Zurück   Trojaner-Board > Archiv - Kein Posten möglich > Mülltonne

Mülltonne: (2x) Verschlüsselungstrojaner

Windows 7 Beiträge, die gegen unsere Regeln verstoßen haben, solche, die die Welt nicht braucht oder sonstiger Müll landet hier in der Mülltonne...

 
Alt 16.06.2012, 10:50   #1
Cerox
 
(2x) Verschlüsselungstrojaner - Standard

(2x) Verschlüsselungstrojaner



Guten Tag.

Ich habe mir vor 2 Tagen einen sogenannten Bundespolizei Trojaner eingefangen. Zu diesem Zeitpunkt war ich nur auf der Seite "www.mobafire.com"

Seit heute morgen, komme ich nun wieder in den normalen Windowsmodus. Ich weiß, aber nicht wieso!

Avira hatte auch sofort 2 Malware Funde und hat diese auch gelöscht. Danach habe ich diese Dateien erstellt.

defogger:
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 10:58 on 16/06/2012 (***)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
         
OTL:
Code:
ATTFilter
OTL logfile created on: 16.06.2012 11:26:05 - Run 1
OTL by OldTimer - Version 3.2.49.0     Folder = C:\Users\arnold\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,89 Gb Available Physical Memory | 62,90% Memory free
6,20 Gb Paging File | 5,09 Gb Available in Paging File | 82,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,89 Gb Total Space | 24,63 Gb Free Space | 16,54% Space Free | Partition Type: NTFS
Drive F: | 7,47 Gb Total Space | 5,46 Gb Free Space | 73,07% Space Free | Partition Type: FAT32
 
Computer Name: ARNOLD-PC | User Name: arnold | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.16 10:56:42 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\arnold\Desktop\OTL.exe
PRC - [2011.12.14 13:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Users\arnold\temp\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011.12.14 13:23:34 | 001,212,224 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
PRC - [2011.12.14 13:23:32 | 001,514,304 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
PRC - [2011.12.14 13:21:56 | 000,123,712 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\DiskDoctor.exe
PRC - [2011.07.22 13:07:25 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.04.21 07:53:10 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.21 07:52:36 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.03.15 17:59:32 | 000,312,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2010.09.24 15:36:59 | 001,960,744 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.11.24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008.06.24 10:41:36 | 000,057,344 | ---- | M] (Cepstral, LLC) -- C:\Programme\Cepstral\bin\CepstralLicSrv.exe
PRC - [2008.04.08 15:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2006.10.05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.16 10:52:22 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012.06.16 10:52:11 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012.05.17 19:20:20 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012.05.17 15:59:42 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012.05.17 15:54:14 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012.05.17 15:53:52 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011.12.27 04:51:23 | 005,251,072 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
MOD - [2011.12.12 20:25:42 | 013,420,352 | ---- | M] () -- C:\Programme\TuneUp Utilities 2012\libcef.dll
MOD - [2009.03.30 06:42:12 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009.03.30 06:42:12 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.01.22 15:45:30 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3019.36870__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2009.01.22 15:45:30 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3019.36904__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2009.01.22 15:45:29 | 001,679,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3019.36912__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2009.01.22 15:45:29 | 000,364,544 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3019.37109__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2009.01.22 15:45:29 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3019.36924__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2009.01.22 15:45:29 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3019.37100__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2009.01.22 15:45:29 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3019.37065__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2009.01.22 15:45:29 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3019.37022__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2009.01.22 15:45:29 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3019.36890__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2009.01.22 15:45:28 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3019.37131__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2009.01.22 15:45:21 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3019.37137__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2009.01.22 15:45:21 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3019.36884__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2009.01.22 15:45:20 | 000,352,256 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3019.37072__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2009.01.22 15:45:20 | 000,147,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3019.37130__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
MOD - [2009.01.22 15:45:20 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3019.37079__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2009.01.22 15:45:20 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3019.37071__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2009.01.22 15:45:20 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3019.37129__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2009.01.22 15:45:19 | 000,901,120 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3019.37102__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2009.01.22 15:45:19 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3019.37030__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2009.01.22 15:45:19 | 000,585,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3019.36936__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2009.01.22 15:45:19 | 000,479,232 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3019.37023__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2009.01.22 15:45:19 | 000,446,464 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3019.37015__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2009.01.22 15:45:19 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3019.36891__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2009.01.22 15:45:19 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3019.37092__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2009.01.22 15:45:19 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3019.37058__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2009.01.22 15:45:19 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3019.36943__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2009.01.22 15:45:19 | 000,217,088 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3019.36930__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2009.01.22 15:45:19 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3019.37044__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2009.01.22 15:45:19 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3019.37029__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2009.01.22 15:45:19 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3019.37022__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2009.01.22 15:45:19 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3019.36942__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2009.01.22 15:45:19 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3019.37029__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2009.01.22 15:45:19 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3019.37044__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2009.01.22 15:45:19 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3019.37058__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2009.01.22 15:45:18 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2939.23668__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2009.01.22 15:45:18 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2009.01.22 15:45:18 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2939.23662__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2009.01.22 15:45:18 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2939.23802__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2009.01.22 15:45:18 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2939.23667__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2009.01.22 15:45:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2939.23717__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2009.01.22 15:45:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2939.23693__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2009.01.22 15:45:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2939.23687__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2009.01.22 15:45:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2009.01.22 15:45:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2939.23679__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2009.01.22 15:45:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2939.23707__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2009.01.22 15:45:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2939.23717__90ba9c70f846762e\DEM.OS.dll
MOD - [2009.01.22 15:45:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2009.01.22 15:45:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2939.23718__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2009.01.22 15:45:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2009.01.22 15:45:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2939.23688__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2009.01.22 15:45:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2939.23767__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2009.01.22 15:45:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2939.23710__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2009.01.22 15:45:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2939.23768__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2009.01.22 15:45:18 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2009.01.22 15:45:17 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2965.22300__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2009.01.22 15:45:17 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2939.23689__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2009.01.22 15:45:17 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2939.23743__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2009.01.22 15:45:17 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2939.23739__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2009.01.22 15:45:17 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2939.23740__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2009.01.22 15:45:17 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2939.23738__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2009.01.22 15:45:17 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2939.23764__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2009.01.22 15:45:17 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2939.23742__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2009.01.22 15:45:17 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2939.23708__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2009.01.22 15:45:17 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2939.23763__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2009.01.22 15:45:17 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2939.23735__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2009.01.22 15:45:17 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2009.01.22 15:45:17 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2939.23741__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2009.01.22 15:45:17 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2939.23711__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2009.01.22 15:45:17 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2939.23679__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2009.01.22 15:45:17 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2009.01.22 15:45:17 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2939.23709__90ba9c70f846762e\APM.Foundation.dll
MOD - [2009.01.22 15:45:17 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2939.23734__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2009.01.22 15:45:17 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2939.23718__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2009.01.22 15:45:16 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2939.23665__90ba9c70f846762e\AEM.Foundation.dll
MOD - [2009.01.22 15:45:16 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2009.01.22 15:45:16 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2009.01.22 15:45:13 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3019.36897__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2009.01.22 15:45:13 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3019.37122__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2009.01.22 15:45:13 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3019.36862__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2009.01.22 15:45:13 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3019.37121__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2009.01.22 15:45:13 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2939.23713__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2009.01.22 15:45:13 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2939.23678__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2009.01.22 15:45:13 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3019.37147__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2009.01.22 15:45:13 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2009.01.22 15:45:13 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2939.23694__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2009.01.22 15:45:13 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2939.23712__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2009.01.22 15:45:13 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2939.23677__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2009.01.22 15:45:13 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3019.36862__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2009.01.22 15:45:12 | 001,511,424 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3019.36878__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2009.01.22 15:45:12 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3019.36863__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2009.01.22 15:45:12 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3019.36861__90ba9c70f846762e\APM.Server.dll
MOD - [2009.01.22 15:45:12 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3019.36862__90ba9c70f846762e\AEM.Server.dll
MOD - [2009.01.22 15:45:12 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2939.23689__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2009.01.22 15:45:12 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3019.37122__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2009.01.22 15:45:12 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2009.01.22 15:45:12 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2939.23711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2009.01.22 15:45:12 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2939.23746__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2008.04.07 21:59:30 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Overwolf\\OverwolfUpdater.exe -- (OverwolfUpdaterService)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc -- (gupdatem) Google Update-Dienst (gupdatem)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /svc -- (gupdate) Google Update Service (gupdate)
SRV - [2012.04.28 05:48:14 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.12 19:18:53 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011.12.14 13:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Users\arnold\temp\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011.12.14 13:23:32 | 001,514,304 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.07.22 13:07:25 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.07 22:05:22 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.12.10 18:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.09.24 15:36:59 | 001,960,744 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010.03.10 02:01:00 | 003,589,384 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.05.27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2008.11.24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008.11.24 22:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008.11.11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [Disabled | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.07.18 21:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Programme\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008.06.24 10:41:36 | 000,057,344 | ---- | M] (Cepstral, LLC) [Auto | Running] -- C:\Programme\Cepstral\bin\CepstralLicSrv.exe -- (Cepstral License Server)
SRV - [2008.04.24 19:35:46 | 000,073,728 | ---- | M] (Toshiba) [Disabled | Stopped] -- C:\Programme\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008.04.24 10:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) [Disabled | Stopped] -- C:\Programme\Toshiba TEMPRO\TempoSVC.exe -- (TempoMonitoringService)
SRV - [2008.04.17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Programme\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008.04.11 11:57:14 | 000,124,264 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.17 17:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Programme\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007.12.03 18:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Programme\Toshiba\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007.11.21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.10.05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Disabled | Stopped] -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [Disabled | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva370.sys -- (XDva370)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\igdkmd32.sys -- (igfx)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\gtstusbser.sys -- (gtstusbser)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Gameforge4D\CABAL Online\GameGuard\dump_wmimmc.sys -- (dump_wmimmc)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2011.12.12 20:31:38 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011.07.22 13:07:31 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.22 13:07:31 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.10.09 04:36:22 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009.10.08 17:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.09.21 10:55:36 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009.09.21 10:55:36 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bserd.sys -- (ss_bserd)
DRV - [2009.09.21 10:55:36 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009.09.21 10:55:36 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2009.03.27 14:23:12 | 000,023,064 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - [2009.03.18 18:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.02.13 13:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.07.18 19:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008.04.28 06:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.04.23 17:15:26 | 000,131,712 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2008.04.15 10:05:08 | 000,118,784 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.04.08 02:24:20 | 003,548,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.03.25 13:54:02 | 000,041,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2008.03.19 11:38:24 | 000,074,112 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2008.02.27 19:36:02 | 000,141,408 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2008.02.15 18:01:18 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008.01.22 20:57:48 | 000,054,144 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2007.12.17 12:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007.11.29 09:45:44 | 000,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2007.11.09 15:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2007.10.18 14:25:00 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007.10.02 11:43:22 | 000,064,128 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007.07.30 11:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.07.30 10:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.11.28 15:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.20 14:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006.10.23 16:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006.10.18 11:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2005.01.07 05:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004.04.26 23:31:04 | 000,474,304 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvcd.sys -- (QCDonner) Logitech QuickCam Express(PID_0840)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2776682
IE - HKLM\..\SearchScopes\{BEB369F9-1461-4189-9B82-AE4D4B8C3450}: "URL" = hxxp://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA;
IE - HKLM\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q={searchTerms}&crm=1
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=gppc
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://supertoolbar.ask.com/redirect?client=ie&tb=DVSV5&o=15012&src=crm&q={searchTerms}&locale=de_US
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2776682
IE - HKCU\..\SearchScopes\{BEB369F9-1461-4189-9B82-AE4D4B8C3450}: "URL" = hxxp://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA_deAT311
IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q={searchTerms}&crm=1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.defaultthis.engineName: "IMVU Inc Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2612669&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.selectedEngine: "foxsearch"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {AA994882-F391-4d2e-806F-8908DA4814ED}:2.11.9
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {90b49673-5506-483e-b92b-ca0265bd9ca8}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: info@djzig.com:1.3.1
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2612669&SearchSource=2&q="
 
