Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Polizei Department Control Trojaner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 30.12.2012, 15:27   #1
ado_87
 
Polizei Department Control Trojaner - Standard

Polizei Department Control Trojaner



Hallo Leute,

hab mir heute diesen Polizei-Trojaner eingefangen.

Könnt ihr mir bitte dabei helfen den los zu werden!

Vielen Dank
hier meine Scan-Daten.

Code:
ATTFilter
OTL Extras logfile created on: 30.12.2012 15:19:51 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Admir\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 3,38 Gb Available Physical Memory | 85,22% Memory free
7,93 Gb Paging File | 7,38 Gb Available in Paging File | 93,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186,31 Gb Total Space | 73,30 Gb Free Space | 39,35% Space Free | Partition Type: NTFS
Drive D: | 185,91 Gb Total Space | 58,94 Gb Free Space | 31,70% Space Free | Partition Type: NTFS
Drive G: | 3,65 Gb Total Space | 3,64 Gb Free Space | 99,56% Space Free | Partition Type: FAT32
 
Computer Name: ADMIR-TOSHIBA | User Name: Admir | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2063069217-60928023-77756203-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FD26CEF-0BD7-43C0-98C5-83FDD47758C4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{10F77B53-D464-463A-803F-62B3594B3D5D}" = rport=138 | protocol=17 | dir=out | app=system | 
"{11D17610-9A94-48ED-92EF-8E4B2B816739}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{13DFFB39-A37F-4C55-BF91-9FF3BF169CDA}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{15E2E31A-E4D9-45EB-890A-5C82B7E9D8C0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{178EDD43-7F25-4A9F-B0B5-BADDBA6188E7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{182ADFCB-8E10-4545-A64D-19A01A78AD12}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{193DECFC-8C18-4863-A071-92889572F3FB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1ACEC75D-8AFB-4A23-BA07-57FE1B80D0F2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1CFFC563-E441-4D3A-8344-6FC022EB3034}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{2377E4DB-A55E-4F63-ADB7-0DFB7D470169}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{27F0489E-46CC-4148-8D23-F2DE4E6AEF3B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{3D70903D-40EB-4566-8B0A-758267542776}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{403F384E-51B4-40E5-BE07-EA32DD58CEC5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4171CB4A-8B58-4A6B-A85C-B693B0A6831C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{422946D0-BB95-4A15-A2F2-73AB596EA87E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{46EC443E-5D67-43DE-A2BE-75572BF23B8E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{50F7D3D2-E1AB-4410-A7DF-E29E2B4FE4B2}" = lport=445 | protocol=6 | dir=in | app=system | 
"{54320807-506D-4470-B43B-C85B48887B08}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{68A6D588-5E8A-4EA7-8E1F-C34BE5DAEA70}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6FE47D50-3FFA-414C-BA51-71F097BFBC06}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{7EEAE173-9DB3-4473-8540-E76D57A28EA9}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{8C97F4DF-65DC-4A67-99AB-2B3F6C0B8530}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{9F1054F0-08E3-4079-8C28-E1E5D03B8C29}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{A12C9BFD-5995-46A2-86FE-6FE3AFDF50DF}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{A73EE96F-F1FB-4E18-B2ED-2C2E45943239}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{A99D601C-995F-44D4-8CD0-A2936ECF6993}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B3000A39-C240-478A-AD17-60C9F6275B11}" = lport=137 | protocol=17 | dir=in | app=system | 
"{BECC23F6-8837-4389-BF62-56E02D49888E}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C4FE66E1-A0EC-4B6C-82A1-B78F46EF1BB0}" = rport=139 | protocol=6 | dir=out | app=system | 
"{D77FA2EE-312B-4231-837E-656920428620}" = rport=445 | protocol=6 | dir=out | app=system | 
"{D9022647-3225-4EDB-87E5-4331F6DB5965}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{DA5CF4D5-91B6-4ABE-9552-1F128016017B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E8F73315-8D6B-402C-B141-FC28DF003369}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F18A8BAE-CEB9-4E03-8178-0C0C421DE9BB}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F6B97F04-DC5C-4C0B-801B-4EB8CC4EBC89}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F8253C8F-1AEC-401B-ACFB-32433C913D0E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00042D2B-E5E7-421F-B2DE-3B483F3DAE7E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0180A0E0-519D-40C2-BE56-27679754AF4D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{05378852-3C85-4764-9D95-41170AFA5FBA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{053D950E-9FF7-41C7-80A6-C6965BAFFC0A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{09B85434-0679-4B71-927B-2EA2C070E480}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{1402FE1C-2260-4FFD-9907-66288933DEBD}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{1B38C172-1D33-4729-B171-E71A7C807573}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{1C37CA33-2927-4F1B-88A0-FBEBF03FDC78}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{20225BB9-5636-4011-A83F-8921589E4A4D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2E9DE717-CD23-4941-8686-133991C5C4FF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{32053EC5-E5EC-4D48-B13C-D24B9B7BDAF0}" = protocol=6 | dir=in | app=c:\program files (x86)\a1\a1 breitband\a1breitband.exe | 
"{35CFD96A-73CE-4BA2-A147-2C847E88C23B}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{4373440C-9616-4922-B5AE-5057AC40BB53}" = protocol=6 | dir=in | app=c:\program files (x86)\a1\a1 diagnose\a1wlanassistent.exe | 
"{44C5017D-50C2-47BF-A5D1-87E215CBBB74}" = protocol=17 | dir=in | app=c:\program files (x86)\a1\a1 breitband\a1breitband.exe | 
"{44E9C97A-15EC-4843-A755-1851A88969FE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{4505638D-C256-4B70-AECC-8A8166047B10}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{49EC7198-FDE7-41E4-A9FC-F84DEDF5699B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4F963B9A-AC62-4B81-88D3-B08104C7A8F4}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{5A4DC6CE-242D-44CD-8C20-0F18B4C2A079}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5A994F3A-0B5E-4405-B31E-72CD95C8E291}" = protocol=6 | dir=in | app=c:\program files (x86)\a1\a1 breitband\a1breitband.exe | 
"{6001F8CE-BB54-49FF-9CAD-7751BD82F960}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe | 
"{62D86642-4161-4E3D-919A-FC386DE8DB55}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer_service.exe | 
"{639B05C6-6C65-40A3-8959-67092304CC4D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6889073D-F213-4798-874D-89C97D699994}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{69C81A4B-E7B1-47A2-9B96-23C3AC074CC5}" = protocol=6 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2011\pes2011.exe | 
"{69E7D859-F12E-4AC5-A456-FCE9DC4CE8E3}" = protocol=17 | dir=in | app=c:\program files (x86)\a1\a1 diagnose\a1modemkonfigurator.exe | 
"{7CF8B8A6-1664-4D4C-92B4-1953E7281B7B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{7DC859F3-DB79-4DC7-9B4B-BF80C23955BA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{81F063D7-E3B6-4A05-BF94-0A4EC1F939A8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8437F741-29C5-4DD2-8859-3AC5206D1A22}" = protocol=6 | dir=in | app=c:\program files (x86)\a1\a1 servicecenter\a1servicecenter.exe | 
"{851FE9E5-D908-4361-A8BD-5273D14A008C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{91921E20-5D47-4DF4-9DB1-9B0ECE88D7B8}" = protocol=17 | dir=in | app=c:\program files (x86)\a1\a1 bandbreiten-optimierer\a1_bandbreiten_optimierer.exe | 
"{93C72620-7983-4DEE-B600-4AB97EB40A5C}" = protocol=6 | dir=in | app=c:\program files (x86)\a1\a1 bandbreiten-optimierer\a1_bandbreiten_optimierer.exe | 
"{95E79C03-9A9F-43C7-B148-21621EE49498}" = protocol=6 | dir=out | app=system | 
"{9995150B-8A33-4F43-9A7B-A6C6BDC998B2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A12EF311-0D53-4E3C-9463-9C0A8AD12C71}" = protocol=6 | dir=in | app=c:\program files (x86)\a1\a1 diagnose\a1diagnose.exe | 
"{A3954445-A147-4AD3-AF65-40287F439EB0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{ABE171B7-1095-41B9-AD32-24F571F85086}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer_service.exe | 
"{B1B0F284-2FD2-45F7-85B5-6E00CA8035E2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B1FE3D76-4671-493A-95BD-6A9867035021}" = protocol=17 | dir=in | app=c:\program files (x86)\a1\a1 diagnose\a1diagnose.exe | 
"{BA51897D-1179-4B3F-9E76-8FCA53E9805E}" = protocol=6 | dir=in | app=c:\program files (x86)\a1\a1 diagnose\a1modemkonfigurator.exe | 
"{BC113929-166B-452C-BE39-B8B3502897A2}" = protocol=6 | dir=in | app=c:\program files (x86)\a1\a1 modemwechsel\a1modemwechsel.exe | 
"{BD729CFD-3431-4072-917F-AA00BE0A51CA}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{C3AFC690-4EF9-457D-8A1E-F7D94F13F5E3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C4D85A53-120B-497A-848B-5D4C7E60DE1A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{C9904A39-65BF-4064-BD8B-88E13855C900}" = protocol=17 | dir=in | app=c:\program files (x86)\a1\a1 servicecenter\a1servicecenter.exe | 
"{CB77C5E4-7F36-4580-8168-F6601F6C9CAE}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe | 
"{D8E40D3B-3BE3-468A-939D-700A622B6844}" = protocol=17 | dir=in | app=c:\program files (x86)\a1\a1 diagnose\a1wlanassistent.exe | 
"{D99B38D1-AFA4-43DD-895C-0B856B2AD7F8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E0379BDD-8525-4DAF-865F-829F3C966F73}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{E075CDCD-F91A-4AF5-B1BD-148ED1C05153}" = protocol=17 | dir=in | app=c:\program files (x86)\a1\a1 breitband\a1breitband.exe | 
"{E6819E51-2DF1-4332-B43B-C0A9E28CBA14}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{E8505959-3D10-49E4-BEFE-DC024ABF3820}" = protocol=17 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2011\pes2011.exe | 
"{EBE86ED7-93C8-46C3-8E63-7B04B55B9270}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{EEB0C9C2-DCE7-4506-8B21-C9F806FBD83D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{F19E8320-3DEF-4E51-91E2-314C6BAAA1F7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F5B6759B-F028-40FD-9B37-4AFC327C705C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FBCCF8EA-5B8D-4F00-AC99-F3A9C0518B91}" = protocol=17 | dir=in | app=c:\program files (x86)\a1\a1 modemwechsel\a1modemwechsel.exe | 
"{FE592F15-00FD-4CF3-A8F4-BDC4340F10AA}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"TCP Query User{052E9B9B-10EC-4A00-A013-D2DC836BE09C}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"TCP Query User{40F5BE8C-B279-4148-B8C5-C21D2FA07C3D}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe | 
"TCP Query User{45C42F77-54B8-4F12-9CA9-2162FB6E4076}C:\program files (x86)\thq\motogp urt 3\motogp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\motogp urt 3\motogp.exe | 
"TCP Query User{70FA950D-00C1-416C-8ACD-3664A86A162F}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"TCP Query User{897F9E17-D510-4F44-B539-541772984503}C:\program files (x86)\connectify\connectify.exe" = protocol=6 | dir=in | app=c:\program files (x86)\connectify\connectify.exe | 
"TCP Query User{94DF53CE-1A63-4FB9-846A-0ACBC65FB471}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"TCP Query User{996E0DE4-FD47-47E6-9724-286D3EF48197}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"TCP Query User{A956EB98-00A9-46DD-9712-07FAD7A662B8}C:\program files (x86)\thq\motogp urt 3\motogp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\motogp urt 3\motogp.exe | 
"TCP Query User{EA90987C-7261-4428-A694-C2FB92158DC7}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"TCP Query User{F89D03F2-B61C-4DD0-AE6B-D6553E86A9A9}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"UDP Query User{16787419-C709-4D78-B945-AD1392DAE29A}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"UDP Query User{25B5B5A4-AB11-4239-8ECB-6A0692820D02}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"UDP Query User{28805D98-DE01-4168-8B36-B6465E0E2522}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"UDP Query User{36ECB028-72DD-4826-8EF8-C92B08A83162}C:\program files (x86)\thq\motogp urt 3\motogp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\motogp urt 3\motogp.exe | 
"UDP Query User{43FB6EFC-C400-4A7D-85D8-FD191A4B6455}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe | 
"UDP Query User{878ADB0F-B6C5-4B06-9111-2BDECF11E8B2}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"UDP Query User{CC0809C4-103E-4A81-B77D-17068130D52F}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"UDP Query User{D3819389-D40F-4234-99ED-7B11702C28A6}C:\program files (x86)\connectify\connectify.exe" = protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectify.exe | 
"UDP Query User{F0CA3F9F-04E1-4191-9F06-4798D8329752}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"UDP Query User{F11F2BFC-962D-407B-96A7-8F3E32C1435A}C:\program files (x86)\thq\motogp urt 3\motogp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\motogp urt 3\motogp.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{0FB2E75A-1024-331F-77EF-D45F71505D58}" = ATI Catalyst Install Manager
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}" = TOSHIBA Bulletin Board
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}" = SpyHunter
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{9EE58CAC-21D5-1412-F0F2-CB9CD8834B59}" = ccc-utility64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C2DDF845-7107-40E8-8D2A-8719F1799570}" = TOSHIBA ReelTime
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0163E195-D5EF-BF70-CBEE-73AA7CBBBEEE}" = CCC Help Thai
"{03883959-80DA-6151-CEAE-46A058CF774F}" = CCC Help Danish
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0823A2E3-69DD-A37A-7CD9-1CBEB037545C}" = Toshiba Photo Service - powered by myphotobook
"{096D1CCF-0F1E-08FB-094F-C40A633D5AEB}" = ccc-core-static
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{1148E85C-E1AF-48E0-A29C-68DACE07E054}" = Pro Evolution Soccer 2011
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{13D0EB07-FCA0-C005-A6C5-B1A4B7E5BB48}" = Catalyst Control Center Core Implementation
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D4A3E7D-A580-5BB7-DED3-48508A53D2B2}" = CCC Help Chinese Standard
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1DFE388B-6FD3-4230-A47B-393AEA68C01D}" = EndNote Web
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22354A21-BE84-0D40-191D-6E530B715CCF}" = CCC Help Polish
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver
"{2F36BA32-7986-9E40-B3F6-908B214EC898}" = CCC Help Japanese
"{2F4A39B2-5A2D-3E9F-E8EA-6F891A097ACF}" = CCC Help English
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3DBE8669-1F7D-E1C9-2BC8-CC4BAE0A5136}" = CCC Help Turkish
"{3FF5FF03-DB97-2ACE-BAE7-61D6D4A39F9B}" = Catalyst Control Center Graphics Full Existing
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CEE0E9F-2116-BE92-CD54-8D1834935B54}" = Catalyst Control Center Localization All
"{511D88E4-9922-4DB0-BA3A-F51D24172239}" = bob internet
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{5DD59391-FED6-576D-B6BD-71111EF96522}" = CCC Help Russian
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6168260A-6D56-50BB-193C-BF6F471394AA}" = CCC Help Greek
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A150790-FC79-D323-92D4-E773E3A03789}" = CCC Help Portuguese
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6CB88B54-4C1C-E6AB-49C6-476DE56327BC}" = CCC Help Spanish
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DE880FE-F0C9-BC57-B7C5-2ABEAE1E501E}" = CCC Help German
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79660B73-3DD0-9C3D-3F29-0E266F3AE5EA}" = CCC Help Norwegian
"{7E4FBD52-148F-49EE-AFCC-96FB498F4D7D}" = A1 Servicecenter
"{81E5E076-F2C1-AE09-A360-0CAC2967FD5F}" = CCC Help Swedish
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{92083A9A-549D-4057-88E8-223EA08563FA}" = Cisco AnyConnect VPN Client
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{986CAA52-3249-B34F-DC64-07347926CF57}" = CCC Help Korean
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E4FF410-471F-49E3-9358-74FF0D5E9901}" = Toshiba TEMPRO
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B06D7A82-E7C6-47D1-97FB-54CA5CA21743}" = ARIS Platform
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B5B8BA5D-55CA-9351-984B-048FEF97A544}" = Catalyst Control Center Graphics Previews Vista
"{B6DECBD2-EC09-17C3-35AE-8C72B08062C9}" = CCC Help Czech
"{BF29BDFC-4DF0-4C00-BE14-B326D0BA84B6}_is1" = GermaniX Transcoder
"{BF3AB290-563B-2F6F-9AF0-189B5CCF2C01}" = Catalyst Control Center Graphics Light
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C644BA4B-07D6-A67E-9EB4-157F6DEB68BE}" = CCC Help Chinese Traditional
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0831990-FF97-1F08-668D-4743CC32EFBC}" = CCC Help Finnish
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D9835CE0-E294-83FE-AF9F-BC113A0D2EA9}" = CCC Help Hungarian
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E25FA4E1-678F-414F-9777-1E3FDBBDA4D1}" = Catalyst Control Center InstallProxy
"{E3D63B95-4B21-414A-A2C7-D6D6A6AC6D79}" = Catalyst Control Center - Branding
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E8B28EF5-2A73-03A7-4F02-2DFF1D182940}" = Catalyst Control Center Graphics Full New
"{E94F833D-6435-40A2-112C-4BC18100B91D}" = CCC Help Italian
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEA02668-D5D9-AEFF-6FFB-1EB5BC765A52}" = CCC Help French
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCD674E3-F281-46D6-7717-6EAFDD16D8FC}" = CCC Help Dutch
"A1 Servicecenter" = A1 Servicecenter
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"bob internet" = bob internet
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Deluxe Ski Jump 3_is1" = Deluxe Ski Jump 3 v1.7.0
"Deluxe Ski Jump 4_is1" = Deluxe Ski Jump 4
"DreamBoxEdit" = dreamboxEDIT -- The one and only settings editor for your Dreambox
"ENTERPRISE" = Microsoft Office Enterprise 2007
"eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Toshiba Photo Service - powered by myphotobook
"Google Chrome" = Google Chrome
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}" = TOSHIBA Bulletin Board
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{C2DDF845-7107-40E8-8D2A-8719F1799570}" = TOSHIBA ReelTime
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MotoGP 2007_is1" = MotoGP 2007
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"Softonic" = Softonic toolbar  on IE and Chrome
"SopCast" = SopCast 3.2.8
"TeamViewer 5" = TeamViewer 5
"TVUPlayer" = TVUPlayer 2.5.3.1
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.9
"WildTangent toshiba Master Uninstall" = WildTangent-Spiele
"WinLiveSuite" = Windows Live Essentials
"winscp3_is1" = WinSCP 5.1
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2063069217-60928023-77756203-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 29.12.2012 13:56:14 | Computer Name = Admir-Toshiba | Source = Application Hang | ID = 1002
Description = Programm dreamboxedit.exe, Version 3.0.0.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1734    Startzeit:
 01cde5ed473bbdb4    Endzeit: 0    Anwendungspfad: C:\Program Files (x86)\DreamBoxEdit\dreamboxedit.exe

