensions\CustomButtons2@cbtnext.org
[2011.08.23 20:54:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\0s4fkwt4.default (0)\extensions
[2011.07.19 15:50:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\0s4fkwt4.default (0)\extensions\trash
[2011.07.13 00:35:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\1n8kfg9y.default (1)\extensions
[2011.07.13 00:01:45 | 000,000,000 | ---D | M] (Panic Button) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\1n8kfg9y.default (1)\extensions\{24cea704-946d-11da-a72b-0800200c9a66}
[2011.07.13 00:01:45 | 000,000,000 | ---D | M] (Old Location Bar) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\1n8kfg9y.default (1)\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0}
[2011.07.13 00:01:45 | 000,000,000 | ---D | M] (Clear Cache Button) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\1n8kfg9y.default (1)\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}
[2011.07.13 00:01:45 | 000,000,000 | ---D | M] (IE View) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\1n8kfg9y.default (1)\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2011.07.13 00:01:45 | 000,000,000 | ---D | M] (External Application Buttons [de]) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\1n8kfg9y.default (1)\extensions\{8ea2f18c-4168-4331-95b8-f7f30c253612}
[2011.07.13 00:01:45 | 000,000,000 | ---D | M] (Update Notifier [de]) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\1n8kfg9y.default (1)\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2011.07.13 00:01:46 | 000,000,000 | ---D | M] (NoUn Buttons) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\1n8kfg9y.default (1)\extensions\{99f30549-35d4-11d9-8a2a-396c6e707e82}
[2011.07.13 00:33:59 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\1n8kfg9y.default (1)\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.07.13 00:01:47 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\1n8kfg9y.default (1)\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2011.07.13 00:01:47 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\1n8kfg9y.default (1)\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.07.13 00:01:45 | 000,000,000 | ---D | M] (Custom Buttons) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\1n8kfg9y.default (1)\extensions\custombuttons@xsms.org
[2011.07.13 00:01:44 | 000,000,000 | ---D | M] (Custom Buttons&#178;) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\1n8kfg9y.default (1)\extensions\CustomButtons2@cbtnext.org
[2011.11.25 19:07:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\2nlcv4u9.zum Test & Loeschen\extensions
[2011.11.04 18:52:48 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\2nlcv4u9.zum Test & Loeschen\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.11.25 19:07:14 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\2nlcv4u9.zum Test & Loeschen\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.11.25 19:00:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\2nlcv4u9.zum Test & Loeschen - Kopie\extensions
[2011.11.25 19:00:03 | 000,000,000 | ---D | M] (Panic Button) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\2nlcv4u9.zum Test & Loeschen - Kopie\extensions\{24cea704-946d-11da-a72b-0800200c9a66}
[2011.11.25 19:00:03 | 000,000,000 | ---D | M] (Old Location Bar) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\2nlcv4u9.zum Test & Loeschen - Kopie\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0}
[2011.11.25 19:00:04 | 000,000,000 | ---D | M] (External Application Buttons [de]) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\2nlcv4u9.zum Test & Loeschen - Kopie\extensions\{8ea2f18c-4168-4331-95b8-f7f30c253612}
[2011.11.25 19:00:04 | 000,000,000 | ---D | M] (Update Notifier [de]) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\2nlcv4u9.zum Test & Loeschen - Kopie\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2011.11.25 19:00:07 | 000,000,000 | ---D | M] (NoUn Buttons) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\2nlcv4u9.zum Test & Loeschen - Kopie\extensions\{99f30549-35d4-11d9-8a2a-396c6e707e82}
[2011.11.25 19:00:07 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\2nlcv4u9.zum Test & Loeschen - Kopie\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.11.25 19:00:08 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\2nlcv4u9.zum Test & Loeschen - Kopie\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2011.11.25 19:00:09 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\2nlcv4u9.zum Test & Loeschen - Kopie\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.11.25 19:00:10 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\2nlcv4u9.zum Test & Loeschen - Kopie\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011.11.25 19:00:03 | 000,000,000 | ---D | M] (Custom Buttons) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\2nlcv4u9.zum Test & Loeschen - Kopie\extensions\custombuttons@xsms.org
[2011.11.25 19:00:02 | 000,000,000 | ---D | M] (Custom Buttons&#178;) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\2nlcv4u9.zum Test & Loeschen - Kopie\extensions\CustomButtons2@cbtnext.org