FF - user.js..browser.search.selectedEngine: "foxsearch"
FF - user.js..browser.search.order.1: "foxsearch"
FF - user.js..browser.search.defaultenginename: "foxsearch"
FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader:  File not found
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.28 05:48:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.04 13:20:02 | 000,000,000 | ---D | M]
 
[2010.03.25 18:50:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\arnold\AppData\Roaming\mozilla\Extensions
[2010.03.25 18:50:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\arnold\AppData\Roaming\mozilla\Extensions\IMVUClientXUL@imvu.com
[2012.06.02 19:50:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\arnold\AppData\Roaming\mozilla\Firefox\Profiles\3nem1e7n.default\extensions
[2011.04.05 17:14:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\arnold\AppData\Roaming\mozilla\Firefox\Profiles\3nem1e7n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.06.02 19:50:57 | 000,000,000 | ---D | M] (IMVU Inc Community Toolbar) -- C:\Users\arnold\AppData\Roaming\mozilla\Firefox\Profiles\3nem1e7n.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}
[2010.08.10 16:52:48 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\arnold\AppData\Roaming\mozilla\Firefox\Profiles\3nem1e7n.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.05.22 23:04:50 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\arnold\AppData\Roaming\mozilla\Firefox\Profiles\3nem1e7n.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.06.05 12:49:47 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\arnold\AppData\Roaming\mozilla\Firefox\Profiles\3nem1e7n.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2011.04.10 12:37:38 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\arnold\AppData\Roaming\mozilla\Firefox\Profiles\3nem1e7n.default\extensions\engine@conduit.com
[2012.05.17 18:47:37 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\arnold\AppData\Roaming\mozilla\Firefox\Profiles\3nem1e7n.default\extensions\ich@maltegoetz.de
[2011.05.22 09:30:19 | 000,000,000 | ---D | M] (Portalarium Player) -- C:\Users\arnold\AppData\Roaming\mozilla\Firefox\Profiles\3nem1e7n.default\extensions\player@portalarium.com
[2011.03.24 13:22:02 | 000,000,919 | ---- | M] () -- C:\Users\arnold\AppData\Roaming\Mozilla\Firefox\Profiles\3nem1e7n.default\searchplugins\conduit.xml
[2012.06.11 16:18:42 | 000,001,056 | ---- | M] () -- C:\Users\arnold\AppData\Roaming\Mozilla\Firefox\Profiles\3nem1e7n.default\searchplugins\icqplugin.xml
[2011.11.16 00:43:43 | 000,003,915 | ---- | M] () -- C:\Users\arnold\AppData\Roaming\Mozilla\Firefox\Profiles\3nem1e7n.default\searchplugins\sweetim.xml
[2012.01.03 12:18:15 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.01.06 17:07:47 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\ARNOLD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3NEM1E7N.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.01.09 02:46:36 | 000,021,707 | ---- | M] () (No name found) -- C:\USERS\ARNOLD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3NEM1E7N.DEFAULT\EXTENSIONS\ADAPTER@BABYLONTC.COM.XPI
[2012.01.09 02:46:36 | 000,007,972 | ---- | M] () (No name found) -- C:\USERS\ARNOLD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3NEM1E7N.DEFAULT\EXTENSIONS\OCR@BABYLON.COM.XPI
[2012.04.28 05:48:14 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.01.03 12:18:10 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.03 12:18:10 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.01.03 12:18:10 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.03 12:18:10 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.03 12:18:10 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.03 12:18:10 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {CC48EB38-F950-48C0-9F22-D64F829AE3DF} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {51A86BB3-6602-4C85-92A5-130EE4864F13} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O4 - HKLM..\Run: [00TCrdMain] C:\Programme\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [cfFncEnabler.exe] cfFncEnabler.exe                                                                                                                                                                                                                                                          File not found
O4 - HKLM..\Run: [HDMICtrlMan] C:\Programme\Toshiba\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4 - HKLM..\Run: [HSON] C:\Programme\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe                                                                                                                                                                                                                                                               File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Programme\Toshiba\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [Toshiba TEMPO] C:\Programme\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe (Toshiba Europe GmbH)
O4 - HKLM..\Run: [TPwrMain] C:\Programme\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [TOSCDSPD] TOSCDSPD.EXE                                                                                                                                                                                                                                                              File not found
F3 - HKCU WinNT: Load - (C:\Users\arnold\LOCALS~1\Temp\msuudn.cmd) -  File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\arnold\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\arnold\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Lookup on Merriam Webster - Reg Error: Value error. File not found
O8 - Extra context menu item: Lookup on Wikipedia - Reg Error: Value error. File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/SmileyCentralInitialSetup1.0.1.1.cab (Reg Error: Key error.)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F557} hxxp://80.237.209.20/objects/NpFv501.dll (Flatcast Viewer 5.0)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.34.133.21 212.186.211.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D6132B2-D2DC-4B3B-A6B7-075FBA0F099B}: DhcpNameServer = 195.34.133.21 212.186.211.21
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) -  File not found