Berichts-ID:
 04e2d799-51e1-11e2-96bc-002622eb2d40  
 
Error - 29.12.2012 13:59:31 | Computer Name = Admir-Toshiba | Source = Application Hang | ID = 1002
Description = Programm dreamboxedit.exe, Version 3.0.0.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: dcc    Startzeit: 
01cde5edd20b38eb    Endzeit: 10    Anwendungspfad: C:\Program Files (x86)\DreamBoxEdit\dreamboxedit.exe

Berichts-ID:
 74378dcd-51e1-11e2-96bc-002622eb2d40  
 
Error - 29.12.2012 14:04:51 | Computer Name = Admir-Toshiba | Source = Application Hang | ID = 1002
Description = Programm dreamboxedit.exe, Version 3.0.0.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 164c    Startzeit:
 01cde5ee6542a752    Endzeit: 10    Anwendungspfad: C:\Program Files (x86)\DreamBoxEdit\dreamboxedit.exe

Berichts-ID:
 32fa4794-51e2-11e2-96bc-002622eb2d40  
 
Error - 29.12.2012 14:11:32 | Computer Name = Admir-Toshiba | Source = Application Hang | ID = 1002
Description = Programm dreamboxEDIT.exe, Version 5.0.1.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1648    Startzeit:
 01cde5ef987fd921    Endzeit: 15    Anwendungspfad: C:\Program Files (x86)\DreamBoxEdit\dreamboxEDIT.exe

Berichts-ID:
 20f9fc04-51e3-11e2-96bc-002622eb2d40  
 
Error - 29.12.2012 14:12:55 | Computer Name = Admir-Toshiba | Source = Application Hang | ID = 1002
Description = Programm dreamboxedit.exe, Version 5.0.1.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1428    Startzeit:
 01cde5eff0a7f6fe    Endzeit: 20    Anwendungspfad: C:\Program Files (x86)\DreamBoxEdit\dreamboxedit.exe

Berichts-ID:
 538b8762-51e3-11e2-96bc-002622eb2d40  
 
Error - 30.12.2012 07:29:03 | Computer Name = Admir-Toshiba | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBt1st.exe". Fehler in  Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 30.12.2012 07:29:36 | Computer Name = Admir-Toshiba | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\TOSHIBA\Bluetooth Toshiba Stack\Tools\AVRCPTestTool.exe". Fehler in  Manifest-
 oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 30.12.2012 07:30:44 | Computer Name = Admir-Toshiba | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 30.12.2012 08:52:51 | Computer Name = Admir-Toshiba | Source = System Restore | ID = 8193
Description = 
 
Error - 30.12.2012 08:52:59 | Computer Name = Admir-Toshiba | Source = System Restore | ID = 8193
Description = 
 
[ System Events ]
Error - 30.12.2012 10:12:06 | Computer Name = Admir-Toshiba | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 30.12.2012 10:12:06 | Computer Name = Admir-Toshiba | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 30.12.2012 10:12:07 | Computer Name = Admir-Toshiba | Source = DCOM | ID = 10005
Description = 
 
Error - 30.12.2012 10:12:07 | Computer Name = Admir-Toshiba | Source = DCOM | ID = 10005
Description = 
 
Error - 30.12.2012 10:12:08 | Computer Name = Admir-Toshiba | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 30.12.2012 10:12:08 | Computer Name = Admir-Toshiba | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 30.12.2012 10:12:08 | Computer Name = Admir-Toshiba | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 30.12.2012 10:12:08 | Computer Name = Admir-Toshiba | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 30.12.2012 10:12:08 | Computer Name = Admir-Toshiba | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 30.12.2012 10:12:08 | Computer Name = Admir-Toshiba | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >
         


Code:
ATTFilter
OTL logfile created on: 30.12.2012 15:19:51 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Admir\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 3,38 Gb Available Physical Memory | 85,22% Memory free
7,93 Gb Paging File | 7,38 Gb Available in Paging File | 93,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186,31 Gb Total Space | 73,30 Gb Free Space | 39,35% Space Free | Partition Type: NTFS
Drive D: | 185,91 Gb Total Space | 58,94 Gb Free Space | 31,70% Space Free | Partition Type: NTFS
Drive G: | 3,65 Gb Total Space | 3,64 Gb Free Space | 99,56% Space Free | Partition Type: FAT32
 
Computer Name: ADMIR-TOSHIBA | User Name: Admir | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Admir\Desktop\OTL.exe (OldTimer Tools)
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SpyHunter 4 Service) -- C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (GameConsoleService) -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (StarWind Software)
SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (TOSHIBA eco Utility Service) -- C:\Programme\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION)
SRV - (TemproMonitoringService) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
SRV - (TosCoSrv) -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (TPCHSrv) -- C:\Programme\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV - (TOSHIBA HDD SSD Alert Service) -- C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (ConfigFree Gadget Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (EsgScanner) -- C:\Windows\SysNative\drivers\EsgScanner.sys ()
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (nmwcdnsux64) -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys (Nokia)
DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfesmfk) -- C:\Windows\SysNative\drivers\mfesmfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdk) -- C:\Windows\SysNative\drivers\mferkdk.sys (McAfee, Inc.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (rtl8192se) -- C:\Windows\SysNative\drivers\rtl8192se.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (Tosrfusb) -- C:\Windows\SysNative\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV:64bit: - (TosRfSnd) -- C:\Windows\SysNative\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV:64bit: - (LPCFilter) -- C:\Windows\SysNative\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (Tosrfcom) -- C:\Windows\SysNative\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\drivers\tos_sps64.sys (TOSHIBA Corporation)
DRV:64bit: - (hwusbdev) -- C:\Windows\SysNative\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (tosrfnds) -- C:\Windows\SysNative\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (tosrfec) -- C:\Windows\SysNative\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV:64bit: - (tosrfbd) -- C:\Windows\SysNative\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV:64bit: - (Tosrfhid) -- C:\Windows\SysNative\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV:64bit: - (tosrfbnp) -- C:\Windows\SysNative\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV:64bit: - (tosporte) -- C:\Windows\SysNative\drivers\tosporte.sys (TOSHIBA Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (netr7364) -- C:\Windows\SysNative\drivers\netr7364.sys (Ralink Technology, Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :
 
 
 
IE - HKU\S-1-5-21-2063069217-60928023-77756203-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
IE - HKU\S-1-5-21-2063069217-60928023-77756203-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=110824&tt=031012_ccp_4012_8&babsrc=HP_ss&mntrId=38403924000000000000701a04374fe1
IE - HKU\S-1-5-21-2063069217-60928023-77756203-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2063069217-60928023-77756203-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
IE - HKU\S-1-5-21-2063069217-60928023-77756203-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C6 D7 23 54 64 A1 CD 01  [binary data]
IE - HKU\S-1-5-21-2063069217-60928023-77756203-1001\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2063069217-60928023-77756203-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2063069217-60928023-77756203-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&r=
IE - HKU\S-1-5-21-2063069217-60928023-77756203-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110824&tt=031012_ccp_4012_8&babsrc=SP_ss&mntrId=38403924000000000000701a04374fe1
IE - HKU\S-1-5-21-2063069217-60928023-77756203-1001\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=SPC2&o=15000&src=crm&q={searchTerms}&locale=de_US&apn_ptnrs=PV&apn_dtid=&apn_uid=5A4FE52B-3A8D-4286-9CD0-3BEF7AE66966&apn_sauid=58AF061D-16CE-41C1-99DE-1C084B6B5E6D
IE - HKU\S-1-5-21-2063069217-60928023-77756203-1001\..\SearchScopes\{1C143B6F-D94F-4DB1-BECE-72EE4C785825}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
IE - HKU\S-1-5-21-2063069217-60928023-77756203-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSEH_deAT358AT358
IE - HKU\S-1-5-21-2063069217-60928023-77756203-1001\..\SearchScopes\{E9969677-A2EF-438A-8B3C-249F8E9676B8}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
IE - HKU\S-1-5-21-2063069217-60928023-77756203-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2
FF - prefs.js..extensions.enabledAddons: %7BB0BBFC8E-6697-4D2B-8FC4-B5AD9B3B1F11%7D:0.6
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?affID=110824&tt=031012_ccp_4012_8&babsrc=KW_ss&mntrId=38403924000000000000701a04374fe1&q="
FF - prefs.js..network.proxy.backup.ftp: ":"
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.socks: ":"
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ":"
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.gopher: ""
FF - prefs.js..network.proxy.gopher_port: 0
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "hxxp://www2.wu.ac.at/bib/cgi-bin/proxy.pac"
FF - prefs.js..network.proxy.ssl: "hxxp://www2.wu.ac.at/bib/cgi-bin/proxy.pac"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.9: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Admir\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.30 13:19:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.30 13:19:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.30 13:19:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.30 13:19:20 | 000,000,000 | ---D | M]
 