[2011.01.31 22:31:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\cbfyyiyv.Profil wegen RTF+DOC\extensions
[2011.07.12 23:40:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default\extensions
[2010.04.13 19:20:24 | 000,000,000 | ---D | M] (Panic Button) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default\extensions\{24cea704-946d-11da-a72b-0800200c9a66}
[2011.04.04 08:51:23 | 000,000,000 | ---D | M] (Old Location Bar) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0}
[2010.04.13 19:20:19 | 000,000,000 | ---D | M] (Clear Cache Button) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}
[2010.04.13 19:20:24 | 000,000,000 | ---D | M] (IE View) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2010.04.13 19:20:24 | 000,000,000 | ---D | M] (External Application Buttons [de]) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default\extensions\{8ea2f18c-4168-4331-95b8-f7f30c253612}
[2010.04.13 19:20:24 | 000,000,000 | ---D | M] (Update Notifier [de]) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2010.04.13 19:20:19 | 000,000,000 | ---D | M] (NoUn Buttons) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default\extensions\{99f30549-35d4-11d9-8a2a-396c6e707e82}
[2011.04.08 14:08:06 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010.06.11 22:34:03 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2011.06.23 10:44:03 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.06.23 10:43:13 | 000,000,000 | ---D | M] (Custom Buttons) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default\extensions\custombuttons@xsms.org
[2010.04.13 19:20:22 | 000,000,000 | ---D | M] (Custom Buttons&#178;) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default\extensions\CustomButtons2@cbtnext.org
[2010.01.19 20:29:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default - Kopie\extensions
[2010.03.18 19:57:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default - Original\extensions
[2010.03.18 19:57:34 | 000,000,000 | ---D | M] (Panic Button) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default - Original\extensions\{24cea704-946d-11da-a72b-0800200c9a66}
[2010.03.18 19:57:34 | 000,000,000 | ---D | M] (Old Location Bar) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default - Original\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0}
[2010.03.18 19:57:34 | 000,000,000 | ---D | M] (Clear Cache Button) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default - Original\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}
[2010.03.18 19:57:34 | 000,000,000 | ---D | M] (IE View) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default - Original\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2010.03.18 19:57:35 | 000,000,000 | ---D | M] (Googlebar Lite) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default - Original\extensions\{79c50f9a-2ffe-4ee0-8a37-fae4f5dacd4f}
[2010.03.18 19:57:35 | 000,000,000 | ---D | M] (External Application Buttons [de]) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default - Original\extensions\{8ea2f18c-4168-4331-95b8-f7f30c253612}
[2010.03.18 19:57:35 | 000,000,000 | ---D | M] (Update Notifier [de]) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default - Original\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2010.03.18 19:57:36 | 000,000,000 | ---D | M] (NoUn Buttons) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default - Original\extensions\{99f30549-35d4-11d9-8a2a-396c6e707e82}
[2010.03.18 19:57:37 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default - Original\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.03.18 19:57:30 | 000,000,000 | ---D | M] (Cache Status) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default - Original\extensions\cache@status.org
[2010.03.18 19:57:32 | 000,000,000 | ---D | M] (Custom Buttons&#178;) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default - Original\extensions\CustomButtons2@cbtnext.org
[2010.03.18 19:57:32 | 000,000,000 | ---D | M] ("Searchbar Autocomplete Order") -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default - Original\extensions\searchbarAutocompleteOrder@alice
[2010.03.18 19:57:34 | 000,000,000 | ---D | M] (SQLite Manager) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default - Original\extensions\SQLiteManager@mrinalkant.blogspot.com
[2011.11.25 18:58:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\nrz0inro.0000000000000000\extensions
[2011.11.24 17:07:33 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\nrz0inro.0000000000000000\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.11.25 18:58:26 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\nrz0inro.0000000000000000\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.11.16 21:44:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\osaut18e.WEGEN_FLACKERTN\extensions
[2011.11.16 21:14:29 | 000,000,000 | ---D | M] (Panic Button) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\osaut18e.WEGEN_FLACKERTN\extensions\{24cea704-946d-11da-a72b-0800200c9a66}