O24 - Desktop WallPaper: C:\Users\arnold\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\arnold\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O27 - HKLM IFEO\bip_camera1.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\cfmain.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\cfprofile.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\changeoutput.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\dmflauncher.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\dvdmf.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\eccenter1.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\excel.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\hdmictrlcfg.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\hwsetup.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\msoxmled.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\mstore.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\ndstray.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\onenote.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\overwolflauncher.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\pcdiag.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\powerpnt.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\presentationhost.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\smartfacevsetting.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\tacsprop.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\tfcconf.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\tfcrst.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\tintouch.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\todisc.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\topi.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\tosbtmng.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\tosbtproc1.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\toshddvd.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\toshiba.tempo.ui.controlpanelapplication.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\tosramutil.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\usrguide.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\winword.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\wirelessftp1.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{26a18517-7beb-11df-9d57-001e337fa0ac}\Shell - "" = AutoRun
O33 - MountPoints2\{26a18517-7beb-11df-9d57-001e337fa0ac}\Shell\AutoRun\command - "" = F:\QsSetup.exe
O33 - MountPoints2\{9f483d7c-e88b-11dd-a3e9-001e337fa0ac}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.16 10:58:05 | 010,063,000 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\arnold\Desktop\mbam-setup-1.61.0.1400.exe
[2012.06.16 10:56:39 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\arnold\Desktop\OTL.exe
[2012.06.15 15:30:05 | 000,000,000 | R--D | C] -- C:\Users\arnold\Desktop\Musik
[2012.06.14 20:35:06 | 000,000,000 | R--D | C] -- C:\Users\arnold\Desktop\XANDRIAH
[2012.06.14 20:31:52 | 000,000,000 | R--D | C] -- C:\Users\arnold\Desktop\Arbeit
[2012.06.14 20:31:13 | 000,000,000 | R--D | C] -- C:\Users\arnold\Desktop\Anonymous
[2012.06.14 19:17:46 | 000,000,000 | ---D | C] -- C:\ProgramData\izipovvihdvlutn
[2012.06.07 14:52:05 | 000,000,000 | ---D | C] -- C:\Users\arnold\Desktop\Neuer Ordner
[2012.06.06 11:54:09 | 000,000,000 | ---D | C] -- C:\Users\arnold\AppData\Roaming\IMVU
[2012.06.06 11:53:58 | 000,000,000 | ---D | C] -- C:\Users\arnold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU
[2012.06.06 11:53:48 | 000,000,000 | ---D | C] -- C:\Users\arnold\AppData\Roaming\IMVUClient
[2012.05.24 23:10:54 | 000,000,000 | ---D | C] -- C:\Users\arnold\AppData\Roaming\LolClient2
[2012.05.18 17:11:08 | 000,000,000 | ---D | C] -- C:\Program Files\GamersFirst
[2012.05.10 10:02:00 | 001,249,792 | ---- | C] (hxxp://www.ruby-lang.org/) -- C:\Users\arnold\AppData\Roaming\msvcr90-ruby191.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.16 11:16:20 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.16 10:58:42 | 000,000,000 | ---- | M] () -- C:\Users\arnold\defogger_reenable
[2012.06.16 10:58:27 | 010,063,000 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\arnold\Desktop\mbam-setup-1.61.0.1400.exe
[2012.06.16 10:57:06 | 000,302,592 | ---- | M] () -- C:\Users\arnold\Desktop\e66gczgq.exe
[2012.06.16 10:56:42 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\arnold\Desktop\OTL.exe
[2012.06.16 10:56:35 | 000,050,477 | ---- | M] () -- C:\Users\arnold\Desktop\Defogger.exe
[2012.06.16 10:55:22 | 000,728,644 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.16 10:55:22 | 000,679,072 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.16 10:55:22 | 000,168,456 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.16 10:55:22 | 000,136,632 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.16 10:48:50 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.16 10:48:50 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.16 10:48:40 | 001,717,152 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.06.16 10:48:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.16 04:08:25 | 000,001,356 | ---- | M] () -- C:\Users\arnold\AppData\Local\d3d9caps.dat
[2012.06.14 22:41:00 | 000,000,627 | ---- | M] () -- C:\Users\arnold\Desktop\remove_bundestrojaner.vbs
[2012.06.14 19:17:47 | 000,000,052 | ---- | M] () -- C:\ProgramData\kpiwlvszpnhqgdb
[2012.06.07 16:07:07 | 000,500,878 | ---- | M] () -- C:\Users\arnold\Desktop\Sacrifice (gothicwallz.blogspot.com).jpg
[2012.06.06 23:55:22 | 000,000,298 | ---- | M] () -- C:\Users\arnold\Desktop\Vista (C) - Verknüpfung.lnk
[2012.06.06 23:55:18 | 000,000,279 | ---- | M] () -- C:\Users\arnold\Desktop\Data (D) - Verknüpfung.lnk
[2012.06.06 19:42:00 | 000,153,326 | ---- | M] () -- C:\Users\arnold\Desktop\IMG_0548.JPG
[2012.05.27 18:21:57 | 001,249,792 | ---- | M] (hxxp://www.ruby-lang.org/) -- C:\Users\arnold\AppData\Roaming\msvcr90-ruby191.dll
[2012.05.24 04:09:24 | 000,056,320 | ---- | M] () -- C:\Users\arnold\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.18 17:11:33 | 000,000,958 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.16 10:58:42 | 000,000,000 | ---- | C] () -- C:\Users\arnold\defogger_reenable
[2012.06.16 10:57:05 | 000,302,592 | ---- | C] () -- C:\Users\arnold\Desktop\e66gczgq.exe
[2012.06.16 10:56:32 | 000,050,477 | ---- | C] () -- C:\Users\arnold\Desktop\Defogger.exe
[2012.06.14 22:57:11 | 000,000,627 | ---- | C] () -- C:\Users\arnold\Desktop\remove_bundestrojaner.vbs
[2012.06.14 19:17:44 | 000,000,052 | ---- | C] () -- C:\ProgramData\kpiwlvszpnhqgdb
[2012.06.07 16:07:05 | 000,500,878 | ---- | C] () -- C:\Users\arnold\Desktop\Sacrifice (gothicwallz.blogspot.com).jpg
[2012.06.07 14:36:21 | 000,153,326 | ---- | C] () -- C:\Users\arnold\Desktop\IMG_0548.JPG
[2012.06.06 23:55:22 | 000,000,298 | ---- | C] () -- C:\Users\arnold\Desktop\Vista (C) - Verknüpfung.lnk
[2012.06.06 23:55:18 | 000,000,279 | ---- | C] () -- C:\Users\arnold\Desktop\Data (D) - Verknüpfung.lnk
[2012.05.18 17:11:33 | 000,000,958 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
[2011.12.12 18:30:46 | 000,230,752 | ---- | C] () -- C:\Windows\patchw32.dll
[2011.12.12 18:30:46 | 000,118,176 | ---- | C] () -- C:\Windows\patchw.dll
[2010.10.25 07:59:45 | 000,000,016 | -H-- | C] () -- C:\ProgramData\mxfilerelatedcache.mxc2
[2010.09.13 16:40:12 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.09.13 16:11:42 | 000,094,208 | ---- | C] () -- C:\Windows\System32\ImageSearchDLL.dll
[2010.09.13 16:11:42 | 000,094,208 | ---- | C] () -- C:\Windows\ImageSearchDLL.dll
[2010.08.13 20:00:21 | 000,000,048 | ---- | C] () -- C:\Users\arnold\AppData\Roaming\wklnhst.dat
[2010.06.22 21:48:46 | 000,000,962 | ---- | C] () -- C:\Windows\Mobile Partner Manager.INI
[2010.06.17 21:27:36 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.06.17 21:27:36 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
 