[2012.12.07 12:53:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admir\AppData\Roaming\mozilla\Extensions
[2012.12.07 12:43:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admir\AppData\Roaming\mozilla\Firefox\Profiles\4uyw43bj.default\extensions
[2012.12.07 12:53:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admir\AppData\Roaming\mozilla\Firefox\Profiles\w89gi4f3.default\extensions
[2012.09.12 19:34:28 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\Admir\AppData\Roaming\mozilla\firefox\profiles\4uyw43bj.default\extensions\testpilot@labs.mozilla.com.xpi
[2012.12.07 12:53:07 | 000,615,655 | ---- | M] () (No name found) -- C:\Users\Admir\AppData\Roaming\mozilla\firefox\profiles\w89gi4f3.default\extensions\testpilot@labs.mozilla.com.xpi
[2012.12.30 13:19:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.12.30 13:19:19 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012.12.30 13:19:19 | 000,000,000 | ---D | M] (A1 Servicecenter) -- C:\Program Files (x86)\mozilla firefox\extensions\{B0BBFC8E-6697-4D2B-8FC4-B5AD9B3B1F11}
[2012.12.30 13:19:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions
[2012.12.30 13:19:23 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.11.13 20:36:03 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.06 18:15:27 | 000,002,360 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.11.13 20:36:03 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.13 20:36:03 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.13 20:36:03 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.13 20:36:03 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.13 20:36:03 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://search.babylon.com/?affID=110824&tt=031012_ccp_4012_8&babsrc=HP_ss&mntrId=38403924000000000000701a04374fe1
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://search.babylon.com/?affID=110824&tt=031012_ccp_4012_8&babsrc=HP_ss&mntrId=38403924000000000000701a04374fe1
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Admir\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.140.8 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U14 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Admir\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Admir\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\Admir\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Google Mail = C:\Users\Admir\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2010.11.14 11:31:33 | 000,000,698 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (EndNote Web) - {82D2E569-25A7-4E4D-9FA3-C5025B4B7912} - C:\Program Files (x86)\EndNote Web\ENWIEPlug.dll (Thomson Reuters)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\Softonic\1.5.21.0\bh\Softonic.dll (Softonic.com)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\Softonic\1.5.21.0\SoftonicTlbr.dll (Softonic.com)
O3 - HKLM\..\Toolbar: (EndNote Web) - {945C8270-A848-11D5-A805-00B0D092F45B} - C:\Program Files (x86)\EndNote Web\ENWIEPlug.dll (Thomson Reuters)
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKU\S-1-5-21-2063069217-60928023-77756203-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-2063069217-60928023-77756203-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKU\S-1-5-21-2063069217-60928023-77756203-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Programme\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Programme\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Programme\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKU\.DEFAULT..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2063069217-60928023-77756203-1001..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Admir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Admir\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2063069217-60928023-77756203-1001\..Trusted Domains: blank ([]about in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{490465FE-1230-4D68-93BA-0B2E32E641AE}: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\23762~1.17\{16cdf~1\browse~1.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.11.14 11:03:28 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4efb8c85-ac8b-11df-9fb9-701a04374fe1}\Shell - "" = AutoRun
O33 - MountPoints2\{4efb8c85-ac8b-11df-9fb9-701a04374fe1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{a9c80cde-683a-11df-af38-701a04374fe1}\Shell - "" = AutoRun
O33 - MountPoints2\{a9c80cde-683a-11df-af38-701a04374fe1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{a9c80cf1-683a-11df-af38-701a04374fe1}\Shell - "" = AutoRun
O33 - MountPoints2\{a9c80cf1-683a-11df-af38-701a04374fe1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{dc88346d-4536-11e2-aaa9-002622eb2d40}\Shell - "" = AutoRun
O33 - MountPoints2\{dc88346d-4536-11e2-aaa9-002622eb2d40}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{fdba2f49-ee2a-11de-a67a-002622eb2d40}\Shell - "" = AutoRun
O33 - MountPoints2\{fdba2f49-ee2a-11de-a67a-002622eb2d40}\Shell\AutoRun\command - "" = G:\setup.exe AUTORUN=1
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.30 15:05:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Admir\Desktop\OTL.exe
[2012.12.30 13:53:01 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2012.12.30 13:53:00 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012.12.30 13:53:00 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012.12.30 13:38:09 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Users\Admir\wgsdgsdgdsgsd.dll
[2012.12.30 13:19:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.12.30 12:07:16 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{7BDBB1C7-E847-446A-B165-4DAFEF139D4E}
[2012.12.29 10:36:54 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{49C539E5-ADF2-481B-9A1B-3001F8F7487B}
[2012.12.28 16:04:24 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{E6A39827-331B-4BDD-BB24-5FA66DCF0AA6}
[2012.12.27 18:05:54 | 000,000,000 | ---D | C] -- C:\Users\Admir\Documents\Deluxe Ski Jump 4
[2012.12.27 18:05:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluxe Ski Jump 4
[2012.12.27 18:05:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Deluxe Ski Jump 4
[2012.12.27 18:05:32 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\Programs
[2012.12.27 12:52:16 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{208D83C4-73C4-4B7B-A12F-2B24C722B768}
[2012.12.27 00:51:52 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{DDB1C3A3-C527-4CA1-81CC-D35384402E85}
[2012.12.26 11:51:43 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{E13C91EF-7E39-4C99-B9D9-AE3D581808F3}
[2012.12.25 12:17:53 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{FA5E66E0-DF62-44A1-AB06-470F0FD56997}
[2012.12.24 23:12:39 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{3F313C9B-06B4-439F-BEED-E4F6E8C5B689}
[2012.12.24 15:47:48 | 000,000,000 | ---D | C] -- C:\Users\Admir\Documents\Deluxe Ski Jump 3
[2012.12.24 15:47:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluxe Ski Jump 3
[2012.12.24 15:47:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Deluxe Ski Jump 3
[2012.12.24 11:12:06 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{7ADD7824-8E85-48DB-999D-973659544294}
[2012.12.23 13:52:34 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{EC67A73E-5EEA-4A25-84BC-1D461D79F0D2}
[2012.12.22 12:06:56 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{B0BB9356-B161-468C-B79D-4E215B581BBD}
[2012.12.22 02:12:29 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.22 02:12:29 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.22 02:12:29 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.22 02:12:28 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.21 23:10:18 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{61080790-FEEB-429F-84D9-EE34A08ACDCD}
[2012.12.21 11:09:54 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{EA0B8376-761C-4FC0-AFAA-A0F808EA15DD}
[2012.12.20 11:42:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.12.20 11:41:23 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.12.20 11:41:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.12.20 11:41:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.12.20 11:41:23 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012.12.20 10:26:20 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{7D6B14BF-68F2-4B8E-82C2-919345327FD5}
[2012.12.19 13:52:39 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{7A914B22-5C1B-4657-BA1B-E683C616163B}
[2012.12.19 12:06:49 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{3221DDE6-1EB2-4B6D-87D5-FBAE950B768F}
[2012.12.19 09:50:58 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{9E3D4D77-E273-4A87-881F-2E72C5182223}
[2012.12.18 16:32:18 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{56E01F32-DE16-473D-B814-97DD11C98D72}
[2012.12.18 09:42:15 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{5F8195DD-847C-4527-BAEB-12D395ED33AD}
[2012.12.17 19:46:18 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{264C8A50-9910-494B-A517-2E1FD013F6BE}
[2012.12.17 07:44:40 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{D3E0682E-F7B3-4C8E-9DAE-9EDF7DD3EA49}
[2012.12.16 15:45:40 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{E768AF08-1424-411B-98BD-6C8BF2A2ED2C}
[2012.12.16 03:43:20 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{656F2C84-E8D9-4F5A-A62B-1D3F7A59FB42}
[2012.12.15 10:39:48 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{B1705902-70DC-4EC9-98BA-987426AAD075}
[2012.12.14 22:29:12 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{BA29D809-6C70-4A69-91CD-75766F9F2993}
[2012.12.14 10:27:19 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{F3B4D7BA-BEA3-4E98-AB0F-EB5EA934D29D}
[2012.12.13 22:27:02 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{908734CC-B149-40DA-A241-313A9A541C88}
[2012.12.13 22:26:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012.12.13 22:26:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.12.13 22:26:32 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012.12.13 22:26:32 | 000,746,984 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012.12.13 22:26:32 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.12.13 22:26:16 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012.12.13 10:26:12 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{58A9B2DC-7221-4CC7-8BE9-0470C1D97AFA}
[2012.12.12 21:12:14 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.12.12 21:12:14 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.12.12 21:12:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.12.12 21:12:04 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.12.12 21:12:04 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.12.12 21:12:04 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.12.12 21:12:04 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.12.12 21:12:04 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.12.12 21:12:04 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.12.12 21:12:03 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.12.12 21:12:03 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.12.12 21:12:03 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.12.12 21:12:02 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.12.12 21:12:02 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.12.12 21:12:01 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.12.12 21:05:47 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.12.12 21:05:47 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012.12.12 21:05:46 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012.12.12 21:05:46 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012.12.12 21:05:46 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012.12.12 21:05:46 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012.12.12 21:05:46 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012.12.12 21:05:46 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012.12.12 21:05:46 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012.12.12 21:05:46 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012.12.12 21:05:46 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012.12.12 21:05:45 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012.12.12 21:05:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.12 21:05:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.12.12 21:05:43 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.12.12 21:05:43 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.12.12 21:05:43 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.12.12 21:05:43 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.12 21:05:43 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.12 21:05:43 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.12 21:05:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.12 21:05:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.12.12 21:05:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.12.12 21:05:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.12 21:05:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.12 21:05:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.12 21:05:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.12 21:05:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.12 21:05:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.12 21:05:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.12 21:05:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.12.12 21:05:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.12.12 21:05:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.12.12 21:05:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.12 21:05:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.12 21:05:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.12 21:05:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.12 21:05:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.12.12 21:05:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.12.12 21:05:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.12.12 21:05:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.12 21:05:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.12.12 21:05:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.12.12 21:05:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.12.12 21:05:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.12.12 21:05:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.12 21:05:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.12.12 21:05:42 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.12.12 21:05:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.12 21:05:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.12.12 21:05:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.12.12 21:05:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.12.12 21:05:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.12 21:05:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.12.12 21:05:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.12.12 21:05:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.12.12 21:05:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.12 21:05:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.12 21:05:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.12 21:05:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.12 21:05:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.12 21:05:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.12 21:05:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.12.12 21:05:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.12.12 21:05:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.12 21:05:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.12 21:05:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.12.12 21:05:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.12.12 21:05:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012.12.12 21:05:29 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012.12.12 21:05:29 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012.12.12 20:47:49 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{5675FF6B-9D58-4143-A069-95203084F4F0}
[2012.12.11 21:48:56 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{541FF0F3-8C2E-430A-9255-E0D1ACD4565C}
[2012.12.11 09:48:27 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{13824635-8209-49A6-9B77-CF6978898F68}
[2012.12.10 14:26:50 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{9781312E-8284-44FC-A738-26599D3FD15F}
[2012.12.09 23:17:40 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{95BDA647-E2C8-469C-90B0-C92651A9A405}
[2012.12.09 11:16:10 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{51510419-3176-4E40-BD4A-977DFF35EBD3}
[2012.12.08 23:17:06 | 000,000,000 | ---D | C] -- C:\Users\Admir\Desktop\Nedo U-Kurs
[2012.12.08 22:47:28 | 000,000,000 | ---D | C] -- C:\Users\Admir\Documents\Neuer Ordner
[2012.12.08 14:21:58 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{EF6CF001-063E-4D1C-8EEF-EF65534325FF}
[2012.12.07 11:21:08 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{463CD27D-8623-4945-8611-5E2A19E2BD36}
[2012.12.06 23:20:33 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{733E2568-803E-45F4-890E-6A329EF6C70E}
[2012.12.06 11:20:09 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{CABACB64-4EFF-4CD6-A603-DCE4999FE38F}
[2012.12.05 01:34:31 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{7D812F67-986B-448D-B71F-43E0BF68D66A}
[2012.12.04 17:07:53 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{8AEEFCE0-73C7-4407-B16F-56024ED17F52}
[2012.12.03 22:41:17 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{82D8C90B-5AD7-4A1E-87E3-6C380FA70F7F}
[2012.12.03 10:40:50 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{82A03ED8-72E3-4D91-BBAF-943499AEB1CB}
[2012.12.01 14:55:27 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{1A40812A-60B0-4F1B-B2E2-CB28C1414145}
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.30 15:11:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.30 15:11:39 | 3193,602,048 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.30 15:09:44 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.12.30 15:05:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admir\Desktop\OTL.exe
[2012.12.30 13:53:01 | 000,002,257 | ---- | M] () -- C:\Users\Admir\Desktop\SpyHunter.lnk
[2012.12.30 13:48:18 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.30 13:48:17 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.30 13:38:15 | 000,002,890 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012.12.30 13:38:15 | 000,001,086 | ---- | M] () -- C:\Users\Admir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2012.12.30 13:38:09 | 000,212,992 | ---- | M] (Microsoft Corporation) -- C:\Users\Admir\wgsdgsdgdsgsd.dll
[2012.12.30 12:08:22 | 000,001,062 | ---- | M] () -- C:\Users\Admir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.12.29 19:09:06 | 000,001,990 | ---- | M] () -- C:\Users\Admir\Desktop\DreamBoxEdit.lnk
[2012.12.27 18:05:45 | 000,001,087 | ---- | M] () -- C:\Users\Admir\Desktop\DSJ4.lnk
[2012.12.24 15:47:34 | 000,001,005 | ---- | M] () -- C:\Users\Admir\Desktop\DSJ3.lnk
[2012.12.22 12:04:23 | 000,426,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.20 18:44:52 | 001,622,100 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.20 18:44:52 | 000,700,630 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.20 18:44:52 | 000,655,302 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.20 18:44:52 | 000,149,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.20 18:44:52 | 000,122,174 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.20 11:42:07 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.12.18 16:37:05 | 000,001,620 | ---- | M] () -- C:\Users\Admir\Desktop\K2 - Kollektivarbeitsrecht - Verknüpfung.lnk
[2012.12.16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.13 22:26:05 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012.12.13 22:26:05 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012.12.13 22:26:05 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.12.13 22:26:05 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.12.13 22:26:05 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.12.13 22:26:05 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012.12.12 21:08:36 | 000,002,415 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.12.11 15:54:41 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.12.11 15:54:40 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.12.30 13:53:03 | 000,022,704 | ---- | C] () -- C:\Windows\SysNative\drivers\EsgScanner.sys
[2012.12.30 13:53:01 | 000,002,257 | ---- | C] () -- C:\Users\Admir\Desktop\SpyHunter.lnk
[2012.12.30 13:38:15 | 000,002,890 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012.12.30 13:38:15 | 000,001,086 | ---- | C] () -- C:\Users\Admir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2012.12.30 13:38:13 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.12.27 18:05:45 | 000,001,087 | ---- | C] () -- C:\Users\Admir\Desktop\DSJ4.lnk
[2012.12.24 15:47:34 | 000,001,005 | ---- | C] () -- C:\Users\Admir\Desktop\DSJ3.lnk
[2012.12.20 11:42:07 | 000,001,828 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.10.02 17:40:58 | 000,000,600 | ---- | C] () -- C:\Users\Admir\AppData\Roaming\winscp.rnd
[2012.06.25 09:44:37 | 000,004,096 | -H-- | C] () -- C:\Users\Admir\AppData\Local\keyfile3.drm
[2012.05.14 22:06:34 | 000,000,098 | ---- | C] () -- C:\Users\Admir\AppData\Roaming\CamStudio.Producer.command
[2012.05.14 22:03:17 | 000,001,205 | ---- | C] () -- C:\Users\Admir\AppData\Roaming\CamStudio.Producer.ini
[2012.05.14 22:03:17 | 000,000,000 | ---- | C] () -- C:\Users\Admir\AppData\Roaming\CamStudio.Producer.Data.ini
[2012.05.14 21:28:20 | 000,005,120 | ---- | C] () -- C:\Users\Admir\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.14 21:26:47 | 000,000,408 | ---- | C] () -- C:\Users\Admir\AppData\Roaming\CamShapes.ini
[2012.05.14 21:26:47 | 000,000,408 | ---- | C] () -- C:\Users\Admir\AppData\Roaming\CamLayout.ini
[2012.05.14 21:26:47 | 000,000,103 | ---- | C] () -- C:\Users\Admir\AppData\Roaming\Camdata.ini
[2012.05.14 21:13:33 | 000,004,425 | ---- | C] () -- C:\Users\Admir\AppData\Roaming\CamStudio.cfg
[2011.12.22 15:09:49 | 000,074,248 | ---- | C] () -- C:\Windows\hpqins16.dat
[2011.06.01 13:43:37 | 001,642,510 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.11.15 01:57:25 | 000,001,072 | R-S- | C] () -- C:\Users\Admir\AppData\Roaming\chkntfs.dat
[2010.07.10 11:52:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011.10.09 16:37:12 | 000,000,000 | ---D | M] -- C:\Users\Admir\AppData\Roaming\.minecraft
[2012.10.12 18:40:31 | 000,000,000 | ---D | M] -- C:\Users\Admir\AppData\Roaming\A1 Servicecenter
[2012.10.02 17:26:05 | 000,000,000 | ---D | M] -- C:\Users\Admir\AppData\Roaming\Babylon
[2012.10.02 18:20:53 | 000,000,000 | ---D | M] -- C:\Users\Admir\AppData\Roaming\BrowserCompanion
[2010.01.15 12:22:38 | 000,000,000 | ---D | M] -- C:\Users\Admir\AppData\Roaming\DAEMON Tools Lite
[2010.07.14 06:29:47 | 000,000,000 | ---D | M] -- C:\Users\Admir\AppData\Roaming\DEAC8354A32E98459090B8C647948D32
[2012.12.30 15:10:00 | 000,000,000 | ---D | M] -- C:\Users\Admir\AppData\Roaming\Dropbox
[2011.07.01 20:26:38 | 000,000,000 | ---D | M] -- C:\Users\Admir\AppData\Roaming\DVDVideoSoft
[2011.07.01 20:21:09 | 000,000,000 | ---D | M] -- C:\Users\Admir\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.11.01 13:38:28 | 000,000,000 | ---D | M] -- C:\Users\Admir\AppData\Roaming\EndNote
[2010.06.28 00:17:56 | 000,000,000 | ---D | M] -- C:\Users\Admir\AppData\Roaming\Facebook
[2009.12.19 12:13:14 | 000,000,000 | ---D | M] -- C:\Users\Admir\AppData\Roaming\Leadertech
[2012.10.12 18:37:55 | 000,000,000 | ---D | M] -- C:\Users\Admir\AppData\Roaming\mquadr.at
[2011.12.23 09:58:06 | 000,000,000 | ---D | M] -- C:\Users\Admir\AppData\Roaming\Nokia Ovi Suite
[2011.10.07 23:03:13 | 000,000,000 | ---D | M] -- C:\Users\Admir\AppData\Roaming\PC Suite
[2009.12.21 19:22:18 | 000,000,000 | ---D | M] -- C:\Users\Admir\AppData\Roaming\Program Files (x86)
[2012.10.14 13:45:29 | 000,000,000 | ---D | M] -- C:\Users\Admir\AppData\Roaming\redsn0w
[2010.10.17 17:59:50 | 000,000,000 | ---D | M] -- C:\Users\Admir\AppData\Roaming\TeamViewer
[2009.12.18 13:23:06 | 000,000,000 | ---D | M] -- C:\Users\Admir\AppData\Roaming\Toshiba
[2012.10.13 23:32:29 | 000,000,000 | ---D | M] -- C:\Users\Admir\AppData\Roaming\uTorrent
[2010.10.06 18:10:50 | 000,000,000 | ---D | M] -- C:\Users\Admir\AppData\Roaming\WildTangent
[2009.12.18 14:41:17 | 000,000,000 | ---D | M] -- C:\Users\Admir\AppData\Roaming\WinBatch
 
========== Purity Check ==========
 
 

< End of report >
         

Alt 30.12.2012, 17:40   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Polizei Department Control Trojaner - Standard

Polizei Department Control Trojaner



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Zitat:
Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 30.12.2012, 17:50   #3
ado_87
 
Polizei Department Control Trojaner - Standard

Polizei Department Control Trojaner



Hallo!!

Danke für die Infos,

zuerst habe im abgesicherten Modus (nachdem ich auf einem anderen Computer OTL.exe runtergeladen habe und per USB-Stick auf diesen Computer übertragen habe) OTL.exe nach eurer Anleitung den Scan durchgeführt. Daraus sind diese 2 Reports entstanden.

Anschließend habe ich überlesen, dass man ein Fix von anderen Benutzern nicht verwenden sollte. Ich habe es aber unwissentlich gemacht und im abgesicherten Modus gefixt.
Diesen fix habe ich verwendet:
Code:
ATTFilter
:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?AF=109992&babsrc=HP_ss&mntrId=853668800000000000000009dd5084cf 
IE - HKCU\..\URLSearchHook: {66bd2442-241b-44cd-8c7a-b51037053cdb} - No CLSID value found 
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} 
IE - HKCU\..\SearchScopes\{033D0AAE-1F9D-4141-AA17-8965E3B86015}: "URL" = hxxp://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms} 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=109992&babsrc=SP_ss&mntrId=853668800000000000000009dd5084cf 
IE - HKCU\..\SearchScopes\{ABB50930-30DE-43A4-9CF5-2FEA0BF812BA}: "URL" = hxxp://www.google.de/search?q={searchTerms} 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local 
FF - user.js - File not found 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found 
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found 
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) 
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) 
O2 - BHO: (no name) - {D6E0063B-7B09-45C9-A51D-1FB51840EBE0} - No CLSID value found. 
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) 
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) 
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {66BD2442-241B-44CD-8C7A-B51037053CDB} - No CLSID value found. 
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () 
O4 - HKCU..\Run: [Nero MediaHome 4] "C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN File not found 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O8 - Extra context menu item: Add to Playlist - res://C:\Program Files\PacketVideo\TwonkyBeam\Internet Explorer\TwonkyIEPlugin.dll/314 File not found 
O15 - HKCU\..Trusted Domains: cleverreach.com ([novastor] http in Trusted sites) 
O15 - HKCU\..Trusted Domains: google-analytics.com ([]http in Trusted sites) 
O15 - HKCU\..Trusted Domains: novastor.com ([]http in Trusted sites) 
O15 - HKCU\..Trusted Domains: novastor.com ([]https in Trusted sites) 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) 
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2) 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] 
[
[2012.08.31 18:37:32 | 004,503,728 | ---- | M] () -- C:\ProgramData\nud0repor.pad 
 
[2012.02.28 19:50:44 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Babylon 

[2010.06.13 12:38:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat 
:Files
C:\Users\User\AppData\Local\{*}
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\User\AppData\Local\Temp\*.exe
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
%SystemRoot%\System32\*.tmp
%SystemRoot%\SysWOW64\*.tmp
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
         
Dann habe einen Scan bei Malwarebytes (wie in eurer Anleitung) durchgeführt und abschließend diesen adwcleaner verwendet.