[2011.11.16 21:14:29 | 000,000,000 | ---D | M] (Old Location Bar) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\osaut18e.WEGEN_FLACKERTN\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0}
[2011.11.16 21:14:29 | 000,000,000 | ---D | M] (Clear Cache Button) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\osaut18e.WEGEN_FLACKERTN\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}
[2011.11.16 21:14:30 | 000,000,000 | ---D | M] (External Application Buttons [de]) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\osaut18e.WEGEN_FLACKERTN\extensions\{8ea2f18c-4168-4331-95b8-f7f30c253612}
[2011.11.16 21:14:30 | 000,000,000 | ---D | M] (Update Notifier [de]) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\osaut18e.WEGEN_FLACKERTN\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2011.11.16 21:14:31 | 000,000,000 | ---D | M] (NoUn Buttons) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\osaut18e.WEGEN_FLACKERTN\extensions\{99f30549-35d4-11d9-8a2a-396c6e707e82}
[2011.11.16 21:14:31 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\osaut18e.WEGEN_FLACKERTN\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.11.16 21:14:32 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\osaut18e.WEGEN_FLACKERTN\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2011.11.16 21:44:45 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\osaut18e.WEGEN_FLACKERTN\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.11.16 21:14:29 | 000,000,000 | ---D | M] (Custom Buttons) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\osaut18e.WEGEN_FLACKERTN\extensions\custombuttons@xsms.org
[2011.11.16 21:14:29 | 000,000,000 | ---D | M] (Custom Buttons&#178;) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\osaut18e.WEGEN_FLACKERTN\extensions\CustomButtons2@cbtnext.org
[2011.01.31 21:05:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\qcy11sxi.Ganz-ganz_NEU\extensions
[2010.03.01 16:23:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\rm5kexch.Ganz_NEU\extensions
[2012.01.16 14:22:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\rpa4aq9j.NEU\extensions
[2011.08.23 20:45:08 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\rpa4aq9j.NEU\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.01.16 14:22:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\rpa4aq9j.NEU\extensions\staged
[2011.12.02 21:05:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\xwdndx2p.________\extensions
[2011.11.25 19:17:51 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\xwdndx2p.________\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.11.25 19:17:52 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\xwdndx2p.________\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.11.25 15:55:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\xwdndx2p.________ - Kopie\extensions
[2011.11.25 19:31:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\zoen1t1f.Standard-Benutzer\extensions
[2011.11.25 19:31:58 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\zoen1t1f.Standard-Benutzer\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] D:\Programme\COMODO Firewall\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast5] D:\Programme\AVAST AntiVirus\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [KMConfig] "C:\Program Files (x86)\Multimedia Mouse Driver\V5\StartAutorun.exe" KMConfig.exe File not found
O4 - HKLM..\Run: [TrueImageMonitor.exe] D:\Programme\ACRONIS TrueImage Backup Tool\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [tuloxFreeWBF]  File not found
O4 - HKCU..\Run: [DateInTray] D:\Programme\DateInTray\DateInTray.exe (CrispyBytes Software)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKCU..\Run: [WeatherWatcher] D:\Programme\Weather Watcher\ww.exe (Singer's Creations)
O4 - HKLM..\RunOnceEx: []  File not found
O4 - Startup: C:\Users\Jatak81\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\POP Peeper.lnk = D:\Programme\POP Peeper\POPPeeper.exe (Mortal Universe)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = Reg Error: Unknown registry data type File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {72376E32-8AF2-473F-BE32-E5D0F39C865D} hxxp://www.cyberlink.com/prog/win7/js/UpdateAdvisor.cab (CUpdateAdvisorCtrl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 195.50.140.182 195.50.140.114
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18837B9E-14C3-4626-ABAA-05812D25A579}: DhcpNameServer = 192.168.1.1 195.50.140.182 195.50.140.114
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18837B9E-14C3-4626-ABAA-05812D25A579}: NameServer = 192.168.1.1,195.50.140.182
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6556F80-DEDB-4C79-BEDB-9EB447F983CF}: DhcpNameServer = 192.168.1.1 195.50.140.182 195.50.140.114
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) -C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
O37 - HKLM\...exe [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
 