========== LOP Check ==========
 
[2012.06.12 23:31:28 | 000,000,000 | ---D | M] -- C:\Users\arnold\AppData\Roaming\.minecraft
[2012.02.17 17:42:00 | 000,000,000 | ---D | M] -- C:\Users\arnold\AppData\Roaming\.Nitrous
[2012.04.11 22:42:35 | 000,000,000 | ---D | M] -- C:\Users\arnold\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.04.14 12:33:27 | 000,000,000 | ---D | M] -- C:\Users\arnold\AppData\Roaming\Dropbox
[2012.02.15 16:33:19 | 000,000,000 | ---D | M] -- C:\Users\arnold\AppData\Roaming\DVDVideoSoft
[2012.02.15 16:33:09 | 000,000,000 | ---D | M] -- C:\Users\arnold\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.12.26 16:07:12 | 000,000,000 | ---D | M] -- C:\Users\arnold\AppData\Roaming\FOG Downloader
[2012.02.15 18:23:37 | 000,000,000 | ---D | M] -- C:\Users\arnold\AppData\Roaming\GetRightToGo
[2012.03.22 19:52:18 | 000,000,000 | ---D | M] -- C:\Users\arnold\AppData\Roaming\gizza
[2011.07.27 20:34:14 | 000,000,000 | ---D | M] -- C:\Users\arnold\AppData\Roaming\go
[2011.03.07 16:56:18 | 000,000,000 | ---D | M] -- C:\Users\arnold\AppData\Roaming\gtk-2.0
[2011.05.13 08:06:37 | 000,000,000 | ---D | M] -- C:\Users\arnold\AppData\Roaming\Harry Potter Time-Turner
[2011.12.24 21:55:38 | 000,000,000 | ---D | M] -- C:\Users\arnold\AppData\Roaming\ICQ
[2012.06.11 16:16:31 | 000,000,000 | ---D | M] -- C:\Users\arnold\AppData\Roaming\IMVU
[2012.06.06 11:53:58 | 000,000,000 | ---D | M] -- C:\Users\arnold\AppData\Roaming\IMVUClient
[2010.09.02 10:45:36 | 000,000,000 | ---D | M] -- C:\Users\arnold\AppData\Roaming\LolClient
[2012.05.24 23:10:54 | 000,000,000 | ---D | M] -- C:\Users\arnold\AppData\Roaming\LolClient2
[2010.09.02 10:45:36 | 000,000,000 | ---D | M] -- C:\Users\arnold\AppData\Roaming\OCS
[2011.05.03 07:18:20 | 000,000,000 | ---D | M] -- C:\Users\arnold\AppData\Roaming\OpenOffice.org
[2010.08.25 02:30:49 | 000,000,000 | ---D | M] -- C:\Users\arnold\AppData\Roaming\Opera
[2010.08.25 02:30:49 | 000,000,000 | ---D | M] -- C:\Users\arnold\AppData\Roaming\PC Suite
[2011.05.31 11:27:04 | 000,000,000 | ---D | M] -- C:\Users\arnold\AppData\Roaming\PhonerLite
[2011.12.22 21:42:06 | 000,000,000 | ---D | M] -- C:\Users\arnold\AppData\Roaming\PhotoScape
[2010.08.25 02:30:49 | 000,000,000 | ---D | M] -- C:\Users\arnold\AppData\Roaming\Publish Providers
[2010.08.25 02:30:49 | 000,000,000 | ---D | M] -- C:\Users\arnold\AppData\Roaming\RapidSolution
[2011.05.15 19:38:56 | 000,000,000 | ---D | M] -- C:\Users\arnold\AppData\Roaming\SimonTools
[2010.08.25 02:30:50 | 000,000,000 | ---D | M] -- C:\Users\arnold\AppData\Roaming\Sony
[2011.04.30 09:08:05 | 000,000,000 | ---D | M] -- C:\Users\arnold\AppData\Roaming\Stitch
[2011.12.16 03:14:04 | 000,000,000 | ---D | M] -- C:\Users\arnold\AppData\Roaming\TeamViewer
[2010.09.02 10:45:34 | 000,000,000 | ---D | M] -- C:\Users\arnold\AppData\Roaming\Template
[2011.07.18 23:39:19 | 000,000,000 | ---D | M] -- C:\Users\arnold\AppData\Roaming\The Simpsons ScreenMate
[2011.05.12 22:02:59 | 000,000,000 | ---D | M] -- C:\Users\arnold\AppData\Roaming\Thinstall
[2011.12.04 12:13:36 | 000,000,000 | ---D | M] -- C:\Users\arnold\AppData\Roaming\thriXXX
[2011.10.10 16:09:09 | 000,000,000 | ---D | M] -- C:\Users\arnold\AppData\Roaming\Thunderbird
[2011.03.26 09:12:50 | 000,000,000 | ---D | M] -- C:\Users\arnold\AppData\Roaming\Toshiba
[2011.07.19 00:59:39 | 000,000,000 | ---D | M] -- C:\Users\arnold\AppData\Roaming\TS3Client
[2011.12.22 20:34:37 | 000,000,000 | ---D | M] -- C:\Users\arnold\AppData\Roaming\TuneUp Software
[2010.09.02 10:45:34 | 000,000,000 | ---D | M] -- C:\Users\arnold\AppData\Roaming\Uniblue
[2011.04.20 19:04:09 | 000,000,000 | ---D | M] -- C:\Users\arnold\AppData\Roaming\Utherverse
[2010.09.02 10:45:34 | 000,000,000 | ---D | M] -- C:\Users\arnold\AppData\Roaming\Vivox
[2011.06.01 10:05:50 | 000,000,000 | ---D | M] -- C:\Users\arnold\AppData\Roaming\VoipCheapCom
[2012.06.16 06:41:42 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 178 bytes -> C:\ProgramData\TEMP:B623B5B8