Hier die Reports von Malwarebytes und vom adwcleaner:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2012.12.30.07

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Admir :: ADMIR-TOSHIBA [Administrator]

30.12.2012 16:37:27
mbam-log-2012-12-30 (16-37-27).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 393114
Laufzeit: 1 Stunde(n), 4 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Users\Admir\wgsdgsdgdsgsd.dll (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Admir\AppData\Roaming\chkntfs.dat (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Admir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Code:
ATTFilter
# AdwCleaner v2.104 - Datei am 30/12/2012 um 17:50:26 erstellt
# Aktualisiert am 29/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Admir - ADMIR-TOSHIBA
# Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung
# Ausgeführt unter : C:\Users\Admir\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\user.js
Ordner Gelöscht : C:\Program Files (x86)\BrowserCompanion
Ordner Gelöscht : C:\Program Files (x86)\DAEMON Tools Toolbar
Ordner Gelöscht : C:\Program Files (x86)\Softonic
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\Admir\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Admir\AppData\Roaming\BrowserCompanion

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\58edad9b735ee45
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Softonic.dskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Softonic.dskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SoftonicApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SoftonicApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B15F118E-AF21-45E8-A809-29FDD7362565}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\58edad9b735ee45
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{44B50C01-4993-48E2-ADEE-D812BAE2E9A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A3E2F089-DDBB-4CBF-B06C-5D44DA316ED3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A5679AB0-C59E-49E7-83C4-5289F844A6E0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA0167C2-6295-41B8-9BDA-704B2F5E4CD9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Software
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{5018CFD2-804D-4C99-9F81-25EAEA2769DE}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v18.0 (de)

Datei : C:\Users\Admir\AppData\Roaming\Mozilla\Firefox\Profiles\4uyw43bj.default\prefs.js

Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Gelöscht : user_pref("browser.search.order.1", "Search the web (Babylon)");
Gelöscht : user_pref("extensions.BabylonToolbar.admin", false);
Gelöscht : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Gelöscht : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Gelöscht : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Gelöscht : user_pref("extensions.BabylonToolbar.excTlbr", false);
Gelöscht : user_pref("extensions.BabylonToolbar.id", "38403924000000000000701a04374fe1");
Gelöscht : user_pref("extensions.BabylonToolbar.instlDay", "15619");
Gelöscht : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Gelöscht : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Gelöscht : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Gelöscht : user_pref("extensions.BabylonToolbar.vrsn", "1.8.0.7");
Gelöscht : user_pref("extensions.BabylonToolbar.vrsni", "1.8.0.7");
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", true);
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "about:home");
Gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.0.719:15:38");
Gelöscht : user_pref("extensions.Softonic.admin", false);
Gelöscht : user_pref("extensions.Softonic.aflt", "orgnl");
Gelöscht : user_pref("extensions.Softonic.autoRvrt", "false");
Gelöscht : user_pref("extensions.Softonic.cntry", "AT");
Gelöscht : user_pref("extensions.Softonic.dfltLng", "");
Gelöscht : user_pref("extensions.Softonic.dfltSrch", false);
Gelöscht : user_pref("extensions.Softonic.dfltlng", "de");
Gelöscht : user_pref("extensions.Softonic.dfltsrch", "false");
Gelöscht : user_pref("extensions.Softonic.envrmnt", "production");
Gelöscht : user_pref("extensions.Softonic.excTlbr", false);
Gelöscht : user_pref("extensions.Softonic.hdrMd5", "3291D035B63C1E84D838C3EFB7C95494");
Gelöscht : user_pref("extensions.Softonic.hmpg", false);
Gelöscht : user_pref("extensions.Softonic.hrdid", "38403924000000000000000000000000");
Gelöscht : user_pref("extensions.Softonic.id", "38403924000000000000000000000000");
Gelöscht : user_pref("extensions.Softonic.instlDay", "15474");
Gelöscht : user_pref("extensions.Softonic.instlRef", "MON00001");
Gelöscht : user_pref("extensions.Softonic.instlday", "15474");
Gelöscht : user_pref("extensions.Softonic.instlref", "MON00015");
Gelöscht : user_pref("extensions.Softonic.isdcmntcmplt", "false");
Gelöscht : user_pref("extensions.Softonic.keywordurl", "");
Gelöscht : user_pref("extensions.Softonic.lastVrsnTs", "1.5.21.022:06:40");
Gelöscht : user_pref("extensions.Softonic.logicsmngrdailyreporttime", "14-05-2012");
Gelöscht : user_pref("extensions.Softonic.mntrvrsn", "1.3.0");
Gelöscht : user_pref("extensions.Softonic.newTab", false);
Gelöscht : user_pref("extensions.Softonic.newtab", "false");
Gelöscht : user_pref("extensions.Softonic.newtaburl", "");
Gelöscht : user_pref("extensions.Softonic.prdct", "Softonic");
Gelöscht : user_pref("extensions.Softonic.prtnrId", "softonic");
Gelöscht : user_pref("extensions.Softonic.prtnrid", "softonic");
Gelöscht : user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search set[...]
Gelöscht : user_pref("extensions.Softonic.savedVrsnTs", "1");
Gelöscht : user_pref("extensions.Softonic.sg", "az");
Gelöscht : user_pref("extensions.Softonic.similarsitesstorage-pid2", "3fdc87e2ec2aceb8");
Gelöscht : user_pref("extensions.Softonic.smplGrp", "none");
Gelöscht : user_pref("extensions.Softonic.smplgrp", "none");
Gelöscht : user_pref("extensions.Softonic.srch", "");
Gelöscht : user_pref("extensions.Softonic.srchprvdr", "");
Gelöscht : user_pref("extensions.Softonic.tlbrId", "base");
Gelöscht : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MON00001/tb_v1?SearchSource[...]
Gelöscht : user_pref("extensions.Softonic.tlbrid", "base");
Gelöscht : user_pref("extensions.Softonic.tlbrsrchurl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource[...]
Gelöscht : user_pref("extensions.Softonic.vrsn", "1.5.21.0");
Gelöscht : user_pref("extensions.Softonic.vrsnTs", "1.5.21.022:06:40");
Gelöscht : user_pref("extensions.Softonic.vrsni", "1.5.21.0");
Gelöscht : user_pref("extensions.Softonic.vrsnts", "1.5.21.022:06:40");
Gelöscht : user_pref("extensions.Softonic.xpestat\\xpereportdata", "14-4-2012");
Gelöscht : user_pref("extensions.Softonic_i.newTab", false);
Gelöscht : user_pref("extensions.Softonic_i.smplGrp", "none");
Gelöscht : user_pref("extensions.Softonic_i.vrsnTs", "1.5.21.022:10:14");
Gelöscht : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=110824&tt=031012_ccp_4012_8&babsrc=KW_ss&[...]

Datei : C:\Users\Admir\AppData\Roaming\Mozilla\Firefox\Profiles\w89gi4f3.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v23.0.1271.97

Datei : C:\Users\Admir\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.11] : homepage = "hxxp://search.babylon.com/?affID=110824&tt=031012_ccp_4012_8&babsrc=HP_ss&mntrId=[...]
Gelöscht [l.15] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=110824&tt=031012_ccp_4012[...]
Gelöscht [l.1553] : homepage = "hxxp://search.babylon.com/?affID=110824&tt=031012_ccp_4012_8&babsrc=HP_ss&mntrId=384[...]
Gelöscht [l.1895] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=110824&tt=031012_ccp_4012_8&[...]

*************************

AdwCleaner[R1].txt - [15120 octets] - [30/12/2012 17:49:18]
AdwCleaner[S1].txt - [14742 octets] - [30/12/2012 17:50:26]

########## EOF - C:\AdwCleaner[S1].txt - [14803 octets] ##########
         
Code:
ATTFilter
# AdwCleaner v2.104 - Datei am 30/12/2012 um 17:49:18 erstellt
# Aktualisiert am 29/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Admir - ADMIR-TOSHIBA
# Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung
# Ausgeführt unter : G:\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gefunden : C:\user.js
Ordner Gefunden : C:\Program Files (x86)\BrowserCompanion
Ordner Gefunden : C:\Program Files (x86)\DAEMON Tools Toolbar
Ordner Gefunden : C:\Program Files (x86)\Softonic
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\Users\Admir\AppData\Roaming\Babylon
Ordner Gefunden : C:\Users\Admir\AppData\Roaming\BrowserCompanion

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\DataMngr
Schlüssel Gefunden : HKCU\Software\DataMngr_Toolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\58edad9b735ee45
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\S
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Softonic.dskBnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Softonic.dskBnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SoftonicApp.appCore
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SoftonicApp.appCore.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{B15F118E-AF21-45E8-A809-29FDD7362565}
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gefunden : HKLM\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\58edad9b735ee45
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{44B50C01-4993-48E2-ADEE-D812BAE2E9A2}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A3E2F089-DDBB-4CBF-B06C-5D44DA316ED3}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A5679AB0-C59E-49E7-83C4-5289F844A6E0}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA0167C2-6295-41B8-9BDA-704B2F5E4CD9}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Schlüssel Gefunden : HKLM\SOFTWARE\Software
Schlüssel Gefunden : HKU\S-1-5-21-2063069217-60928023-77756203-1001\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{5018CFD2-804D-4C99-9F81-25EAEA2769DE}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v18.0 (de)

Datei : C:\Users\Admir\AppData\Roaming\Mozilla\Firefox\Profiles\4uyw43bj.default\prefs.js

Gefunden : user_pref("browser.search.defaultengine", "Ask.com");
Gefunden : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Gefunden : user_pref("browser.search.order.1", "Search the web (Babylon)");
Gefunden : user_pref("extensions.BabylonToolbar.admin", false);
Gefunden : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Gefunden : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Gefunden : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Gefunden : user_pref("extensions.BabylonToolbar.excTlbr", false);
Gefunden : user_pref("extensions.BabylonToolbar.id", "38403924000000000000701a04374fe1");
Gefunden : user_pref("extensions.BabylonToolbar.instlDay", "15619");
Gefunden : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Gefunden : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Gefunden : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Gefunden : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Gefunden : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Gefunden : user_pref("extensions.BabylonToolbar.vrsn", "1.8.0.7");
Gefunden : user_pref("extensions.BabylonToolbar.vrsni", "1.8.0.7");
Gefunden : user_pref("extensions.BabylonToolbar_i.newTab", true);
Gefunden : user_pref("extensions.BabylonToolbar_i.newTabUrl", "about:home");
Gefunden : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gefunden : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.0.719:15:38");
Gefunden : user_pref("extensions.Softonic.admin", false);
Gefunden : user_pref("extensions.Softonic.aflt", "orgnl");
Gefunden : user_pref("extensions.Softonic.autoRvrt", "false");
Gefunden : user_pref("extensions.Softonic.cntry", "AT");
Gefunden : user_pref("extensions.Softonic.dfltLng", "");
Gefunden : user_pref("extensions.Softonic.dfltSrch", false);
Gefunden : user_pref("extensions.Softonic.dfltlng", "de");
Gefunden : user_pref("extensions.Softonic.dfltsrch", "false");
Gefunden : user_pref("extensions.Softonic.envrmnt", "production");
Gefunden : user_pref("extensions.Softonic.excTlbr", false);
Gefunden : user_pref("extensions.Softonic.hdrMd5", "3291D035B63C1E84D838C3EFB7C95494");
Gefunden : user_pref("extensions.Softonic.hmpg", false);
Gefunden : user_pref("extensions.Softonic.hrdid", "38403924000000000000000000000000");
Gefunden : user_pref("extensions.Softonic.id", "38403924000000000000000000000000");
Gefunden : user_pref("extensions.Softonic.instlDay", "15474");
Gefunden : user_pref("extensions.Softonic.instlRef", "MON00001");
Gefunden : user_pref("extensions.Softonic.instlday", "15474");
Gefunden : user_pref("extensions.Softonic.instlref", "MON00015");
Gefunden : user_pref("extensions.Softonic.isdcmntcmplt", "false");
Gefunden : user_pref("extensions.Softonic.keywordurl", "");
Gefunden : user_pref("extensions.Softonic.lastVrsnTs", "1.5.21.022:06:40");
Gefunden : user_pref("extensions.Softonic.logicsmngrdailyreporttime", "14-05-2012");
Gefunden : user_pref("extensions.Softonic.mntrvrsn", "1.3.0");
Gefunden : user_pref("extensions.Softonic.newTab", false);
Gefunden : user_pref("extensions.Softonic.newtab", "false");
Gefunden : user_pref("extensions.Softonic.newtaburl", "");
Gefunden : user_pref("extensions.Softonic.prdct", "Softonic");
Gefunden : user_pref("extensions.Softonic.prtnrId", "softonic");
Gefunden : user_pref("extensions.Softonic.prtnrid", "softonic");
Gefunden : user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search set[...]
Gefunden : user_pref("extensions.Softonic.savedVrsnTs", "1");
Gefunden : user_pref("extensions.Softonic.sg", "az");
Gefunden : user_pref("extensions.Softonic.similarsitesstorage-pid2", "3fdc87e2ec2aceb8");
Gefunden : user_pref("extensions.Softonic.smplGrp", "none");
Gefunden : user_pref("extensions.Softonic.smplgrp", "none");
Gefunden : user_pref("extensions.Softonic.srch", "");
Gefunden : user_pref("extensions.Softonic.srchprvdr", "");
Gefunden : user_pref("extensions.Softonic.tlbrId", "base");
Gefunden : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MON00001/tb_v1?SearchSource[...]
Gefunden : user_pref("extensions.Softonic.tlbrid", "base");
Gefunden : user_pref("extensions.Softonic.tlbrsrchurl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource[...]
Gefunden : user_pref("extensions.Softonic.vrsn", "1.5.21.0");
Gefunden : user_pref("extensions.Softonic.vrsnTs", "1.5.21.022:06:40");
Gefunden : user_pref("extensions.Softonic.vrsni", "1.5.21.0");
Gefunden : user_pref("extensions.Softonic.vrsnts", "1.5.21.022:06:40");
Gefunden : user_pref("extensions.Softonic.xpestat\\xpereportdata", "14-4-2012");
Gefunden : user_pref("extensions.Softonic_i.newTab", false);
Gefunden : user_pref("extensions.Softonic_i.smplGrp", "none");
Gefunden : user_pref("extensions.Softonic_i.vrsnTs", "1.5.21.022:10:14");
Gefunden : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=110824&tt=031012_ccp_4012_8&babsrc=KW_ss&[...]

Datei : C:\Users\Admir\AppData\Roaming\Mozilla\Firefox\Profiles\w89gi4f3.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v23.0.1271.97

Datei : C:\Users\Admir\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gefunden [l.11] : homepage = "hxxp://search.babylon.com/?affID=110824&tt=031012_ccp_4012_8&babsrc=HP_ss&mntrId=38403924000000000000701a04374fe1",
Gefunden [l.15] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=110824&tt=031012_ccp_4012_8&babsrc=HP_ss&mntrId=38403924000000000000701a04374fe1", "hxxp://www.google.com/" ]
Gefunden [l.1553] : homepage = "hxxp://search.babylon.com/?affID=110824&tt=031012_ccp_4012_8&babsrc=HP_ss&mntrId=38403924000000000000701a04374fe1",
Gefunden [l.1895] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=110824&tt=031012_ccp_4012_8&babsrc=HP_ss&mntrId=38403924000000000000701a04374fe1", "hxxp://www.google.com/" ]

*************************

AdwCleaner[R1].txt - [15027 octets] - [30/12/2012 17:49:18]

########## EOF - C:\AdwCleaner[R1].txt - [15088 octets] ##########
         

Seitdem ist die Meldung, die vorher beim Starten sofort gekommen ist, nicht mehr aufgetaucht...

nach dem ich alles abgeschlossen habe, habe ich einen Systemstart durchgeführt und folgender Report ist erschienen

Code:
ATTFilter
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{66bd2442-241b-44cd-8c7a-b51037053cdb} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66bd2442-241b-44cd-8c7a-b51037053cdb}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{033D0AAE-1F9D-4141-AA17-8965E3B86015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{033D0AAE-1F9D-4141-AA17-8965E3B86015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ABB50930-30DE-43A4-9CF5-2FEA0BF812BA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABB50930-30DE-43A4-9CF5-2FEA0BF812BA}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
File C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ not found.
File C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D6E0063B-7B09-45C9-A51D-1FB51840EBE0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D6E0063B-7B09-45C9-A51D-1FB51840EBE0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ not found.
File C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
File C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{66BD2442-241B-44CD-8C7A-B51037053CDB} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66BD2442-241B-44CD-8C7A-B51037053CDB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate not found.
File C:\Program Files\DivX\DivX Update\DivXUpdate.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Nero MediaHome 4 not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Playlist\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cleverreach.com\novastor\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\google-analytics.com\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\novastor.com\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\novastor.com\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File  not found.
File C:\ProgramData\nud0repor.pad not found.
Folder C:\Users\User\AppData\Roaming\Babylon\ not found.
C:\ProgramData\ezsidmv.dat moved successfully.
========== FILES ==========
File\Folder C:\Users\User\AppData\Local\{*} not found.
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\TEMP not found.
File\Folder C:\Users\User\AppData\Local\Temp\*.exe not found.
File\Folder C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache not found.
File/Folder C:\Users\Admir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
File/Folder C:\Windows\System32\*.tmp not found.
File/Folder C:\Windows\SysWOW64\*.tmp not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache konnte nicht geleert werden: Beim Ausfhren der Funktion ist ein Fehler aufgetreten.
C:\Users\Admir\Desktop\cmd.bat deleted successfully.
C:\Users\Admir\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Admir
->Temp folder emptied: 77444478 bytes
->Temporary Internet Files folder emptied: 56416695 bytes
->Java cache emptied: 4614291 bytes
->FireFox cache emptied: 100292130 bytes
->Google Chrome cache emptied: 111056733 bytes
->Flash cache emptied: 46979 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 43909 bytes
->Flash cache emptied: 41044 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1280946 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1165463325 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.446,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 12302012_161439

Files\Folders moved on Reboot...
C:\Users\Admir\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
__________________

Alt 30.12.2012, 18:08   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Polizei Department Control Trojaner - Standard

Polizei Department Control Trojaner



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Malwarebytes Anti-Rootkit

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Entpacke das Archiv auf deinem Desktop.
  • Im neu erstellten Ordner starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 30.12.2012, 18:58   #5
ado_87
 
Polizei Department Control Trojaner - Standard

Polizei Department Control Trojaner



hab alles genauso gemacht wie in der Anleitung!
Es wurde keine Malware gefunden, stand nach Ende des Scans.