 
MsConfig:64bit - StartUpFolder: C:^Users^Jatak81^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^TRDCReminder.lnk - C:\PROGRA~2\TOSHIBA\TRDCRE~1\TRDCRE~1.EXE - (TOSHIBA Europe)
MsConfig:64bit - StartUpReg: 00TCrdMain - hkey= - key= - C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - D:\Programme\ADOBE Reader\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: CheckPoint Cleanup - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: HWSetup - hkey= - key= - C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
MsConfig:64bit - StartUpReg: KeNotify - hkey= - key= - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
MsConfig:64bit - StartUpReg: mcagent_exe - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: SmartFaceVWatcher - hkey= - key= - C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: SmoothView - hkey= - key= - C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: SVPWUTIL - hkey= - key= - C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
MsConfig:64bit - StartUpReg: Teco - hkey= - key= - C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: TOSHIBA Online Product Information - hkey= - key= - C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
MsConfig:64bit - StartUpReg: Toshiba Registration - hkey= - key= - C:\Programme\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
MsConfig:64bit - StartUpReg: Toshiba TEMPRO - hkey= - key= - C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
MsConfig:64bit - StartUpReg: ToshibaServiceStation - hkey= - key= - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: TosNC - hkey= - key= - C:\Programme\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: TosReelTimeMonitor - hkey= - key= - C:\Programme\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: TosSENotify - hkey= - key= - C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: TosWaitSrv - hkey= - key= - C:\Programme\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: TPwrMain - hkey= - key= - C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: TWebCamera - hkey= - key= - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
MsConfig:64bit - StartUpReg: WinampAgent - hkey= - key= - D:\Programme\WinAmp\winampa.exe ()
MsConfig:64bit - StartUpReg: ZoneAlarm Client - hkey= - key= -  File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - D:\Programme\AD-AWARE (Lavasoft) AntiSpyware Tool\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: MCODS - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MpfService - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: vsmon - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Lavasoft Ad-Aware Service - D:\Programme\AD-AWARE (Lavasoft) AntiSpyware Tool\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: vsmon - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{1DE4C716-4A8E-44BE-A053-EF43EEAE57F6} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\Windows\SysWow64\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.24 12:02:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.14 14:46:50 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.14 14:46:50 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.14 14:42:05 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.14 14:42:02 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.14 14:38:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.14 14:38:20 | 3092,938,752 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.11 21:46:26 | 000,076,511 | ---- | M] () -- C:\Users\Jatak81\Desktop\morrison_critical_insights.pdf
[2012.02.10 15:47:39 | 000,095,203 | ---- | M] () -- C:\Users\Jatak81\Desktop\HARRIS--How You Sound.pdf
[2012.02.08 19:59:48 | 002,161,367 | ---- | M] () -- C:\Users\Jatak81\Desktop\Bewerbung Krastev.zip
[2012.02.03 22:34:18 | 000,104,626 | ---- | M] () -- C:\Users\Jatak81\Desktop\runner-up_essay_choi10.pdf
[2012.01.24 19:07:17 | 000,067,827 | ---- | M] () -- C:\Users\Jatak81\Desktop\Immatrikulation(2).pdf
[2012.01.16 18:54:46 | 001,491,530 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.01.16 18:54:46 | 000,658,478 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.01.16 18:54:46 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.01.16 18:54:46 | 000,130,950 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.01.16 18:54:46 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.11 21:46:26 | 000,076,511 | ---- | C] () -- C:\Users\Jatak81\Desktop\morrison_critical_insights.pdf
[2012.02.10 15:47:39 | 000,095,203 | ---- | C] () -- C:\Users\Jatak81\Desktop\HARRIS--How You Sound.pdf
[2012.02.03 22:34:18 | 000,104,626 | ---- | C] () -- C:\Users\Jatak81\Desktop\runner-up_essay_choi10.pdf
[2012.01.24 19:07:17 | 000,067,827 | ---- | C] () -- C:\Users\Jatak81\Desktop\Immatrikulation(2).pdf
[2012.01.16 16:09:13 | 000,001,155 | ---- | C] () -- C:\Users\Jatak81\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype - Verknüpfung.lnk
[2011.12.16 22:47:01 | 006,050,070 | ---- | C] () -- C:\Users\Jatak81\AppData\Local\census.cache
[2011.12.16 22:46:25 | 000,125,538 | ---- | C] () -- C:\Users\Jatak81\AppData\Local\ars.cache
[2011.12.16 22:33:30 | 000,000,036 | ---- | C] () -- C:\Users\Jatak81\AppData\Local\housecall.guid.cache
[2011.11.19 13:50:17 | 000,003,584 | ---- | C] () -- C:\Users\Jatak81\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.09.03 16:23:16 | 000,000,001 | ---- | C] () -- C:\Users\Jatak81\AppData\Local\llftool.4.05.agreement
[2011.05.17 21:27:12 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.10.15 23:14:41 | 000,007,668 | ---- | C] () -- C:\Users\Jatak81\AppData\Local\resmon.resmoncfg
[2010.08.31 12:32:31 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2010.07.25 20:06:21 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
[2010.07.14 19:22:32 | 000,000,022 | ---- | C] () -- C:\Windows\kodakpcd.ini
[2010.05.27 16:55:41 | 000,024,575 | ---- | C] () -- C:\Windows\SysWow64\Usengwinsyspios.dll
[2010.05.27 15:20:31 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2009.08.27 08:05:12 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009.08.27 08:05:12 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009.08.27 08:05:12 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009.08.27 08:05:12 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009.04.28 03:37:00 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\SPCtl.dll
[2009.01.05 13:44:10 | 000,053,248 | ---- | C] () -- C:\Windows\bdoscandel.exe
[2009.01.05 13:44:10 | 000,000,483 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2003.02.04 07:22:30 | 000,181,312 | ---- | C] () -- C:\Windows\SysWow64\ScsiAccess.EXE
[2000.09.08 14:53:50 | 000,073,839 | ---- | C] () -- C:\Windows\SysWow64\KodakOneTouch.dll
 