< End of report >
         
Extras:
Code:
ATTFilter
OTL Extras logfile created on: 16.06.2012 11:26:05 - Run 1
OTL by OldTimer - Version 3.2.49.0     Folder = C:\Users\arnold\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,89 Gb Available Physical Memory | 62,90% Memory free
6,20 Gb Paging File | 5,09 Gb Available in Paging File | 82,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,89 Gb Total Space | 24,63 Gb Free Space | 16,54% Space Free | Partition Type: NTFS
Drive F: | 7,47 Gb Total Space | 5,46 Gb Free Space | 73,07% Space Free | Partition Type: FAT32
 
Computer Name: ARNOLD-PC | User Name: arnold | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-334369481-3420322204-2392537432-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02F89347-E9FB-47C1-99E1-299E54B0E824}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{0AEA224C-A33B-444E-84AB-67C19218FC3F}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{18DAC281-327B-4A17-88FA-75984DC65CBF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{25E59CA7-37D8-4B56-80E0-0C16CE3C8CD8}" = rport=445 | protocol=6 | dir=out | app=system | 
"{2613FDD6-1863-47EE-95CD-8390DC1427A8}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{26F54AAF-16EA-4987-B65F-40725C6F65EE}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{2C531046-6D1B-40D2-86EA-535B94AB5F2F}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{35285C7B-9249-4D79-BE24-62BA87B0EEDF}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | 
"{35F1F3E8-7498-43E9-8FAE-0EC2160116E7}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{3F26DA0E-8466-47B2-936D-85EC5500944F}" = lport=50461 | protocol=6 | dir=in | name=akamai netsession interface | 
"{3F5AB4BD-B69B-4F89-9414-62F534E2826E}" = lport=138 | protocol=17 | dir=in | app=system | 
"{4587E56B-2CA7-49F2-AB05-A1128395C803}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{47165E62-235B-46B5-8D9A-455F44CB80B7}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher | 
"{48D89BF7-53B4-40A8-9511-AA3E7464361A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4CBEA3E2-6C41-4C53-A3F9-84879A4A1E0F}" = lport=137 | protocol=17 | dir=in | app=system | 
"{51500265-609E-4576-83C8-4200CA4D197B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5D2751BB-49D3-4309-8223-6EC5AAAC7682}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{6B5F7A63-B212-4E58-BD89-DEB5E3CB9BBD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6D68C7FE-EB69-4F56-8CAC-0D17B0F76952}" = lport=8395 | protocol=17 | dir=in | name=league of legends launcher | 
"{859F234E-E7CA-4FAA-8DB3-890EDFC37946}" = lport=8395 | protocol=6 | dir=in | name=league of legends launcher | 
"{9F65B434-10BB-4448-B4F1-11DB7AC8C7E9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A59F4D0C-FFFF-4544-A647-7222279F077B}" = rport=139 | protocol=6 | dir=out | app=system | 
"{B003FD93-5944-42B8-8501-FB41AFF530A8}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{BDEDFC27-5095-4967-BC85-0E56AE425AD3}" = lport=6912 | protocol=17 | dir=in | name=league of legends launcher | 
"{C5D491C6-52A2-45B4-86B6-408A5A55F899}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CCE5FE71-0A86-4B2F-95C9-C3CC4342E24C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{D37FF8DF-EC37-4DE0-A752-89ED6490F099}" = rport=137 | protocol=17 | dir=out | app=system | 
"{D4EAFB80-9608-4040-8FC0-080752A1F0F9}" = rport=138 | protocol=17 | dir=out | app=system | 
"{D601C8F2-EBE1-4D2A-A246-BFC66ABA0FF3}" = lport=445 | protocol=6 | dir=in | app=system | 
"{E79447F3-985B-47D6-851C-7BCADE177CB2}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher | 
"{F10D4676-1A3F-40B3-BEA4-34985CD71271}" = lport=6912 | protocol=6 | dir=in | name=league of legends launcher | 
"{F4D7E738-DD1D-4CF4-AFAD-78B0A39FF259}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F7223376-C8BD-4F8B-BBE9-027210129165}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{FA7F1031-BD29-4A1A-BE60-FAA57F6641CC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FDF946FE-4029-49F4-997E-C747B8563DCC}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{052ED792-6D42-400F-8213-2E9E6C4AF545}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{05888AD7-1197-40F3-B57E-DE4632E6B3E8}" = protocol=17 | dir=in | app=c:\users\arnold\desktop\computer zubehör\spotify 0.3.11.43065 ingles\app\spotify\spotify.exe | 
"{0BD85ECC-2EA5-4766-A326-B3F6A780428D}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{14B47CBE-0089-4EE7-9465-C48999934CCE}" = protocol=6 | dir=in | app=c:\users\arnold\appdata\roaming\dropbox\bin\dropbox.exe | 
"{18606B5E-A8A1-449B-A5AB-1104F5E162C3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{23347B9A-E10B-49F4-A40F-B8C6893BDDB6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{26D9ACC9-18C5-4659-BDE1-2E21AACE1E22}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{2A2F1F37-D0CA-4A0B-8271-3B17720DBD17}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{2B04C678-3CB8-474E-B126-4909136EE8EB}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{3489A923-0C59-429A-80F1-2E3213F51CA3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3E1F21D5-AB06-4577-81D7-B866C97E8C54}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer_service.exe | 
"{53A08FB4-6AF9-4602-BE34-052A827D2662}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{55832E5D-606F-4F71-B464-BC394569E8CC}" = protocol=17 | dir=in | app=c:\users\arnold\appdata\roaming\dropbox\bin\dropbox.exe | 
"{5787DF61-F6F3-4C09-A1F2-844A740D4FC3}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{63B3F064-5222-4274-A70F-605F98060590}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{69A0662B-0DA7-4B8C-B158-9ACA660180E8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{773931C6-0F30-4E3B-98DB-985DF9F2D48A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{7B989F77-8BB8-487B-AA0B-D8AB7586E099}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{7D7F404C-EA1C-4EF0-A066-AC49B59ED2A2}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer_service.exe | 
"{7DCF2163-1622-4906-924D-9B6ED25E7ADC}" = protocol=6 | dir=in | app=c:\users\arnold\desktop\computer zubehör\spotify 0.3.11.43065 ingles\app\spotify\spotify.exe | 