Code:
ATTFilter
Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org

Database version: v2012.12.30.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Admir :: ADMIR-TOSHIBA [administrator]

30.12.2012 19:55:51
mbar-log-2012-12-30 (19-55-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 30776
Time elapsed: 39 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         


Alt 30.12.2012, 19:15   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Polizei Department Control Trojaner - Standard

Polizei Department Control Trojaner



1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
--> Polizei Department Control Trojaner

Alt 30.12.2012, 19:51   #7
ado_87
 
Polizei Department Control Trojaner - Standard

Polizei Department Control Trojaner



so diese Schritte wären auch erledigt.

hier die Logs

aswMBR:

Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-30 20:18:47
-----------------------------
20:18:47.599    OS Version: Windows x64 6.1.7601 Service Pack 1
20:18:47.599    Number of processors: 2 586 0x170A
20:18:47.599    ComputerName: ADMIR-TOSHIBA  UserName: Admir
20:18:48.880    Initialize success
20:20:59.871    AVAST engine defs: 12123000
20:21:20.026    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:21:20.036    Disk 0 Vendor: TOSHIBA_ FG01 Size: 381554MB BusType: 3
20:21:20.056    Disk 0 MBR read successfully
20:21:20.066    Disk 0 MBR scan
20:21:20.066    Disk 0 Windows 7 default MBR code
20:21:20.086    Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS          400 MB offset 2048
20:21:20.096    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       190777 MB offset 821248
20:21:20.126    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       190376 MB offset 391532544
20:21:20.176    Disk 0 scanning C:\Windows\system32\drivers
20:21:34.599    Service scanning
20:22:20.044    Modules scanning
20:22:20.044    Disk 0 trace - called modules:
20:22:20.084    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys sptd.sys hal.dll 
20:22:20.084    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800575d6b0]
20:22:20.084    3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004718050]
20:22:21.535    AVAST engine scan C:\Windows
20:22:23.856    AVAST engine scan C:\Windows\system32
20:26:24.753    AVAST engine scan C:\Windows\system32\drivers
20:26:41.824    AVAST engine scan C:\Users\Admir
20:33:06.218    AVAST engine scan C:\ProgramData
20:37:08.556    Scan finished successfully
20:45:37.370    Disk 0 MBR has been saved successfully to "C:\Users\Admir\Desktop\MBR.dat"
20:45:37.380    The log file has been saved successfully to "C:\Users\Admir\Desktop\aswMBR.txt"
         