========== LOP Check ==========
 
[2010.09.27 12:57:43 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\Acronis
[2011.12.22 23:22:21 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\Ashampoo
[2010.05.07 22:18:26 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\Ectaco
[2011.09.10 17:17:28 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\FreeAudioPack
[2010.01.27 21:35:08 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\LingvoSoft
[2010.01.27 23:06:56 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\OpenOffice.org
[2011.11.26 18:37:49 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\QuickScan
[2010.01.19 16:43:04 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\Toshiba
[2011.06.29 10:00:45 | 000,000,502 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011.11.18 13:27:55 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.09.27 12:57:43 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\Acronis
[2011.10.24 19:26:08 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\Adobe
[2010.07.27 12:34:30 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\Ahead
[2011.12.22 23:22:21 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\Ashampoo
[2011.10.09 17:20:37 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\dvdcss
[2010.05.07 22:18:26 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\Ectaco
[2011.09.10 17:17:28 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\FreeAudioPack
[2010.01.20 13:19:01 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\Google
[2010.01.19 16:33:41 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\Identities
[2010.01.27 21:35:08 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\LingvoSoft
[2009.09.08 09:13:26 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\Macromedia
[2010.10.06 19:30:34 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\Malwarebytes
[2009.07.14 19:18:18 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\Media Center Programs
[2011.10.24 19:26:08 | 000,000,000 | --SD | M] -- C:\Users\Jatak81\AppData\Roaming\Microsoft
[2011.08.23 19:01:58 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\Mozilla
[2010.01.27 23:06:56 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\OpenOffice.org
[2011.11.26 18:37:49 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\QuickScan
[2012.02.14 14:40:03 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\Skype
[2011.11.10 20:14:35 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\Skype - Kopie
[2010.01.19 16:43:04 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\Toshiba
[2011.08.12 20:13:13 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\vlc
 
< %APPDATA%\*.exe /s >
[2009.08.05 17:37:36 | 000,038,208 | ---- | M] () -- C:\Users\Jatak81\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.06.04 17:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009.06.04 17:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\drivers\iaStor.sys
[2009.06.04 17:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys
[2009.06.04 17:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:B755D674

< End of report >
         

Alt 14.02.2012, 15:13   #13
cska133
 
von meinem WEB.DE Account werden Spam-Mails verschickt - Standard

von meinem WEB.DE Account werden Spam-Mails verschickt



extras.txt

Code:
ATTFilter
OTL Extras logfile created on: 14.02.2012 14:49:24 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = D:\OTL
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,84 Gb Total Physical Memory | 2,37 Gb Available Physical Memory | 61,66% Memory free
7,68 Gb Paging File | 6,10 Gb Available in Paging File | 79,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 190,22 Gb Free Space | 81,68% Space Free | Partition Type: NTFS
Drive D: | 232,49 Gb Total Space | 180,71 Gb Free Space | 77,73% Space Free | Partition Type: NTFS
 