"{9313AC65-0F60-4E0C-82E1-2B1579F80EEF}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{95273A9A-D027-4309-89D0-59A0F556CC67}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"{958FC292-BB31-431C-AD17-E7BF10A13E65}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{96AF95A8-B309-4E15-8758-558A3732E3BB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{97BE7BBC-26B9-49DE-B0A2-D1FECBC9472B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{A365057E-F827-49BC-94E7-5343464F4D78}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{B1AA31D8-06C1-4B7E-9A8F-BBB4ED5336C6}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{C81E1433-885D-453B-BA70-23B3F943BBA1}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"{DCDC93A8-6250-4F91-924D-47C61B3EAFDE}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{DF9E7398-A077-4A91-80D9-71C89EE8B35E}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{EA3B8DD9-3625-4FD4-ABC2-C9AB1C58E318}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{ED40C367-DCE1-4CA8-88AF-46E9616F5D07}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{F4223977-D23F-41A9-B4CC-2501282D4E1D}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"TCP Query User{01085A81-DBAF-4EE0-A100-CED68EAD9803}E:\hltv.exe" = protocol=6 | dir=in | app=e:\hltv.exe | 
"TCP Query User{1C0CEFC2-B15B-499F-8C82-576C256B3476}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{2863426C-713A-41BC-AD9C-3D51200038CF}C:\users\arnold\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\arnold\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{29449892-9467-409B-AB3D-DDAB6E5CD824}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{5AC1DE12-B3A4-4440-B5B1-04068359F89F}E:\hl2.exe" = protocol=6 | dir=in | app=e:\hl2.exe | 
"TCP Query User{5B48503A-15CC-4486-BAEF-FEB9FDA9FCC9}C:\program files\xchat-wdk\xchat.exe" = protocol=6 | dir=in | app=c:\program files\xchat-wdk\xchat.exe | 
"TCP Query User{6EABCD92-FA06-4F5F-B3E9-E6D8C9781AF3}C:\users\arnold\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\arnold\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{7E8C4A4B-046F-4D8D-945A-4E2C22471D7B}C:\program files\xchat-wdk\xchat.exe" = protocol=6 | dir=in | app=c:\program files\xchat-wdk\xchat.exe | 
"TCP Query User{86ACE5B5-54C2-479B-AFF4-107349349F3C}E:\hl.exe" = protocol=6 | dir=in | app=e:\hl.exe | 
"TCP Query User{8B4C13D2-7869-44CF-A4E7-192D485E7A8F}H:\skulli'sscript\[g]script50\mirc.exe" = protocol=6 | dir=in | app=h:\skulli'sscript\[g]script50\mirc.exe | 
"TCP Query User{8D5B6821-3472-4F45-851B-01F92CC60EF5}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{98A846F6-6F2F-4BA4-8BF8-5600CE4302C8}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"TCP Query User{9ACF6053-7CAB-4546-AB58-4F61BC6EFA8D}C:\users\arnold\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\arnold\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{A1C1B778-EA2E-4201-9FDF-ADCA75793DF0}C:\users\arnold\documents\icq\480574685\receivedfiles\420571833 skulli - schatzii\skulli'sscript\[g]script50\mirc.exe" = protocol=6 | dir=in | app=c:\users\arnold\documents\icq\480574685\receivedfiles\420571833 skulli - schatzii\skulli'sscript\[g]script50\mirc.exe | 
"TCP Query User{BB8D3323-A678-405E-8E22-43D7C6162FCB}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"TCP Query User{C1E1DCF5-22EB-4F9A-9348-A71173EE0B86}C:\users\arnold\documents\icq\480574685\receivedfiles\420571833 skulli - schatzii\skulli'sscript\[g]script50\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\users\arnold\documents\icq\480574685\receivedfiles\420571833 skulli - schatzii\skulli'sscript\[g]script50\mirc\mirc.exe | 
"TCP Query User{C6C4C25F-56CD-414E-86B9-B062815E24D6}G:\skulli'sscript\[g]script50\mirc.exe" = protocol=6 | dir=in | app=g:\skulli'sscript\[g]script50\mirc.exe | 
"TCP Query User{D6DF5C00-1F06-4D03-A43C-110267495642}C:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | 
"TCP Query User{E70F7F69-023B-4E3E-AF73-B76384FFA819}C:\users\arnold\documents\icq\480574685\receivedfiles\420571833 skulli - schatzii\skulli'sscript\[g]script50\mirc.exe" = protocol=6 | dir=in | app=c:\users\arnold\documents\icq\480574685\receivedfiles\420571833 skulli - schatzii\skulli'sscript\[g]script50\mirc.exe | 
"UDP Query User{19FE77AE-80E6-4503-8E5E-E2EA1B721B7C}G:\skulli'sscript\[g]script50\mirc.exe" = protocol=17 | dir=in | app=g:\skulli'sscript\[g]script50\mirc.exe | 
"UDP Query User{28332FBD-644B-4EE5-8175-170D4CBE6824}H:\skulli'sscript\[g]script50\mirc.exe" = protocol=17 | dir=in | app=h:\skulli'sscript\[g]script50\mirc.exe | 
"UDP Query User{29EDB8BD-F750-47A3-8040-69A8C0D84DDF}C:\program files\xchat-wdk\xchat.exe" = protocol=17 | dir=in | app=c:\program files\xchat-wdk\xchat.exe | 
"UDP Query User{4F6F8A36-F2B2-4A05-9EA8-9E803A44C61D}C:\program files\xchat-wdk\xchat.exe" = protocol=17 | dir=in | app=c:\program files\xchat-wdk\xchat.exe | 
"UDP Query User{58ECB339-9016-46DF-881B-A81461C9F3E3}E:\hl2.exe" = protocol=17 | dir=in | app=e:\hl2.exe | 
"UDP Query User{5FEBC253-46C7-432B-9F7C-4F3C91544955}C:\users\arnold\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\arnold\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{62CF1F21-CB0A-4D75-A496-9A8450EB2CDE}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{779E8214-C297-48D5-AFFD-78E0C6589DEB}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{97C78EA3-DD7F-4124-90DE-D77D57199A71}C:\users\arnold\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\arnold\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{A752977C-1E11-419F-8E56-8DBA95101E9B}C:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | 
"UDP Query User{B03A907B-3147-4A80-9231-4F42EE7B9EFA}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
"UDP Query User{C7AE667E-2A8D-4326-92B8-C1CF1CF47FA0}C:\users\arnold\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\arnold\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{C9D6DC9D-F0FC-43F1-A366-B212C3781C9E}E:\hl.exe" = protocol=17 | dir=in | app=e:\hl.exe | 
"UDP Query User{CDB5610F-409B-4326-A1E1-4D1C0873BD30}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{CFDC5A8C-29C3-464F-B62C-4331504D96AA}C:\users\arnold\documents\icq\480574685\receivedfiles\420571833 skulli - schatzii\skulli'sscript\[g]script50\mirc.exe" = protocol=17 | dir=in | app=c:\users\arnold\documents\icq\480574685\receivedfiles\420571833 skulli - schatzii\skulli'sscript\[g]script50\mirc.exe | 
"UDP Query User{D6514B06-6371-4956-A9E2-02AA121AA5B6}E:\hltv.exe" = protocol=17 | dir=in | app=e:\hltv.exe | 
"UDP Query User{D95026E2-9DC6-46FF-8DC3-541955816625}C:\users\arnold\documents\icq\480574685\receivedfiles\420571833 skulli - schatzii\skulli'sscript\[g]script50\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\users\arnold\documents\icq\480574685\receivedfiles\420571833 skulli - schatzii\skulli'sscript\[g]script50\mirc\mirc.exe | 