TDSSKiller:
Code:
ATTFilter
20:47:51.0746 0760  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:47:51.0986 0760  ============================================================
20:47:51.0986 0760  Current date / time: 2012/12/30 20:47:51.0986
20:47:51.0986 0760  SystemInfo:
20:47:51.0986 0760  
20:47:51.0986 0760  OS Version: 6.1.7601 ServicePack: 1.0
20:47:51.0986 0760  Product type: Workstation
20:47:51.0986 0760  ComputerName: ADMIR-TOSHIBA
20:47:51.0986 0760  UserName: Admir
20:47:51.0986 0760  Windows directory: C:\Windows
20:47:51.0986 0760  System windows directory: C:\Windows
20:47:51.0986 0760  Running under WOW64
20:47:51.0986 0760  Processor architecture: Intel x64
20:47:51.0986 0760  Number of processors: 2
20:47:51.0986 0760  Page size: 0x1000
20:47:51.0986 0760  Boot type: Normal boot
20:47:51.0986 0760  ============================================================
20:47:52.0586 0760  Drive \Device\Harddisk0\DR0 - Size: 0x5D27216000 (372.61 Gb), SectorSize: 0x200, Cylinders: 0xBE01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:47:52.0606 0760  ============================================================
20:47:52.0606 0760  \Device\Harddisk0\DR0:
20:47:52.0606 0760  MBR partitions:
20:47:52.0606 0760  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC8800, BlocksNum 0x1749C800
20:47:52.0606 0760  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x17565000, BlocksNum 0x173D4000
20:47:52.0606 0760  ============================================================
20:47:52.0626 0760  C: <-> \Device\Harddisk0\DR0\Partition1
20:47:52.0656 0760  D: <-> \Device\Harddisk0\DR0\Partition2
20:47:52.0656 0760  ============================================================
20:47:52.0656 0760  Initialize success
20:47:52.0656 0760  ============================================================
20:48:20.0996 5096  ============================================================
20:48:20.0996 5096  Scan started
20:48:20.0996 5096  Mode: Manual; SigCheck; TDLFS; 
20:48:20.0996 5096  ============================================================
20:48:21.0526 5096  ================ Scan system memory ========================
20:48:21.0526 5096  System memory - ok
20:48:21.0526 5096  ================ Scan services =============================
20:48:21.0836 5096  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
20:48:22.0016 5096  1394ohci - ok
20:48:22.0086 5096  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
20:48:22.0116 5096  ACPI - ok
20:48:22.0166 5096  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
20:48:22.0226 5096  AcpiPmi - ok
20:48:22.0346 5096  [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:48:22.0376 5096  AdobeARMservice - ok
20:48:22.0436 5096  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
20:48:22.0466 5096  adp94xx - ok
20:48:22.0496 5096  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
20:48:22.0516 5096  adpahci - ok
20:48:22.0546 5096  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
20:48:22.0586 5096  adpu320 - ok
20:48:22.0626 5096  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:48:22.0706 5096  AeLookupSvc - ok
20:48:22.0756 5096  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
20:48:22.0816 5096  AFD - ok
20:48:22.0866 5096  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
20:48:22.0906 5096  agp440 - ok
20:48:22.0946 5096  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
20:48:23.0026 5096  ALG - ok
20:48:23.0076 5096  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:48:23.0086 5096  aliide - ok
20:48:23.0156 5096  [ 98A2774D3F18C107874C8C1163EBE484 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:48:23.0226 5096  AMD External Events Utility - ok
20:48:23.0276 5096  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
20:48:23.0306 5096  amdide - ok
20:48:23.0356 5096  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
20:48:23.0416 5096  AmdK8 - ok
20:48:23.0446 5096  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
20:48:23.0516 5096  AmdPPM - ok
20:48:23.0566 5096  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
20:48:23.0576 5096  amdsata - ok
20:48:23.0626 5096  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
20:48:23.0646 5096  amdsbs - ok
20:48:23.0666 5096  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
20:48:23.0676 5096  amdxata - ok
20:48:23.0796 5096  [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
20:48:23.0826 5096  AntiVirSchedulerService - ok
20:48:23.0896 5096  [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
20:48:23.0926 5096  AntiVirService - ok
20:48:23.0986 5096  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
20:48:24.0056 5096  AppID - ok
20:48:24.0076 5096  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:48:24.0136 5096  AppIDSvc - ok
20:48:24.0196 5096  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
20:48:24.0266 5096  Appinfo - ok
20:48:24.0366 5096  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:48:24.0386 5096  Apple Mobile Device - ok
20:48:24.0426 5096  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
20:48:24.0446 5096  arc - ok
20:48:24.0466 5096  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
20:48:24.0476 5096  arcsas - ok
20:48:24.0606 5096  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:48:24.0626 5096  aspnet_state - ok
20:48:24.0656 5096  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:48:24.0716 5096  AsyncMac - ok
20:48:24.0766 5096  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
20:48:24.0806 5096  atapi - ok
20:48:24.0886 5096  [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
20:48:24.0976 5096  athr - ok
20:48:25.0186 5096  [ 173F4C05F87085E9BDA3F7037BC9F40E ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
20:48:25.0417 5096  atikmdag - ok
20:48:25.0477 5096  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:48:25.0567 5096  AudioEndpointBuilder - ok
20:48:25.0577 5096  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
20:48:25.0617 5096  AudioSrv - ok
20:48:25.0667 5096  [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
20:48:25.0687 5096  avgntflt - ok
20:48:25.0767 5096  [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
20:48:25.0797 5096  avipbb - ok
20:48:25.0817 5096  [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
20:48:25.0827 5096  avkmgr - ok
20:48:25.0887 5096  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:48:25.0987 5096  AxInstSV - ok
20:48:26.0047 5096  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
20:48:26.0117 5096  b06bdrv - ok
20:48:26.0157 5096  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
20:48:26.0207 5096  b57nd60a - ok
20:48:26.0247 5096  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
20:48:26.0297 5096  BDESVC - ok
20:48:26.0347 5096  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:48:26.0447 5096  Beep - ok
20:48:26.0507 5096  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
20:48:26.0597 5096  BFE - ok
20:48:26.0627 5096  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
20:48:26.0707 5096  BITS - ok
20:48:26.0737 5096  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
20:48:26.0757 5096  blbdrive - ok
20:48:26.0847 5096  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:48:26.0877 5096  Bonjour Service - ok
20:48:26.0927 5096  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:48:26.0977 5096  bowser - ok
20:48:27.0017 5096  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:48:27.0087 5096  BrFiltLo - ok
20:48:27.0107 5096  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:48:27.0117 5096  BrFiltUp - ok
20:48:27.0167 5096  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
20:48:27.0227 5096  Browser - ok
20:48:27.0257 5096  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
20:48:27.0327 5096  Brserid - ok
20:48:27.0347 5096  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:48:27.0377 5096  BrSerWdm - ok
20:48:27.0417 5096  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:48:27.0477 5096  BrUsbMdm - ok
20:48:27.0487 5096  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:48:27.0527 5096  BrUsbSer - ok
20:48:27.0547 5096  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
20:48:27.0587 5096  BTHMODEM - ok
20:48:27.0627 5096  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
20:48:27.0727 5096  bthserv - ok
20:48:27.0787 5096  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:48:27.0827 5096  cdfs - ok
20:48:27.0877 5096  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
20:48:27.0927 5096  cdrom - ok
20:48:27.0977 5096  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
20:48:28.0047 5096  CertPropSvc - ok
20:48:28.0127 5096  [ 837FF2D497880198C918E6954DBD170C ] cfWiMAXService  C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
20:48:28.0147 5096  cfWiMAXService - ok
20:48:28.0187 5096  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
20:48:28.0257 5096  circlass - ok
20:48:28.0307 5096  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
20:48:28.0327 5096  CLFS - ok
20:48:28.0387 5096  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:48:28.0417 5096  clr_optimization_v2.0.50727_32 - ok
20:48:28.0477 5096  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:48:28.0517 5096  clr_optimization_v2.0.50727_64 - ok
20:48:28.0607 5096  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:48:28.0647 5096  clr_optimization_v4.0.30319_32 - ok
20:48:28.0647 5096  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:48:28.0667 5096  clr_optimization_v4.0.30319_64 - ok
20:48:28.0687 5096  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
20:48:28.0717 5096  CmBatt - ok
20:48:28.0737 5096  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:48:28.0757 5096  cmdide - ok
20:48:28.0807 5096  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
20:48:28.0877 5096  CNG - ok
20:48:28.0907 5096  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
20:48:28.0927 5096  Compbatt - ok
20:48:28.0957 5096  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
20:48:29.0007 5096  CompositeBus - ok
20:48:29.0027 5096  COMSysApp - ok
20:48:29.0067 5096  [ D252C53BCDFC199BBA55EEB10CDB266E ] ConfigFree Gadget Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
20:48:29.0087 5096  ConfigFree Gadget Service - ok
20:48:29.0117 5096  [ CAB0EEAF5295FC96DDD3E19DCE27E131 ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
20:48:29.0127 5096  ConfigFree Service - ok
20:48:29.0157 5096  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
20:48:29.0177 5096  crcdisk - ok
20:48:29.0247 5096  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:48:29.0347 5096  CryptSvc - ok
20:48:29.0407 5096  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:48:29.0487 5096  DcomLaunch - ok
20:48:29.0527 5096  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
20:48:29.0587 5096  defragsvc - ok
20:48:29.0627 5096  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:48:29.0687 5096  DfsC - ok
20:48:29.0747 5096  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:48:29.0827 5096  Dhcp - ok
20:48:29.0857 5096  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
20:48:29.0917 5096  discache - ok
20:48:29.0947 5096  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
20:48:29.0967 5096  Disk - ok
20:48:29.0997 5096  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:48:30.0047 5096  Dnscache - ok
20:48:30.0077 5096  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:48:30.0167 5096  dot3svc - ok
20:48:30.0197 5096  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
20:48:30.0267 5096  DPS - ok
20:48:30.0297 5096  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:48:30.0337 5096  drmkaud - ok
20:48:30.0397 5096  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:48:30.0457 5096  DXGKrnl - ok
20:48:30.0497 5096  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
20:48:30.0547 5096  EapHost - ok
20:48:30.0657 5096  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
20:48:30.0717 5096  ebdrv - ok
20:48:30.0757 5096  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
20:48:30.0837 5096  EFS - ok
20:48:30.0917 5096  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:48:31.0007 5096  ehRecvr - ok
20:48:31.0027 5096  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
20:48:31.0067 5096  ehSched - ok
20:48:31.0137 5096  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
20:48:31.0177 5096  elxstor - ok
20:48:31.0217 5096  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:48:31.0257 5096  ErrDev - ok
20:48:31.0297 5096  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
20:48:31.0377 5096  EventSystem - ok
20:48:31.0407 5096  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
20:48:31.0467 5096  exfat - ok
20:48:31.0487 5096  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:48:31.0547 5096  fastfat - ok
20:48:31.0627 5096  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
20:48:31.0697 5096  Fax - ok
20:48:31.0737 5096  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
20:48:31.0767 5096  fdc - ok
20:48:31.0807 5096  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
20:48:31.0867 5096  fdPHost - ok
20:48:31.0887 5096  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:48:31.0937 5096  FDResPub - ok
20:48:31.0957 5096  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:48:31.0967 5096  FileInfo - ok
20:48:32.0007 5096  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:48:32.0077 5096  Filetrace - ok
20:48:32.0117 5096  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
20:48:32.0147 5096  flpydisk - ok
20:48:32.0197 5096  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:48:32.0217 5096  FltMgr - ok
20:48:32.0277 5096  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
20:48:32.0327 5096  FontCache - ok
20:48:32.0388 5096  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:48:32.0418 5096  FontCache3.0.0.0 - ok
20:48:32.0448 5096  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
20:48:32.0458 5096  FsDepends - ok
20:48:32.0528 5096  [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
20:48:32.0568 5096  fssfltr - ok
20:48:32.0708 5096  [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
20:48:32.0748 5096  fsssvc - ok
20:48:32.0788 5096  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:48:32.0818 5096  Fs_Rec - ok
20:48:32.0868 5096  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:48:32.0908 5096  fvevol - ok
20:48:32.0948 5096  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
20:48:32.0968 5096  gagp30kx - ok
20:48:33.0068 5096  [ 551D463E4CCEB5240234DA6718C93A44 ] GameConsoleService C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
20:48:33.0108 5096  GameConsoleService - ok
20:48:33.0148 5096  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:48:33.0168 5096  GEARAspiWDM - ok
20:48:33.0228 5096  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
20:48:33.0298 5096  gpsvc - ok
20:48:33.0428 5096  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:48:33.0448 5096  gupdate - ok
20:48:33.0468 5096  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:48:33.0478 5096  gupdatem - ok
20:48:33.0508 5096  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:48:33.0568 5096  hcw85cir - ok
20:48:33.0618 5096  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:48:33.0678 5096  HdAudAddService - ok
20:48:33.0718 5096  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
20:48:33.0748 5096  HDAudBus - ok
20:48:33.0788 5096  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
20:48:33.0838 5096  HidBatt - ok
20:48:33.0858 5096  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
20:48:33.0888 5096  HidBth - ok
20:48:33.0918 5096  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
20:48:33.0958 5096  HidIr - ok
20:48:33.0988 5096  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
20:48:34.0058 5096  hidserv - ok
20:48:34.0118 5096  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:48:34.0138 5096  HidUsb - ok
20:48:34.0178 5096  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:48:34.0278 5096  hkmsvc - ok
20:48:34.0318 5096  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:48:34.0388 5096  HomeGroupListener - ok
20:48:34.0428 5096  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:48:34.0458 5096  HomeGroupProvider - ok
20:48:34.0538 5096  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
20:48:34.0548 5096  HpSAMD - ok
20:48:34.0608 5096  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:48:34.0668 5096  HTTP - ok
20:48:34.0738 5096  [ 8F9B0FC4EC3A8194BD4CBC5ED3E7ABEB ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
20:48:34.0778 5096  hwdatacard - ok
20:48:34.0818 5096  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:48:34.0838 5096  hwpolicy - ok
20:48:34.0888 5096  [ 230C041AF8DF1D2308C3AC5146E3FF4F ] hwusbdev        C:\Windows\system32\DRIVERS\ewusbdev.sys
20:48:34.0928 5096  hwusbdev - ok
20:48:34.0988 5096  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
20:48:35.0018 5096  i8042prt - ok
20:48:35.0058 5096  [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
20:48:35.0078 5096  iaStor - ok
20:48:35.0118 5096  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
20:48:35.0148 5096  iaStorV - ok
20:48:35.0218 5096  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:48:35.0258 5096  idsvc - ok
20:48:35.0449 5096  [ A87261EF1546325B559374F5689CF5BC ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
20:48:35.0689 5096  igfx - ok
20:48:35.0729 5096  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
20:48:35.0759 5096  iirsp - ok
20:48:35.0809 5096  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
20:48:35.0879 5096  IKEEXT - ok
20:48:35.0999 5096  [ 0C3CF4B3BAE28E121A1689E3538F8712 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:48:36.0069 5096  IntcAzAudAddService - ok
20:48:36.0099 5096  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
20:48:36.0109 5096  intelide - ok
20:48:36.0159 5096  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:48:36.0209 5096  intelppm - ok
20:48:36.0239 5096  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:48:36.0289 5096  IPBusEnum - ok
20:48:36.0339 5096  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:48:36.0389 5096  IpFilterDriver - ok
20:48:36.0429 5096  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:48:36.0469 5096  iphlpsvc - ok
20:48:36.0499 5096  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
20:48:36.0539 5096  IPMIDRV - ok
20:48:36.0579 5096  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
20:48:36.0629 5096  IPNAT - ok
20:48:36.0759 5096  [ 0F261EC4F514926177C70C1832374231 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
20:48:36.0789 5096  iPod Service - ok
20:48:36.0809 5096  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:48:36.0839 5096  IRENUM - ok
20:48:36.0859 5096  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:48:36.0869 5096  isapnp - ok
20:48:36.0919 5096  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
20:48:36.0939 5096  iScsiPrt - ok
20:48:36.0949 5096  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
20:48:36.0969 5096  kbdclass - ok
20:48:36.0999 5096  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
20:48:37.0019 5096  kbdhid - ok
20:48:37.0029 5096  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
20:48:37.0049 5096  KeyIso - ok
20:48:37.0089 5096  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:48:37.0109 5096  KSecDD - ok
20:48:37.0149 5096  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
20:48:37.0169 5096  KSecPkg - ok
20:48:37.0199 5096  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
20:48:37.0259 5096  ksthunk - ok
20:48:37.0299 5096  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:48:37.0369 5096  KtmRm - ok
20:48:37.0409 5096  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:48:37.0489 5096  LanmanServer - ok
20:48:37.0519 5096  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:48:37.0579 5096  LanmanWorkstation - ok
20:48:37.0629 5096  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:48:37.0699 5096  lltdio - ok
20:48:37.0739 5096  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:48:37.0819 5096  lltdsvc - ok
20:48:37.0839 5096  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:48:37.0879 5096  lmhosts - ok
20:48:37.0909 5096  [ 41E122F6D1448C94CC05196BC41D6BFB ] LPCFilter       C:\Windows\system32\DRIVERS\LPCFilter.sys
20:48:37.0919 5096  LPCFilter - ok
20:48:37.0949 5096  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
20:48:37.0959 5096  LSI_FC - ok
20:48:37.0979 5096  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
20:48:37.0989 5096  LSI_SAS - ok
20:48:38.0009 5096  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:48:38.0019 5096  LSI_SAS2 - ok
20:48:38.0049 5096  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:48:38.0069 5096  LSI_SCSI - ok
20:48:38.0109 5096  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
20:48:38.0179 5096  luafv - ok
20:48:38.0189 5096  massfilter - ok
20:48:38.0219 5096  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:48:38.0249 5096  Mcx2Svc - ok
20:48:38.0279 5096  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
20:48:38.0289 5096  megasas - ok
20:48:38.0329 5096  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
20:48:38.0349 5096  MegaSR - ok
20:48:38.0389 5096  [ 4A1C21576FB7F96F4DBDEA627FFDA775 ] mfeavfk         C:\Windows\system32\drivers\mfeavfk.sys
20:48:38.0399 5096  mfeavfk - ok
20:48:38.0419 5096  [ 9E0AC52B3232FF8DC65FEE1A9C2FE8D1 ] mfehidk         C:\Windows\system32\drivers\mfehidk.sys
20:48:38.0429 5096  mfehidk - ok
20:48:38.0469 5096  [ 624D717B11E5004F68442B5740F17F21 ] mferkdk         C:\Windows\system32\drivers\mferkdk.sys
20:48:38.0479 5096  mferkdk - ok
20:48:38.0489 5096  [ 0CD9DE7B96735F33F078C4EA044E8B34 ] mfesmfk         C:\Windows\system32\drivers\mfesmfk.sys
20:48:38.0499 5096  mfesmfk - ok
20:48:38.0599 5096  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
20:48:38.0639 5096  Microsoft Office Groove Audit Service - ok
20:48:38.0669 5096  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
20:48:38.0769 5096  MMCSS - ok
20:48:38.0809 5096  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
20:48:38.0899 5096  Modem - ok
20:48:38.0949 5096  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:48:39.0009 5096  monitor - ok
20:48:39.0069 5096  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:48:39.0109 5096  mouclass - ok
20:48:39.0149 5096  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:48:39.0199 5096  mouhid - ok
20:48:39.0249 5096  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:48:39.0279 5096  mountmgr - ok
20:48:39.0339 5096  [ D0431544D07A817C0959C73228A62AB0 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:48:39.0349 5096  MozillaMaintenance - ok
20:48:39.0379 5096  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:48:39.0419 5096  mpio - ok
20:48:39.0449 5096  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:48:39.0489 5096  mpsdrv - ok
20:48:39.0549 5096  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:48:39.0609 5096  MpsSvc - ok
20:48:39.0659 5096  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:48:39.0699 5096  MRxDAV - ok
20:48:39.0739 5096  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:48:39.0779 5096  mrxsmb - ok
20:48:39.0819 5096  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:48:39.0849 5096  mrxsmb10 - ok
20:48:39.0889 5096  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:48:39.0919 5096  mrxsmb20 - ok
20:48:39.0959 5096  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
20:48:39.0999 5096  msahci - ok
20:48:40.0029 5096  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:48:40.0049 5096  msdsm - ok
20:48:40.0079 5096  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
20:48:40.0109 5096  MSDTC - ok
20:48:40.0159 5096  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:48:40.0199 5096  Msfs - ok
20:48:40.0209 5096  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
20:48:40.0269 5096  mshidkmdf - ok
20:48:40.0299 5096  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:48:40.0319 5096  msisadrv - ok
20:48:40.0369 5096  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:48:40.0420 5096  MSiSCSI - ok
20:48:40.0420 5096  msiserver - ok
20:48:40.0470 5096  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:48:40.0550 5096  MSKSSRV - ok
20:48:40.0580 5096  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:48:40.0640 5096  MSPCLOCK - ok
20:48:40.0660 5096  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:48:40.0720 5096  MSPQM - ok
20:48:40.0770 5096  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:48:40.0810 5096  MsRPC - ok
20:48:40.0850 5096  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
20:48:40.0860 5096  mssmbios - ok
20:48:40.0900 5096  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:48:40.0980 5096  MSTEE - ok
20:48:40.0990 5096  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
20:48:41.0010 5096  MTConfig - ok
20:48:41.0030 5096  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
20:48:41.0040 5096  Mup - ok
20:48:41.0090 5096  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
20:48:41.0180 5096  napagent - ok
20:48:41.0240 5096  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:48:41.0290 5096  NativeWifiP - ok
20:48:41.0350 5096  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:48:41.0390 5096  NDIS - ok
20:48:41.0430 5096  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
20:48:41.0520 5096  NdisCap - ok
20:48:41.0540 5096  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:48:41.0590 5096  NdisTapi - ok
20:48:41.0620 5096  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:48:41.0700 5096  Ndisuio - ok
20:48:41.0730 5096  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:48:41.0790 5096  NdisWan - ok
20:48:41.0830 5096  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:48:41.0890 5096  NDProxy - ok
20:48:41.0930 5096  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:48:42.0000 5096  NetBIOS - ok
20:48:42.0040 5096  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
20:48:42.0090 5096  NetBT - ok
20:48:42.0110 5096  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
20:48:42.0130 5096  Netlogon - ok
20:48:42.0170 5096  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
20:48:42.0260 5096  Netman - ok
20:48:42.0310 5096  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:48:42.0350 5096  NetMsmqActivator - ok
20:48:42.0360 5096  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:48:42.0370 5096  NetPipeActivator - ok
20:48:42.0400 5096  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
20:48:42.0460 5096  netprofm - ok
20:48:42.0540 5096  [ 81B8D0C1CE44A7FDBD596B693783950C ] netr7364        C:\Windows\system32\DRIVERS\netr7364.sys
20:48:42.0580 5096  netr7364 - ok
20:48:42.0610 5096  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:48:42.0630 5096  NetTcpActivator - ok
20:48:42.0630 5096  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:48:42.0650 5096  NetTcpPortSharing - ok
20:48:42.0690 5096  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
20:48:42.0710 5096  nfrd960 - ok
20:48:42.0770 5096  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:48:42.0800 5096  NlaSvc - ok
20:48:42.0840 5096  [ 907B5E1E4A592E5EDC5E4CCBDE4863C2 ] nmwcd           C:\Windows\system32\drivers\ccdcmbx64.sys
20:48:42.0880 5096  nmwcd - ok