Computer Name: JATAK_81 | User Name: Jatak81 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.chm [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.cmd [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.com [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.cpl [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.exe [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.hlp [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.hta [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.html [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.inf [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.ini [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.url [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.js [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.jse [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.pif [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.reg [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.scr [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.vbe [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.vbs [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.wsf [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.wsh [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programme\FIREFOX Browser\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VLC MediaPlayer\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "D:\Programme\CEWE-Fotobuch\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "D:\Programme\CEWE-Fotobuch\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "D:\Programme\VLC MediaPlayer\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Programme\WinAmp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Programme\WinAmp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Programme\WinAmp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- Reg Error: Key error.
batfile [open] -- Reg Error: Key error.
batfile [print] -- Reg Error: Key error.
chm.file [open] -- Reg Error: Key error.
cmdfile [edit] -- Reg Error: Key error.
cmdfile [open] -- Reg Error: Key error.
cmdfile [print] -- Reg Error: Key error.
comfile [open] -- Reg Error: Key error.
cplfile [cplopen] -- Reg Error: Key error.
exefile [open] -- Reg Error: Key error.
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- Reg Error: Key error.
htafile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- Reg Error: Key error.
inffile [open] -- Reg Error: Key error.
inffile [print] -- Reg Error: Key error.
inifile [open] -- Reg Error: Key error.
inifile [print] -- Reg Error: Key error.
InternetShortcut [open] -- Reg Error: Key error.
InternetShortcut [print] -- Reg Error: Key error.
jsfile [edit] -- Reg Error: Key error.
jsfile [open] -- Reg Error: Key error.
jsfile [print] -- Reg Error: Key error.
jsefile [edit] -- Reg Error: Key error.
jsefile [open] -- Reg Error: Key error.
jsefile [print] -- Reg Error: Key error.
piffile [open] -- Reg Error: Key error.
regfile [edit] -- Reg Error: Key error.
regfile [open] -- Reg Error: Key error.
regfile [merge] -- Reg Error: Key error.
regfile [print] -- Reg Error: Key error.
scrfile [config] -- Reg Error: Key error.
scrfile [install] -- Reg Error: Key error.
scrfile [open] -- Reg Error: Key error.
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- Reg Error: Key error.
txtfile [print] -- Reg Error: Key error.
txtfile [printto] -- Reg Error: Key error.
vbefile [edit] -- Reg Error: Key error.
vbefile [open] -- Reg Error: Key error.
vbefile [print] -- Reg Error: Key error.
vbsfile [edit] -- Reg Error: Key error.
vbsfile [open] -- Reg Error: Key error.
vbsfile [print] -- Reg Error: Key error.
wsffile [edit] -- Reg Error: Key error.
wsffile [open] -- Reg Error: Key error.
wsffile [print] -- Reg Error: Key error.
wshfile [open] -- Reg Error: Key error.
Unknown [openas] -- Reg Error: Key error.
Folder [open] -- Reg Error: Key error.
Folder [explore] -- Reg Error: Key error.
Drive [find] -- Reg Error: Key error.
Applications\iexplore.exe [open] -- Reg Error: Key error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}" = TOSHIBA Bulletin Board
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8C5B5A11-CBF8-451B-B201-77FAB0D0B77D}" = Microsoft Network Monitor 3.4
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963E5FEB-1367-46B9-851D-A957F1A3747F}" = Microsoft Network Monitor: NetworkMonitor Parsers 3.4
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C2DDF845-7107-40E8-8D2A-8719F1799570}" = TOSHIBA ReelTime
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CutePDF Writer Installation" = CutePDF Writer 2.8
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{015E4B8A-29B5-4AE3-BD08-38220FADFF4C}" = aspi
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0823A2E3-69DD-A37A-7CD9-1CBEB037545C}" = Toshiba Photo Service - powered by myphotobook
"{08F32589-5E39-42B8-8BC5-6A8126ED2A70}" = Microsoft Visual C++ 2008 Redistributable Package
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{10E98E14-832C-4AF7-A4D1-6A9EF83B282E}" = VCAMCEN
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 29
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{469730CC-78DF-4CD3-B286-562D459EA619}" = ESSCAM
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69BD6399-3D8F-45B7-81D9-819361F5101D}" = PCDLNCH
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{78F79C84-BFD5-4D79-A07D-F39A3CF428DC}" = HLPIndex
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}" = ESSCT
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00D1-0407-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (German)
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97A39919-9FEA-48B7-AB2B-4F99212D1E98}" = HDD Regenerator
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{9E4FF410-471F-49E3-9358-74FF0D5E9901}" = Toshiba TEMPRO
"{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}" = SFR2
"{A2104078-AAA5-449E-95DD-55C9443A1031}" = Nero 7 Essentials
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
"{A6F18A67-B771-4191-8A33-36D2E742D6D9}" = ESSANUP
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9495514-098A-4869-A464-C455857BC464}" = Multimedia Mouse Driver
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}" = Acronis*True*Image*Home
"{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}" = SFR
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C82185E8-C27B-4EF4-2010-2222BC2C2B6D}" = Microsoft MapPoint Europa 2010
"{CA60320D-6A16-49C8-A34F-84EEF4799567}" = ESSTUTOR
"{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}" = ESSAdpt
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare Software
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E83BA61A-5D77-4DD5-9C92-A3447F11E27D}" = eBay
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2D0C1B1-80FF-46F9-BA61-33B01A07FAFC}" = HLPCCTR
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Ashampoo Burning Studio 2012_is1" = Ashampoo Burning Studio 2012 v10.0.15
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"CutePDF Professional (Evaluation)_is1" = CutePDF Professional 3.2 (Evaluation)
"DateInTray" = DateInTray 1.6
"ESET Online Scanner" = ESET Online Scanner v3
"eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Toshiba Photo Service - powered by myphotobook
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.4.0
"Gaberoff Koral Free German Dictionary 1.0" = Gaberoff Koral Free German Dictionary 1.0
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"Hard Disk Low Level Format Tool_is1" = Hard Disk Low Level Format Tool 4.05
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IconCool Editor v4.0" = IconCool Editor v4.0
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}" = TOSHIBA Bulletin Board
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{A9495514-098A-4869-A464-C455857BC464}" = Multimedia Mouse Driver
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{C2DDF845-7107-40E8-8D2A-8719F1799570}" = TOSHIBA ReelTime
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"LingvoSoft Dictionary German-Russian for Windows" = LingvoSoft Dictionary German-Russian for Windows
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Miranda IM" = Miranda IM 0.9.29
"MozBackup" = MozBackup 1.4.9
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"POP Peeper" = POP Peeper
"ReOrganize_is1" = ReOrganize!
"Revo Uninstaller" = Revo Uninstaller 1.91
"StrongDC++" = StrongDC++ 2.41
"The Treasures Of Montezuma" = The Treasures Of Montezuma
"The Treasures Of Montezuma 2" = The Treasures Of Montezuma 2
"tulox Freeware-Wörterbuch (Französisch)" = tulox Freeware-Wörterbuch (Französisch)
"VLC media player" = VLC media player 1.1.4
"Weather Watcher_is1" = Weather Watcher
"WildTangent toshiba Master Uninstall" = WildTangent-Spiele
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinZip" = WinZip
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 26.12.2011 10:21:06 | Computer Name = Jatak_81 | Source = ESENT | ID = 490
Description = Catalog Database (1100) Catalog Database: Versuch, Datei "C:\Windows\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
 für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
 Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
 wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
 