"UDP Query User{E770C5CF-79CC-4FED-B327-60C3052AADC5}C:\users\arnold\documents\icq\480574685\receivedfiles\420571833 skulli - schatzii\skulli'sscript\[g]script50\mirc.exe" = protocol=17 | dir=in | app=c:\users\arnold\documents\icq\480574685\receivedfiles\420571833 skulli - schatzii\skulli'sscript\[g]script50\mirc.exe | 
"UDP Query User{F3792B7B-6C3F-4540-BFF4-3C0DE4A9C635}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01E19402-C0E4-B301-17F6-551EA53F7351}" = Catalyst Control Center Localization Japanese
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03B39295-B637-9491-9A38-90872F42966A}" = Catalyst Control Center Localization Italian
"{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}" = Toshiba TEMPRO
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{0D6D148C-DFE8-C643-C4E7-A7DB84B9031E}" = Catalyst Control Center Localization Swedish
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1A7979D5-9AED-2730-A561-AE28CC747B91}" = Catalyst Control Center Localization Chinese Standard
"{1C971EE3-B4C4-4367-9676-57549919C6CE}" = TOSHIBA Benutzerhandbücher
"{1EF7109C-CEC0-45A6-3965-C99FAE0B7A4B}" = Catalyst Control Center Core Implementation
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{23E445D5-FD83-4C50-A211-EB26A2975317}" = Adobe Flash Professional CS5.5
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{2C0ADDC5-6FF6-60AC-104F-81C1E7DD1E6E}" = CCC Help Swedish
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{3513D67C-9B77-6242-D2B4-8C96D4587B51}" = CCC Help German
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64A2B0D7-2204-298F-F4ED-B386CAFFA694}" = Catalyst Control Center Localization German
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69E5255D-9D43-4CFF-8984-843ABD7753B7}" = Catalyst Control Center - Branding
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6F04A6FF-7F7B-55E0-C649-C781D27C3515}" = Catalyst Control Center Graphics Full New
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{70455234-B242-88EE-EEC6-5FB8B3C5A68D}" = CCC Help Italian
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{73764932-E12C-1F98-15B9-2B4FAB03C521}" = Skins
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{76E72622-885F-7D3D-D74D-ADFC2D054D4E}" = CCC Help Korean
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78FBDFAF-9463-E30B-C19C-DB78ADF7F894}" = CCC Help French
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E7AD30F-D34E-1DBB-95F4-6A174127A6A6}" = Catalyst Control Center Graphics Full Existing
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A877662-8051-E928-0CB4-4A6C5FE90EEC}" = CCC Help Dutch
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A050CE7-1EF2-A942-4CAB-7C02E99FFDB0}" = Catalyst Control Center Localization Korean
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AE0832C-194D-D1B3-5E93-A45BC14E8D0C}" = Catalyst Control Center Localization Portuguese
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C450606-ED24-4958-92BA-B8940C99D441}" = PixiePack Codec Pack
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A63769B5-2D2B-518A-55D7-16458D553605}" = CCC Help Portuguese
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A7965F9D-92AA-5C12-F389-A05339170ACF}" = CCC Help Japanese
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB0F54CA-798B-1BF9-AA82-DE78BD3AAE6B}" = Catalyst Control Center Localization Dutch
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2F3087C-10C9-BAA7-0827-7501AA64588A}" = CCC Help Chinese Standard
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B73F949B-839C-9F5A-2E51-40B2AC3BC779}" = Catalyst Control Center Graphics Previews Vista
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition
"{C07B8BC4-AFD9-3AA4-BDF5-330A07591FDE}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CF98DACA-A3C6-E90C-1FF6-326F7ABF531D}" = ccc-core-static
"{CFE95E33-9B99-9FF5-8051-03E21D955ACF}" = CCC Help English
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D8CF7AE3-1D21-F454-7798-2EA7ED006269}" = CCC Help Chinese Traditional
"{D922EF97-6657-3075-BC93-A6CF59444E84}" = MSDN Library for Microsoft Visual Studio 2008 Express Editions
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DFFDDCF5-CB32-4354-8823-1B9E68025953}" = Adobe Setup
"{E240D2D0-FF54-6B3A-F866-36717C0E068B}" = CCC Help Spanish
"{E257B0A7-3B49-4943-7455-F2E7B09137C8}" = ATI Catalyst Install Manager
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster 2009
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA983525-B803-F9C8-9E00-4AD187D597C1}" = ccc-utility
"{EB4CCF1A-EF87-4FAF-8307-9507E6B96216}" = Cepstral Matthias 5.1.0
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F08CA874-5735-0EFC-0832-68BDD155A2F3}" = Catalyst Control Center Localization Chinese Traditional
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F273BBCA-68BF-76D7-8666-F8A5B40EA83B}" = Catalyst Control Center Localization French
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F4A256A6-E670-FEAF-A45A-444DB34CBD5F}" = Catalyst Control Center Graphics Light
"{F73DB365-02E3-1E83-6F55-FDF9596038F5}" = Catalyst Control Center Localization Spanish
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F81AB80B-5BB7-4E36-8BA5-E07541CE1BFC}" = HDMI Control Manager
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"{FFE336E7-DFB0-40E8-AAC7-9A9D2D9E79BC}" = Overwolf
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"Adobe_67a7fb1e97aa14ee9ef0950eb6fd757" = Adobe Creative Suite 3 Master Collection hinzufügen oder entfernen
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Fiesta Online(EU_German)" = Fiesta Online(EU_German) 1.04.000
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 3.2
"Free YouTube Download_is1" = Free YouTube Download version 3.0.20.1228
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228
"GamersFirst LIVE!" = GamersFirst LIVE!
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSDN Library for Microsoft Visual Studio 2008 Express Editions" = MSDN Library für Microsoft Visual Studio 2008 Express Editions
"PhotoScape" = PhotoScape
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamViewer 5" = TeamViewer 5
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"Uninstall_is1" = Uninstall 1.0.0.1
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Game Organizer" = EasyBits GO
"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Winamp Detect" = Winamp Anwendungserkennung
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 17.05.2012 16:50:23 | Computer Name = arnold-PC | Source = Application Hang | ID = 1002
Description = Programm Fiesta.bin, Version 0.0.0.0 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 1688  Anfangszeit: 01cd343e656080e7  Zeitpunkt der Beendigung:
 0
 