20:48:42.0930 5096  [ 31C1FAC4AE14FB2F8771C59BA3F90BAD ] nmwcdc          C:\Windows\system32\drivers\ccdcmbox64.sys
20:48:43.0020 5096  nmwcdc - ok
20:48:43.0080 5096  [ 9573223E205907247AE6D948E3453770 ] nmwcdnsux64     C:\Windows\system32\drivers\nmwcdnsux64.sys
20:48:43.0130 5096  nmwcdnsux64 - ok
20:48:43.0160 5096  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:48:43.0200 5096  Npfs - ok
20:48:43.0240 5096  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
20:48:43.0290 5096  nsi - ok
20:48:43.0310 5096  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:48:43.0360 5096  nsiproxy - ok
20:48:43.0440 5096  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:48:43.0490 5096  Ntfs - ok
20:48:43.0520 5096  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
20:48:43.0570 5096  Null - ok
20:48:43.0620 5096  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:48:43.0640 5096  nvraid - ok
20:48:43.0660 5096  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:48:43.0680 5096  nvstor - ok
20:48:43.0730 5096  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:48:43.0750 5096  nv_agp - ok
20:48:43.0880 5096  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:48:43.0900 5096  odserv - ok
20:48:43.0930 5096  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:48:43.0960 5096  ohci1394 - ok
20:48:44.0030 5096  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:48:44.0040 5096  ose - ok
20:48:44.0080 5096  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:48:44.0120 5096  p2pimsvc - ok
20:48:44.0150 5096  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
20:48:44.0170 5096  p2psvc - ok
20:48:44.0210 5096  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
20:48:44.0220 5096  Parport - ok
20:48:44.0270 5096  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:48:44.0280 5096  partmgr - ok
20:48:44.0320 5096  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:48:44.0350 5096  PcaSvc - ok
20:48:44.0400 5096  pccsmcfd - ok
20:48:44.0440 5096  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
20:48:44.0460 5096  pci - ok
20:48:44.0480 5096  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
20:48:44.0500 5096  pciide - ok
20:48:44.0530 5096  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
20:48:44.0550 5096  pcmcia - ok
20:48:44.0570 5096  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
20:48:44.0580 5096  pcw - ok
20:48:44.0610 5096  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:48:44.0680 5096  PEAUTH - ok
20:48:44.0750 5096  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
20:48:44.0790 5096  PerfHost - ok
20:48:44.0850 5096  [ 663962900E7FEA522126BA287715BB4A ] PGEffect        C:\Windows\system32\DRIVERS\pgeffect.sys
20:48:44.0870 5096  PGEffect - ok
20:48:44.0950 5096  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
20:48:45.0040 5096  pla - ok
20:48:45.0100 5096  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:48:45.0140 5096  PlugPlay - ok
20:48:45.0170 5096  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
20:48:45.0210 5096  PNRPAutoReg - ok
20:48:45.0240 5096  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
20:48:45.0260 5096  PNRPsvc - ok
20:48:45.0310 5096  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:48:45.0370 5096  PolicyAgent - ok
20:48:45.0410 5096  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
20:48:45.0470 5096  Power - ok
20:48:45.0530 5096  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:48:45.0620 5096  PptpMiniport - ok
20:48:45.0650 5096  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
20:48:45.0690 5096  Processor - ok
20:48:45.0730 5096  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
20:48:45.0780 5096  ProfSvc - ok
20:48:45.0790 5096  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:48:45.0810 5096  ProtectedStorage - ok
20:48:45.0850 5096  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:48:45.0900 5096  Psched - ok
20:48:45.0950 5096  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
20:48:45.0990 5096  ql2300 - ok
20:48:46.0030 5096  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
20:48:46.0040 5096  ql40xx - ok
20:48:46.0080 5096  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
20:48:46.0130 5096  QWAVE - ok
20:48:46.0140 5096  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:48:46.0160 5096  QWAVEdrv - ok
20:48:46.0190 5096  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:48:46.0270 5096  RasAcd - ok
20:48:46.0330 5096  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
20:48:46.0380 5096  RasAgileVpn - ok
20:48:46.0410 5096  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
20:48:46.0480 5096  RasAuto - ok
20:48:46.0530 5096  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:48:46.0590 5096  Rasl2tp - ok
20:48:46.0640 5096  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
20:48:46.0750 5096  RasMan - ok
20:48:46.0790 5096  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:48:46.0840 5096  RasPppoe - ok
20:48:46.0870 5096  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:48:46.0920 5096  RasSstp - ok
20:48:46.0960 5096  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:48:47.0020 5096  rdbss - ok
20:48:47.0050 5096  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
20:48:47.0090 5096  rdpbus - ok
20:48:47.0110 5096  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:48:47.0160 5096  RDPCDD - ok
20:48:47.0190 5096  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:48:47.0240 5096  RDPENCDD - ok
20:48:47.0250 5096  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:48:47.0290 5096  RDPREFMP - ok
20:48:47.0330 5096  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:48:47.0400 5096  RDPWD - ok
20:48:47.0441 5096  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:48:47.0461 5096  rdyboost - ok
20:48:47.0491 5096  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:48:47.0561 5096  RemoteAccess - ok
20:48:47.0592 5096  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:48:47.0642 5096  RemoteRegistry - ok
20:48:47.0662 5096  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:48:47.0722 5096  RpcEptMapper - ok
20:48:47.0752 5096  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
20:48:47.0782 5096  RpcLocator - ok
20:48:47.0832 5096  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
20:48:47.0902 5096  RpcSs - ok
20:48:47.0952 5096  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:48:48.0032 5096  rspndr - ok
20:48:48.0092 5096  [ 8C22F21C924413D4E109995F748E18BB ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
20:48:48.0162 5096  RSUSBSTOR - ok
20:48:48.0212 5096  [ 483C537E69FA97C77F7FE0E2E1C1F102 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
20:48:48.0242 5096  RTHDMIAzAudService - ok
20:48:48.0302 5096  [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
20:48:48.0342 5096  RTL8167 - ok
20:48:48.0422 5096  [ A9EDE191B5478D18F0A1BFF3B822F7A5 ] rtl8192se       C:\Windows\system32\DRIVERS\rtl8192se.sys
20:48:48.0482 5096  rtl8192se - ok
20:48:48.0502 5096  RtsUIR - ok
20:48:48.0522 5096  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
20:48:48.0542 5096  SamSs - ok
20:48:48.0582 5096  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:48:48.0602 5096  sbp2port - ok
20:48:48.0632 5096  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:48:48.0692 5096  SCardSvr - ok
20:48:48.0722 5096  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:48:48.0772 5096  scfilter - ok
20:48:48.0822 5096  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
20:48:48.0892 5096  Schedule - ok
20:48:48.0932 5096  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:48:48.0972 5096  SCPolicySvc - ok
20:48:49.0002 5096  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:48:49.0052 5096  SDRSVC - ok
20:48:49.0092 5096  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:48:49.0152 5096  secdrv - ok
20:48:49.0192 5096  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
20:48:49.0252 5096  seclogon - ok
20:48:49.0282 5096  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
20:48:49.0332 5096  SENS - ok
20:48:49.0372 5096  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:48:49.0402 5096  SensrSvc - ok
20:48:49.0432 5096  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
20:48:49.0442 5096  Serenum - ok
20:48:49.0472 5096  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
20:48:49.0502 5096  Serial - ok
20:48:49.0532 5096  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
20:48:49.0542 5096  sermouse - ok
20:48:49.0582 5096  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
20:48:49.0662 5096  SessionEnv - ok
20:48:49.0692 5096  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:48:49.0722 5096  sffdisk - ok
20:48:49.0732 5096  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:48:49.0752 5096  sffp_mmc - ok
20:48:49.0772 5096  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:48:49.0792 5096  sffp_sd - ok
20:48:49.0842 5096  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
20:48:49.0882 5096  sfloppy - ok
20:48:49.0932 5096  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:48:50.0012 5096  SharedAccess - ok
20:48:50.0052 5096  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:48:50.0112 5096  ShellHWDetection - ok
20:48:50.0132 5096  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:48:50.0142 5096  SiSRaid2 - ok
20:48:50.0182 5096  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
20:48:50.0192 5096  SiSRaid4 - ok
20:48:50.0242 5096  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
20:48:50.0252 5096  SkypeUpdate - ok
20:48:50.0272 5096  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:48:50.0362 5096  Smb - ok
20:48:50.0402 5096  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:48:50.0432 5096  SNMPTRAP - ok
20:48:50.0462 5096  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:48:50.0472 5096  spldr - ok
20:48:50.0522 5096  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
20:48:50.0602 5096  Spooler - ok
20:48:50.0732 5096  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
20:48:50.0932 5096  sppsvc - ok
20:48:50.0962 5096  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
20:48:51.0012 5096  sppuinotify - ok
20:48:51.0092 5096  [ 34F974F8B3C86DE03A30DCBE79091C97 ] sptd            C:\Windows\system32\Drivers\sptd.sys
20:48:51.0092 5096  Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 34F974F8B3C86DE03A30DCBE79091C97
20:48:51.0092 5096  sptd ( LockedFile.Multi.Generic ) - warning
20:48:51.0092 5096  sptd - detected LockedFile.Multi.Generic (1)
20:48:51.0152 5096  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:48:51.0192 5096  srv - ok
20:48:51.0222 5096  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:48:51.0252 5096  srv2 - ok
20:48:51.0292 5096  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:48:51.0332 5096  srvnet - ok
20:48:51.0372 5096  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:48:51.0452 5096  SSDPSRV - ok
20:48:51.0472 5096  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:48:51.0512 5096  SstpSvc - ok
20:48:51.0642 5096  [ E5C796B621F6FBA8616511063D7F0FFE ] StarWindServiceAE C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
20:48:51.0662 5096  StarWindServiceAE ( UnsignedFile.Multi.Generic ) - warning
20:48:51.0662 5096  StarWindServiceAE - detected UnsignedFile.Multi.Generic (1)
20:48:51.0682 5096  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
20:48:51.0702 5096  stexstor - ok
20:48:51.0762 5096  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
20:48:51.0802 5096  stisvc - ok
20:48:51.0852 5096  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
20:48:51.0872 5096  swenum - ok
20:48:51.0912 5096  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
20:48:51.0972 5096  swprv - ok
20:48:52.0032 5096  [ BE7311DA9D6833FA69ED04B744A1C8F8 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
20:48:52.0042 5096  SynTP - ok
20:48:52.0132 5096  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
20:48:52.0202 5096  SysMain - ok
20:48:52.0242 5096  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:48:52.0302 5096  TabletInputService - ok
20:48:52.0332 5096  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:48:52.0382 5096  TapiSrv - ok
20:48:52.0402 5096  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
20:48:52.0452 5096  TBS - ok
20:48:52.0552 5096  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:48:52.0612 5096  Tcpip - ok
20:48:52.0682 5096  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:48:52.0742 5096  TCPIP6 - ok
20:48:52.0782 5096  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:48:52.0802 5096  tcpipreg - ok
20:48:52.0862 5096  [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst        C:\Windows\system32\DRIVERS\tdcmdpst.sys
20:48:52.0892 5096  tdcmdpst - ok
20:48:52.0932 5096  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:48:52.0982 5096  TDPIPE - ok
20:48:53.0022 5096  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:48:53.0072 5096  TDTCP - ok
20:48:53.0122 5096  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:48:53.0212 5096  tdx - ok
20:48:53.0342 5096  [ 960C1194DC43744C4851995F7DAF0552 ] TeamViewer5     C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
20:48:53.0382 5096  TeamViewer5 - ok
20:48:53.0462 5096  [ 63B4F544664DC5154FDA4213E2AF09D0 ] TemproMonitoringService C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
20:48:53.0492 5096  TemproMonitoringService - ok
20:48:53.0512 5096  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
20:48:53.0532 5096  TermDD - ok
20:48:53.0582 5096  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
20:48:53.0662 5096  TermService - ok
20:48:53.0692 5096  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
20:48:53.0732 5096  Themes - ok
20:48:53.0762 5096  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
20:48:53.0812 5096  THREADORDER - ok
20:48:53.0882 5096  [ 32577B987AE5401038451BB392CB8D89 ] TMachInfo       C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
20:48:53.0912 5096  TMachInfo - ok
20:48:53.0942 5096  [ ED32035BDFECED1AD66D459FD9CC1140 ] TODDSrv         C:\Windows\system32\TODDSrv.exe
20:48:53.0972 5096  TODDSrv - ok
20:48:54.0062 5096  [ 4DB8C79BCEA76063B83B13410366A1F7 ] TosCoSrv        C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
20:48:54.0092 5096  TosCoSrv - ok
20:48:54.0172 5096  [ AB2D61A032A01BF9E84F03CAA9D22932 ] TOSHIBA Bluetooth Service C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
20:48:54.0202 5096  TOSHIBA Bluetooth Service - ok
20:48:54.0272 5096  [ 707800855AFBD7648375EFB1519B8D6D ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
20:48:54.0292 5096  TOSHIBA eco Utility Service - ok
20:48:54.0352 5096  [ DD58E1250F604CBBADDA04575E5E2376 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
20:48:54.0372 5096  TOSHIBA HDD SSD Alert Service - ok
20:48:54.0412 5096  [ 8021F63311797085949FA387F7C83583 ] tosporte        C:\Windows\system32\DRIVERS\tosporte.sys
20:48:54.0442 5096  tosporte - ok
20:48:54.0462 5096  [ 71BB669BFCADE1580FDCE010ABC76310 ] tosrfbd         C:\Windows\system32\DRIVERS\tosrfbd.sys
20:48:54.0472 5096  tosrfbd - ok
20:48:54.0492 5096  [ 62512B5277D88600F8BD4B7AEC43569D ] tosrfbnp        C:\Windows\system32\Drivers\tosrfbnp.sys
20:48:54.0502 5096  tosrfbnp - ok
20:48:54.0512 5096  [ C523A9186C39D65CC9ADEBB2E1B93CCD ] Tosrfcom        C:\Windows\system32\Drivers\tosrfcom.sys
20:48:54.0522 5096  Tosrfcom - ok
20:48:54.0572 5096  [ 11699D47B3491D86249C168496D55C92 ] tosrfec         C:\Windows\system32\DRIVERS\tosrfec.sys
20:48:54.0592 5096  tosrfec - ok
20:48:54.0642 5096  [ 451B8C1815C6CC39650AF916C2A382CD ] Tosrfhid        C:\Windows\system32\DRIVERS\Tosrfhid.sys
20:48:54.0672 5096  Tosrfhid - ok
20:48:54.0692 5096  [ B6FDC3C76FFE9C5171EEA9C37EA367C2 ] tosrfnds        C:\Windows\system32\DRIVERS\tosrfnds.sys
20:48:54.0702 5096  tosrfnds - ok
20:48:54.0722 5096  [ E1E045240C1184FA6628F3C7E7FF85D8 ] TosRfSnd        C:\Windows\system32\drivers\tosrfsnd.sys
20:48:54.0732 5096  TosRfSnd - ok
20:48:54.0782 5096  [ DA7AA562448E29CA895895920BFF8946 ] Tosrfusb        C:\Windows\system32\DRIVERS\tosrfusb.sys
20:48:54.0802 5096  Tosrfusb - ok
20:48:54.0852 5096  [ 09FF7B0B1B5C3D225495CB6F5A9B39F8 ] tos_sps64       C:\Windows\system32\DRIVERS\tos_sps64.sys
20:48:54.0902 5096  tos_sps64 - ok
20:48:54.0972 5096  [ DE64C52BD0671165CF2EEBF2A728A3E2 ] TPCHSrv         C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
20:48:55.0002 5096  TPCHSrv - ok
20:48:55.0042 5096  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
20:48:55.0102 5096  TrkWks - ok
20:48:55.0172 5096  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:48:55.0252 5096  TrustedInstaller - ok
20:48:55.0292 5096  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:48:55.0342 5096  tssecsrv - ok
20:48:55.0402 5096  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
20:48:55.0462 5096  TsUsbFlt - ok
20:48:55.0502 5096  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:48:55.0562 5096  tunnel - ok
20:48:55.0612 5096  [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ           C:\Windows\system32\DRIVERS\TVALZ_O.SYS
20:48:55.0622 5096  TVALZ - ok
20:48:55.0652 5096  [ 9C7191F4B2E49BFF47A6C1144B5923FA ] TVALZFL         C:\Windows\system32\DRIVERS\TVALZFL.sys
20:48:55.0662 5096  TVALZFL - ok
20:48:55.0692 5096  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
20:48:55.0712 5096  uagp35 - ok
20:48:55.0752 5096  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:48:55.0812 5096  udfs - ok
20:48:55.0852 5096  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:48:55.0892 5096  UI0Detect - ok
20:48:55.0922 5096  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:48:55.0942 5096  uliagpkx - ok
20:48:56.0002 5096  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
20:48:56.0042 5096  umbus - ok
20:48:56.0072 5096  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
20:48:56.0082 5096  UmPass - ok
20:48:56.0132 5096  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
20:48:56.0192 5096  upnphost - ok
20:48:56.0252 5096  [ FBD861E69E1F583BEC906FCD04E4F84E ] upperdev        C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
20:48:56.0322 5096  upperdev - ok
20:48:56.0362 5096  [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
20:48:56.0402 5096  USBAAPL64 - ok
20:48:56.0443 5096  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:48:56.0473 5096  usbccgp - ok
20:48:56.0483 5096  USBCCID - ok
20:48:56.0523 5096  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:48:56.0563 5096  usbcir - ok
20:48:56.0603 5096  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
20:48:56.0643 5096  usbehci - ok
20:48:56.0673 5096  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:48:56.0713 5096  usbhub - ok
20:48:56.0743 5096  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
20:48:56.0793 5096  usbohci - ok
20:48:56.0823 5096  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:48:56.0883 5096  usbprint - ok
20:48:56.0913 5096  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
20:48:56.0943 5096  usbscan - ok
20:48:56.0993 5096  [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser          C:\Windows\system32\drivers\usbser.sys
20:48:57.0063 5096  usbser - ok
20:48:57.0093 5096  [ 0FBB0080B287BBCBF5C7076E3D74A35C ] UsbserFilt      C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
20:48:57.0133 5096  UsbserFilt - ok
20:48:57.0163 5096  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:48:57.0213 5096  USBSTOR - ok
20:48:57.0243 5096  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
20:48:57.0283 5096  usbuhci - ok
20:48:57.0343 5096  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
20:48:57.0383 5096  usbvideo - ok
20:48:57.0403 5096  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
20:48:57.0453 5096  UxSms - ok
20:48:57.0473 5096  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
20:48:57.0483 5096  VaultSvc - ok
20:48:57.0543 5096  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
20:48:57.0573 5096  vdrvroot - ok
20:48:57.0623 5096  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
20:48:57.0703 5096  vds - ok
20:48:57.0733 5096  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:48:57.0753 5096  vga - ok
20:48:57.0763 5096  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:48:57.0813 5096  VgaSave - ok
20:48:57.0853 5096  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
20:48:57.0873 5096  vhdmp - ok
20:48:57.0883 5096  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
20:48:57.0903 5096  viaide - ok
20:48:57.0913 5096  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:48:57.0933 5096  volmgr - ok
20:48:57.0963 5096  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:48:57.0983 5096  volmgrx - ok
20:48:58.0003 5096  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:48:58.0023 5096  volsnap - ok
20:48:58.0103 5096  [ 5EA22CB6B100212837A97F281EDB3C47 ] vpnagent        C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
20:48:58.0133 5096  vpnagent - ok
20:48:58.0183 5096  [ 0E4DF91E83DA5739FFB18535D4DB10AA ] vpnva           C:\Windows\system32\DRIVERS\vpnva64.sys
20:48:58.0203 5096  vpnva - ok
20:48:58.0253 5096  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
20:48:58.0273 5096  vsmraid - ok
20:48:58.0413 5096  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
20:48:58.0483 5096  VSS - ok
20:48:58.0523 5096  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
20:48:58.0543 5096  vwifibus - ok
20:48:58.0573 5096  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
20:48:58.0623 5096  vwififlt - ok
20:48:58.0663 5096  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
20:48:58.0713 5096  vwifimp - ok
20:48:58.0773 5096  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
20:48:58.0833 5096  W32Time - ok
20:48:58.0863 5096  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
20:48:58.0883 5096  WacomPen - ok
20:48:58.0983 5096  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:48:59.0053 5096  WANARP - ok
20:48:59.0063 5096  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:48:59.0093 5096  Wanarpv6 - ok
20:48:59.0203 5096  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
20:48:59.0253 5096  WatAdminSvc - ok
20:48:59.0333 5096  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
20:48:59.0373 5096  wbengine - ok
20:48:59.0413 5096  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:48:59.0433 5096  WbioSrvc - ok
20:48:59.0483 5096  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:48:59.0503 5096  wcncsvc - ok
20:48:59.0513 5096  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:48:59.0543 5096  WcsPlugInService - ok
20:48:59.0563 5096  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
20:48:59.0573 5096  Wd - ok
20:48:59.0633 5096  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:48:59.0673 5096  Wdf01000 - ok
20:48:59.0683 5096  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:48:59.0793 5096  WdiServiceHost - ok
20:48:59.0803 5096  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:48:59.0823 5096  WdiSystemHost - ok
20:48:59.0863 5096  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
20:48:59.0903 5096  WebClient - ok
20:48:59.0933 5096  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:48:59.0993 5096  Wecsvc - ok
20:49:00.0023 5096  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:49:00.0063 5096  wercplsupport - ok
20:49:00.0103 5096  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:49:00.0153 5096  WerSvc - ok
20:49:00.0193 5096  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:49:00.0233 5096  WfpLwf - ok
20:49:00.0253 5096  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:49:00.0263 5096  WIMMount - ok
20:49:00.0273 5096  WinDefend - ok
20:49:00.0283 5096  WinHttpAutoProxySvc - ok
20:49:00.0343 5096  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:49:00.0413 5096  Winmgmt - ok
20:49:00.0513 5096  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
20:49:00.0603 5096  WinRM - ok
20:49:00.0663 5096  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
20:49:00.0723 5096  WinUsb - ok
20:49:00.0763 5096  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:49:00.0823 5096  Wlansvc - ok
20:49:00.0873 5096  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:49:00.0903 5096  wlcrasvc - ok
20:49:01.0033 5096  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:49:01.0083 5096  wlidsvc - ok
20:49:01.0123 5096  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
20:49:01.0173 5096  WmiAcpi - ok
20:49:01.0203 5096  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:49:01.0233 5096  wmiApSrv - ok
20:49:01.0283 5096  WMPNetworkSvc - ok
20:49:01.0303 5096  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:49:01.0323 5096  WPCSvc - ok
20:49:01.0363 5096  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:49:01.0403 5096  WPDBusEnum - ok
20:49:01.0423 5096  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:49:01.0484 5096  ws2ifsl - ok
20:49:01.0524 5096  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
20:49:01.0564 5096  wscsvc - ok
20:49:01.0574 5096  WSearch - ok
20:49:01.0674 5096  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
20:49:01.0764 5096  wuauserv - ok
20:49:01.0794 5096  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:49:01.0824 5096  WudfPf - ok
20:49:01.0864 5096  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:49:01.0894 5096  WUDFRd - ok
20:49:01.0934 5096  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:49:01.0964 5096  wudfsvc - ok
20:49:01.0994 5096  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
20:49:02.0054 5096  WwanSvc - ok
20:49:02.0124 5096  ================ Scan global ===============================
20:49:02.0154 5096  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:49:02.0194 5096  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
20:49:02.0204 5096  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
20:49:02.0234 5096  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:49:02.0264 5096  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:49:02.0274 5096  [Global] - ok
20:49:02.0274 5096  ================ Scan MBR ==================================
20:49:02.0284 5096  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:49:03.0274 5096  \Device\Harddisk0\DR0 - ok
20:49:03.0284 5096  ================ Scan VBR ==================================
20:49:03.0314 5096  [ 96168BF4158CF948CAED85769E36259A ] \Device\Harddisk0\DR0\Partition1
20:49:03.0314 5096  \Device\Harddisk0\DR0\Partition1 - ok
20:49:03.0344 5096  [ FAD7D6E3CA08692AFFAF65FAB5AE13EF ] \Device\Harddisk0\DR0\Partition2
20:49:03.0344 5096  \Device\Harddisk0\DR0\Partition2 - ok
20:49:03.0354 5096  ============================================================
20:49:03.0354 5096  Scan finished
20:49:03.0354 5096  ============================================================
20:49:03.0374 3600  Detected object count: 2
20:49:03.0374 3600  Actual detected object count: 2
20:49:14.0745 3600  sptd ( LockedFile.Multi.Generic ) - skipped by user
20:49:14.0745 3600  sptd ( LockedFile.Multi.Generic ) - User select action: Skip 
20:49:14.0755 3600  StarWindServiceAE ( UnsignedFile.Multi.Generic ) - skipped by user
20:49:14.0755 3600  StarWindServiceAE ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 30.12.2012, 19:54   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Polizei Department Control Trojaner - Standard