Error - 26.12.2011 10:21:06 | Computer Name = Jatak_81 | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert
 werden. "ESENT"-Fehler: -1032.
 
Error - 26.12.2011 10:21:19 | Computer Name = Jatak_81 | Source = ESENT | ID = 490
Description = Catalog Database (1100) Catalog Database: Versuch, Datei "C:\Windows\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
 für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
 Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
 wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
 
Error - 26.12.2011 10:21:19 | Computer Name = Jatak_81 | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert
 werden. "ESENT"-Fehler: -1032.
 
Error - 29.12.2011 16:50:39 | Computer Name = Jatak_81 | Source = ESENT | ID = 490
Description = Catalog Database (1072) Catalog Database: Versuch, Datei "C:\Windows\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
 für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
 Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
 wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
 
Error - 29.12.2011 16:50:39 | Computer Name = Jatak_81 | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert
 werden. "ESENT"-Fehler: -1032.
 
Error - 30.12.2011 11:05:48 | Computer Name = Jatak_81 | Source = ESENT | ID = 490
Description = Catalog Database (1072) Catalog Database: Versuch, Datei "C:\Windows\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
 für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
 Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
 wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
 
Error - 30.12.2011 11:05:48 | Computer Name = Jatak_81 | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert
 werden. "ESENT"-Fehler: -1032.
 
Error - 30.12.2011 11:06:02 | Computer Name = Jatak_81 | Source = ESENT | ID = 490
Description = Catalog Database (1072) Catalog Database: Versuch, Datei "C:\Windows\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
 für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
 Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
 wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
 
Error - 30.12.2011 11:06:02 | Computer Name = Jatak_81 | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert
 werden. "ESENT"-Fehler: -1032.
 
[ System Events ]
Error - 12.02.2012 11:58:55 | Computer Name = Jatak_81 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 12.02.2012 11:58:56 | Computer Name = Jatak_81 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 12.02.2012 11:59:11 | Computer Name = Jatak_81 | Source = DCOM | ID = 10005
Description = 
 
Error - 12.02.2012 11:59:11 | Computer Name = Jatak_81 | Source = DCOM | ID = 10005
Description = 
 
Error - 12.02.2012 11:59:13 | Computer Name = Jatak_81 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 12.02.2012 11:59:13 | Computer Name = Jatak_81 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 12.02.2012 11:59:13 | Computer Name = Jatak_81 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 12.02.2012 11:59:13 | Computer Name = Jatak_81 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 12.02.2012 11:59:13 | Computer Name = Jatak_81 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 12.02.2012 11:59:13 | Computer Name = Jatak_81 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >
         