Error - 22.05.2012 13:36:47 | Computer Name = arnold-PC | Source = Application Hang | ID = 1002
Description = Programm PWNY-Speak.exe, Version 0.0.0.0 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 15ac  Anfangszeit: 01cd383ad47f65f0  Zeitpunkt der Beendigung:
 54
 
Error - 25.05.2012 13:23:06 | Computer Name = arnold-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.05.2012 18:23:47 | Computer Name = arnold-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.05.2012 11:42:58 | Computer Name = arnold-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.05.2012 06:30:02 | Computer Name = arnold-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.06.2012 12:32:41 | Computer Name = arnold-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6002.18005, Zeitstempel
 0x49e01da5, fehlerhaftes Modul SHDOCVW.dll, Version 6.0.6002.18392, Zeitstempel
 0x4d385da7, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c3a1,  Prozess-ID 0x874, 
Anwendungsstartzeit 01cd40dd468b2be4.
 
Error - 02.06.2012 12:33:26 | Computer Name = arnold-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.06.2012 09:51:41 | Computer Name = arnold-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 04.06.2012 02:17:58 | Computer Name = arnold-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 16.06.2012 04:48:46 | Computer Name = arnold-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 213.47.132.219 für die Netzwerkkarte mit der Netzwerkadresse
 001E337FA0AC wurde durch den DHCP-Server 195.34.134.209 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 16.06.2012 04:51:33 | Computer Name = arnold-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 16.06.2012 05:07:06 | Computer Name = arnold-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie chkdsk auf Volume "Vista" aus.
 
Error - 16.06.2012 05:08:00 | Computer Name = arnold-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie chkdsk auf Volume "Vista" aus.
 
Error - 16.06.2012 05:08:01 | Computer Name = arnold-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie chkdsk auf Volume "Vista" aus.
 
Error - 16.06.2012 05:08:03 | Computer Name = arnold-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie chkdsk auf Volume "Vista" aus.
 
Error - 16.06.2012 05:29:30 | Computer Name = arnold-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie chkdsk auf Volume "Vista" aus.
 
Error - 16.06.2012 05:30:50 | Computer Name = arnold-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie chkdsk auf Volume "Vista" aus.
 
Error - 16.06.2012 05:32:12 | Computer Name = arnold-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie chkdsk auf Volume "Vista" aus.
 
Error - 16.06.2012 05:32:15 | Computer Name = arnold-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie chkdsk auf Volume "Vista" aus.
 
 
< End of report >
         
Ich bitte um Hilfe. Ich weiß nicht was ich nun tun soll und ob der Trojaner weg ist?

Cerox

Alt 18.06.2012, 13:38   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
(2x) Verschlüsselungstrojaner - Standard

(2x) Verschlüsselungstrojaner



Edit: => http://www.trojaner-board.de/117364-...tml#post848146
__________________

__________________

 

Themen zu (2x) Verschlüsselungstrojaner
akamai, alternate, antivir, bho, bonjour, converter, error, feedback, firefox, flash player, google, home, install.exe, league of legends, logfile, malware, microsoft office word, mp3, object, office 2007, plug-in, presentationhost.exe, realtek, scan, searchscopes, security, senden, server, software, svchost.exe, teamspeak, trojaner, updates, version=1.0, vista, visual studio



Ähnliche Themen: (2x) Verschlüsselungstrojaner


  1. Verschlüsselungstrojaner
    Log-Analyse und Auswertung - 29.10.2012 (3)
  2. (2x) Verschlüsselungstrojaner
    Mülltonne - 27.10.2012 (1)
  3. Verschlüsselungstrojaner
    Log-Analyse und Auswertung - 21.08.2012 (23)
  4. Verschlüsselungstrojaner
    Log-Analyse und Auswertung - 15.08.2012 (1)
  5. Verschlüsselungstrojaner
    Log-Analyse und Auswertung - 30.07.2012 (1)
  6. Verschlüsselungstrojaner
    Log-Analyse und Auswertung - 27.07.2012 (1)
  7. Verschlüsselungstrojaner
    Plagegeister aller Art und deren Bekämpfung - 29.06.2012 (24)
  8. Verschlüsselungstrojaner
    Plagegeister aller Art und deren Bekämpfung - 24.06.2012 (1)
  9. Verschlüsselungstrojaner
    Plagegeister aller Art und deren Bekämpfung - 22.06.2012 (21)
  10. Verschlüsselungstrojaner
    Plagegeister aller Art und deren Bekämpfung - 18.06.2012 (1)
  11. Verschlüsselungstrojaner
    Plagegeister aller Art und deren Bekämpfung - 18.06.2012 (1)
  12. Verschlüsselungstrojaner!
    Log-Analyse und Auswertung - 16.06.2012 (3)
  13. Verschlüsselungstrojaner
    Log-Analyse und Auswertung - 14.06.2012 (5)
  14. Verschlüsselungstrojaner
    Plagegeister aller Art und deren Bekämpfung - 13.06.2012 (2)
  15. Verschlüsselungstrojaner
    Plagegeister aller Art und deren Bekämpfung - 30.05.2012 (1)
  16. Verschlüsselungstrojaner
    Log-Analyse und Auswertung - 24.05.2012 (1)
  17. Verschlüsselungstrojaner
    Log-Analyse und Auswertung - 03.05.2012 (8)

Zum Thema (2x) Verschlüsselungstrojaner - Guten Tag. Ich habe mir vor 2 Tagen einen sogenannten Bundespolizei Trojaner eingefangen. Zu diesem Zeitpunkt war ich nur auf der Seite "www.mobafire.com" Seit heute morgen, komme ich nun wieder - (2x) Verschlüsselungstrojaner...
Archiv
Du betrachtest: (2x) Verschlüsselungstrojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.