Alt 14.02.2012, 16:06   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
von meinem WEB.DE Account werden Spam-Mails verschickt - Standard

von meinem WEB.DE Account werden Spam-Mails verschickt



Zitat:
Scan Mode: Current user
Du hast den Haken vergessen! Bei Scanne alle Benutzer!
GENAU DAS wurde aktualisiert in meinem Baustein!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.02.2012, 15:01   #15
cska133
 
von meinem WEB.DE Account werden Spam-Mails verschickt - Standard

von meinem WEB.DE Account werden Spam-Mails verschickt



achso, das mit dem Baustein habe ich nicht verstanden. Ich dachte den Code den ich einfüge stellt das Programm für den Scan ein.
Also bei Scanne alle Benutzer muss ich Haken setzen, damit alle berücksichtigt werden ja?

Muss ich andere Einstellungen ändern? Datei-Alter, LOP Prüfung, Purity Prüfung.... ?

Antwort

Themen zu von meinem WEB.DE Account werden Spam-Mails verschickt
account, adresse, adressen, andere, anderen, anwendungen, arbeit, bereit, comodo, emails, hängt, komische, online, punkt, screenshot, spam-mails, tagen, verschickt, versendet, web.de, überhaupt, zuhause



Ähnliche Themen: von meinem WEB.DE Account werden Spam-Mails verschickt


  1. Von Strato E-Mail-Account werden ungewollt Spam-Mails verschickt
    Plagegeister aller Art und deren Bekämpfung - 01.10.2015 (28)
  2. Spam Mails werden von meinem Mailacount verschickt
    Plagegeister aller Art und deren Bekämpfung - 18.09.2015 (15)
  3. Windows 7, von meinem Yahoo Account werden scheinbar Spam-Mails verschickt
    Plagegeister aller Art und deren Bekämpfung - 13.11.2014 (11)
  4. Nachricht der Telekom, dass von meinem Anschluss Spam-mails verschickt werden
    Plagegeister aller Art und deren Bekämpfung - 06.10.2014 (17)
  5. Windows 7: Spam-Mails von meinem Yahoo Account verschickt
    Log-Analyse und Auswertung - 28.04.2014 (7)
  6. E-Mail Account gehackt - unauthorisierte Mails von meinem Account werden verschickt
    Log-Analyse und Auswertung - 19.04.2014 (5)
  7. Unauthorisierte Mails von meinem Account werden verschickt
    Mülltonne - 13.04.2014 (1)
  8. Spam Mails werden von yahoo account verschickt - auch nach Passwortänderung
    Plagegeister aller Art und deren Bekämpfung - 05.04.2014 (14)
  9. GMX Account verschickt Spam-Mails
    Plagegeister aller Art und deren Bekämpfung - 09.02.2014 (11)
  10. Mail-Account verschickt regelmäßig automatisch Spam-Mails aus meinem Postkorb
    Log-Analyse und Auswertung - 13.08.2012 (34)
  11. GMX Account verschickt Spam-Mails
    Überwachung, Datenschutz und Spam - 10.08.2012 (102)
  12. Trojaner verschickt Spam-Mails aus meinem yahoo-Account
    Plagegeister aller Art und deren Bekämpfung - 24.06.2012 (3)
  13. Spam E-Mails werden automatisch über GMX-Account verschickt
    Plagegeister aller Art und deren Bekämpfung - 19.06.2012 (1)
  14. Über meinen GMX Account werden Spam E-Mails verschickt
    Plagegeister aller Art und deren Bekämpfung - 08.05.2012 (1)
  15. unbekannte Mails werden von meinem web.de account verschickt
    Plagegeister aller Art und deren Bekämpfung - 09.01.2012 (40)
  16. Spam-Mails mit meinem E-Mail-Account verschickt.
    Plagegeister aller Art und deren Bekämpfung - 20.12.2011 (17)
  17. Spam Mails werden automatisch vom Yahoo Account verschickt
    Log-Analyse und Auswertung - 28.08.2011 (2)

Zum Thema von meinem WEB.DE Account werden Spam-Mails verschickt - hallo, zum 2. Mal in den letzten 10 Tagen sehe ich in meinem Outbox bei Web.de komische Emails als versendet, die ich aber nicht verschickt habe hä? Sie sehen so - von meinem WEB.DE Account werden Spam-Mails verschickt...
Archiv
Du betrachtest: von meinem WEB.DE Account werden Spam-Mails verschickt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.