Polizei Department Control Trojaner



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 30.12.2012, 20:10   #9
ado_87
 
Polizei Department Control Trojaner - Standard

Polizei Department Control Trojaner



so auch das wär erledigt

ComboFix Log:
Code:
ATTFilter
ComboFix 12-12-30.01 - Admir 30.12.2012  20:58:53.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.43.1031.18.4061.2469 [GMT 1:00]
ausgeführt von:: c:\users\Admir\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\A1
c:\program files (x86)\A1\A1 Bandbreiten-Optimierer\A1_Bandbreiten_Optimierer.exe
c:\program files (x86)\A1\A1 Breitband\A1Breitband.chm
c:\program files (x86)\A1\A1 Breitband\A1Breitband.exe
c:\program files (x86)\A1\A1 Breitband\Browser\FF_Setup.exe
c:\program files (x86)\A1\A1 Breitband\inifiles.dat
c:\program files (x86)\A1\A1 Breitband\ipworks6.dll
c:\program files (x86)\A1\A1 Diagnose\A1CMDTool.exe
c:\program files (x86)\A1\A1 Diagnose\A1Diagnose.exe
c:\program files (x86)\A1\A1 Diagnose\A1Mailboxen.exe
c:\program files (x86)\A1\A1 Diagnose\A1Modemkonfigurator.exe
c:\program files (x86)\A1\A1 Diagnose\A1WLANAssistent.exe
c:\program files (x86)\A1\A1 Diagnose\inifiles.dat
c:\program files (x86)\A1\A1 Diagnose\ipworks6.dll
c:\program files (x86)\A1\A1 Diagnose\KCO.exe
c:\program files (x86)\A1\A1 Modemwechsel\A1Modemwechsel.chm
c:\program files (x86)\A1\A1 Modemwechsel\A1Modemwechsel.exe
c:\program files (x86)\A1\A1 Modemwechsel\inifiles.dat
c:\program files (x86)\A1\A1 Modemwechsel\ipworks6.dll
c:\program files (x86)\A1\A1 Servicecenter\A1Servicecenter.chm
c:\program files (x86)\A1\A1 Servicecenter\A1Servicecenter.exe
c:\program files (x86)\A1\A1 Servicecenter\Content\broadband.html
c:\program files (x86)\A1\A1 Servicecenter\Content\cd_index.html
c:\program files (x86)\A1\A1 Servicecenter\Content\fonts\a1ta_medium_web01-webfont.ttf
c:\program files (x86)\A1\A1 Servicecenter\Content\fonts\a1ta_regular_web01-webfont.ttf
c:\program files (x86)\A1\A1 Servicecenter\Content\img\01a_a1_breitband_200x300.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\01a_weitere_services.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\01a_wlan_einrichten.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\02a_a1_breitband_installieren_200x366.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\02a_modemkonfigurationssoftware.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\02a_modemwechselsoftware.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\02b_breitband_unterwegs.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\02b_breitband_zuhause.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\02b_hinzufuegen.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\02b_installation.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\02b_wiederherstellen.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\03_zusaetzliche_wlan_geraete.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\03_zusaetzliche_wlan_sicherheitseinstellungen.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\1x1_white_15.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\AdobeX_48x48.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\arrow_down_black.gif
c:\program files (x86)\A1\A1 Servicecenter\Content\img\arrow_down_green.gif
c:\program files (x86)\A1\A1 Servicecenter\Content\img\arrow_up_green.gif
c:\program files (x86)\A1\A1 Servicecenter\Content\img\back.gif
c:\program files (x86)\A1\A1 Servicecenter\Content\img\bg_box_big.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\bg_box_small.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\bg_faq.gif
c:\program files (x86)\A1\A1 Servicecenter\Content\img\bg_faq_open.gif
c:\program files (x86)\A1\A1 Servicecenter\Content\img\bg_overlay.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\bg_sliderButtonLeft.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\bg_sliderButtonRight.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\btn_close.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\cd_intro.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\FF_48x48.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\footer_trenner.gif
c:\program files (x86)\A1\A1 Servicecenter\Content\img\icon_info.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\IE_48x48.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\info_bl.gif
c:\program files (x86)\A1\A1 Servicecenter\Content\img\info_br.gif
c:\program files (x86)\A1\A1 Servicecenter\Content\img\info_tl.gif
c:\program files (x86)\A1\A1 Servicecenter\Content\img\info_tr.gif
c:\program files (x86)\A1\A1 Servicecenter\Content\img\intro.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\link_active_center.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\link_active_left.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\link_active_right.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\link_arrow.gif
c:\program files (x86)\A1\A1 Servicecenter\Content\img\link_arrow_back.gif
c:\program files (x86)\A1\A1 Servicecenter\Content\img\link_arrow_back_black.gif
c:\program files (x86)\A1\A1 Servicecenter\Content\img\link_arrow_black.gif
c:\program files (x86)\A1\A1 Servicecenter\Content\img\loader.gif
c:\program files (x86)\A1\A1 Servicecenter\Content\img\logo.jpg
c:\program files (x86)\A1\A1 Servicecenter\Content\img\logo_chrome_150.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\logo_chrome_48.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\logo_glas_48.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\logo_kabel_48.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\mm_icon_48x48.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\productslider_next.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\productslider_prev.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\start_diagnose.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\start_diagnose_green.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\start_internet.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\start_internet_green.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\start_mail.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\start_mail_green.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\start_manuals.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\start_manuals_green.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\start_wlan.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\start_wlan_green.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\start_zusatzsoftware.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\start_zusatzsoftware_green.png
c:\program files (x86)\A1\A1 Servicecenter\Content\includes\main.css
c:\program files (x86)\A1\A1 Servicecenter\Content\includes\main.js
c:\program files (x86)\A1\A1 Servicecenter\Content\index.html
c:\program files (x86)\A1\A1 Servicecenter\Content\manuals.html
c:\program files (x86)\A1\A1 Servicecenter\Content\software.html
c:\program files (x86)\A1\A1 Servicecenter\Content\wlan.html
c:\program files (x86)\A1\A1 Servicecenter\icudt42.dll
c:\program files (x86)\A1\A1 Servicecenter\libcef.dll
c:\program files (x86)\A1\A1 Servicecenter\reqdata.cfg
c:\program files (x86)\A1\A1 Servicecenter\Start.exe
c:\program files (x86)\A1\A1 Servicecenter\Start.ini
c:\program files (x86)\A1\A1 Update\M2Updater.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-11-28 bis 2012-12-30  ))))))))))))))))))))))))))))))
.
.
2012-12-30 20:07 . 2012-12-30 20:07	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-12-30 17:00 . 2012-12-30 17:00	--------	d-----w-	c:\windows\83B952C7F8F34CA3B4C533C85B24E478.TMP
2012-12-30 15:14 . 2012-12-30 15:14	--------	d-----w-	C:\_OTL
2012-12-30 12:53 . 2012-12-30 12:53	--------	d-----w-	c:\program files\Enigma Software Group
2012-12-30 12:38 . 2012-12-30 12:38	2890	----a-w-	c:\programdata\dsgsdgdsgdsgw.js
2012-12-27 17:05 . 2012-12-27 17:05	--------	d-----w-	c:\program files (x86)\Deluxe Ski Jump 4
2012-12-27 17:05 . 2012-12-27 17:05	--------	d-----w-	c:\users\Admir\AppData\Local\Programs
2012-12-24 14:47 . 2012-12-24 14:47	--------	d-----w-	c:\program files (x86)\Deluxe Ski Jump 3
2012-12-22 01:12 . 2012-12-16 17:11	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-22 01:12 . 2012-12-16 14:45	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-22 01:12 . 2012-12-16 14:13	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-22 01:12 . 2012-12-16 14:13	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-20 10:41 . 2012-12-20 10:41	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-20 10:41 . 2012-12-20 10:41	--------	d-----w-	c:\program files\iTunes
2012-12-20 10:41 . 2012-12-20 10:41	--------	d-----w-	c:\program files (x86)\iTunes
2012-12-20 10:41 . 2012-12-20 10:41	--------	d-----w-	c:\program files\iPod
2012-12-13 21:26 . 2012-12-13 21:26	--------	d-----w-	c:\program files (x86)\Common Files\Java
2012-12-13 21:26 . 2012-12-13 21:26	821736	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-12-13 21:26 . 2012-12-13 21:26	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-12-13 21:26 . 2012-12-13 21:26	95208	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-12 20:11 . 2012-11-14 07:06	17811968	----a-w-	c:\windows\system32\mshtml.dll
2012-12-12 20:11 . 2012-11-14 06:32	10925568	----a-w-	c:\windows\system32\ieframe.dll
2012-12-12 20:06 . 2012-11-09 05:45	2048	----a-w-	c:\windows\system32\tzres.dll
2012-12-12 20:06 . 2012-11-09 04:42	2048	----a-w-	c:\windows\SysWow64\tzres.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-14 15:49 . 2010-11-14 10:17	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-12-12 20:16 . 2009-12-20 10:46	67413224	----a-w-	c:\windows\system32\MRT.exe
2012-12-11 14:54 . 2012-11-03 21:49	129216	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-12-11 14:54 . 2012-11-03 21:49	99912	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-11-26 19:06 . 2012-11-26 19:06	31344	----a-w-	c:\windows\system32\drivers\cnnctfy2.sys
2012-11-20 10:25 . 2012-04-21 09:25	697272	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-20 10:25 . 2011-10-12 20:35	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-16 08:38 . 2012-11-28 15:38	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 15:38	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 15:38	561664	----a-w-	c:\windows\apppatch\AcLayers.dll
2012-10-12 07:19 . 2012-11-02 09:55	9291768	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{B6C620D4-2327-4001-BBA1-CAE8A259B2D0}\mpengine.dll
2012-10-09 18:17 . 2012-11-15 08:53	55296	----a-w-	c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-15 08:53	226816	----a-w-	c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-15 08:53	44032	----a-w-	c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-15 08:53	193536	----a-w-	c:\windows\SysWow64\dhcpcore6.dll
2012-10-04 16:40 . 2012-12-12 20:05	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-10-03 17:56 . 2012-11-15 08:53	1914248	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-15 08:53	303104	----a-w-	c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-15 08:53	70656	----a-w-	c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-15 08:53	246272	----a-w-	c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-15 08:53	18944	----a-w-	c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-15 08:53	216576	----a-w-	c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-15 08:53	569344	----a-w-	c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-15 08:53	18944	----a-w-	c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-15 08:53	175104	----a-w-	c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-15 08:53	156672	----a-w-	c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-15 08:53	45568	----a-w-	c:\windows\system32\drivers\tcpipreg.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-08-12 6203296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-08-12 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-01-13 34088]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-29 98304]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-21 83336]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-08-11 2446648]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-12-11 384800]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Z1"="c:\users\Admir\Desktop\mbar\mbar.exe" [2012-12-04 1342312]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-08-12 6203296]
.
c:\users\Admir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Admir\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-29 28539392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-8-6 2680160]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"shell"=hex(0):45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,2e,00,65,00,78,\
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-07-24 114560]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 netr7364;RT73 USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr7364.sys [2009-06-10 707072]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2011-08-17 171008]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-30 222208]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-08 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-26 503352]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-07-24 482384]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-29 203264]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-11 85280]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-10 248688]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-14 42368]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-06 2002728]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2009-08-06 116104]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-27 251760]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 14472]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-12-17 497856]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-08-26 942080]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-03 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-04 826224]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 35127024
*NewlyCreated* - ASWMBR
*Deregistered* - 35127024
*Deregistered* - aswMBR
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-03 709976]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2009-08-06 1050000]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2009-07-30 134032]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = 
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Admir\AppData\Roaming\Mozilla\Firefox\Profiles\w89gi4f3.default\
FF - ExtSQL: 2012-12-04 22:01; {AB2CE124-6272-4b12-94A9-7303C7397BD1}; c:\program files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - ExtSQL: 2012-12-04 22:01; {B0BBFC8E-6697-4D2B-8FC4-B5AD9B3B1F11}; c:\program files (x86)\Mozilla Firefox\extensions\{B0BBFC8E-6697-4D2B-8FC4-B5AD9B3B1F11}
FF - ExtSQL: 2012-12-07 12:53; testpilot@labs.mozilla.com; c:\users\Admir\AppData\Roaming\Mozilla\Firefox\Profiles\w89gi4f3.default\extensions\testpilot@labs.mozilla.com.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
AddRemove-DAEMON Tools Toolbar - c:\program files (x86)\DAEMON Tools Toolbar\uninst.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{32099AAC-C132-4136-9E9A-4E364A424E17}"=hex:51,66,7a,6c,4c,1d,38,12,c2,99,1a,
   36,00,8f,58,04,e1,8c,0d,76,4f,1c,0a,03
"{5018CFD2-804D-4C99-9F81-25EAEA2769DE}"=hex:51,66,7a,6c,4c,1d,38,12,bc,cc,0b,
   54,7f,ce,f7,09,e0,97,66,aa,ef,79,2d,ca
"{945C8270-A848-11D5-A805-00B0D092F45B}"=hex:51,66,7a,6c,4c,1d,38,12,1e,81,4f,
   90,7a,e6,bb,54,d7,13,43,f0,d5,cc,b0,4f
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
   76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{82D2E569-25A7-4E4D-9FA3-C5025B4B7912}"=hex:51,66,7a,6c,4c,1d,38,12,07,e6,c1,
   86,95,6b,23,0b,e0,b5,86,42,5e,15,3d,06
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
   9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E87806B5-E908-45FD-AF5E-957D83E58E68}"=hex:51,66,7a,6c,4c,1d,38,12,db,05,6b,
   ec,3a,a7,93,00,d0,48,d6,3d,86,bb,ca,7c
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
   2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:dd,8d,e2,ff,0c,ba,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d3,cb,bb,54,0e,35,4f,4b,b6,fb,8d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d3,cb,bb,54,0e,35,4f,4b,b6,fb,8d,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-12-30  21:09:38
ComboFix-quarantined-files.txt  2012-12-30 20:09
.
Vor Suchlauf: 14 Verzeichnis(se), 82.608.242.688 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 82.611.347.456 Bytes frei
.
- - End Of File - - 1E4090D423655B9A1C0D5346B33018E6
         

Alt 30.12.2012, 22:11   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Polizei Department Control Trojaner - Standard

Polizei Department Control Trojaner



Hm, scheint so als würde Combofix das Programm A1 immer noch nicht mögen...

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
ATTFilter
Dequarantine::
C:\Qoobox\Quarantine\c\program files (x86)\A1
Quit::
         
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.



6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 30.12.2012, 22:25   #11
ado_87
 
Polizei Department Control Trojaner - Standard

Polizei Department Control Trojaner



hab das auch gemacht und den computer neugestartet, weil das Internet nicht mehr gegangen ist.

hier die Log-Datei:

Code:
ATTFilter
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Bandbreiten-Optimierer\A1_Bandbreiten_Optimierer.exe -> C:\program files (x86)\A1\A1 Bandbreiten-Optimierer\A1_Bandbreiten_Optimierer.exe
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Breitband\A1Breitband.chm -> C:\program files (x86)\A1\A1 Breitband\A1Breitband.chm
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Breitband\A1Breitband.exe -> C:\program files (x86)\A1\A1 Breitband\A1Breitband.exe
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Breitband\inifiles.dat -> C:\program files (x86)\A1\A1 Breitband\inifiles.dat
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Breitband\ipworks6.dll -> C:\program files (x86)\A1\A1 Breitband\ipworks6.dll
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Breitband\Browser\FF_Setup.exe -> C:\program files (x86)\A1\A1 Breitband\Browser\FF_Setup.exe
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Diagnose\A1CMDTool.exe -> C:\program files (x86)\A1\A1 Diagnose\A1CMDTool.exe
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Diagnose\A1Diagnose.exe -> C:\program files (x86)\A1\A1 Diagnose\A1Diagnose.exe
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Diagnose\A1Mailboxen.exe -> C:\program files (x86)\A1\A1 Diagnose\A1Mailboxen.exe
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Diagnose\A1Modemkonfigurator.exe -> C:\program files (x86)\A1\A1 Diagnose\A1Modemkonfigurator.exe
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Diagnose\A1WLANAssistent.exe -> C:\program files (x86)\A1\A1 Diagnose\A1WLANAssistent.exe
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Diagnose\inifiles.dat -> C:\program files (x86)\A1\A1 Diagnose\inifiles.dat
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Diagnose\ipworks6.dll -> C:\program files (x86)\A1\A1 Diagnose\ipworks6.dll
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Diagnose\KCO.exe -> C:\program files (x86)\A1\A1 Diagnose\KCO.exe
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Modemwechsel\A1Modemwechsel.chm -> C:\program files (x86)\A1\A1 Modemwechsel\A1Modemwechsel.chm
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Modemwechsel\A1Modemwechsel.exe -> C:\program files (x86)\A1\A1 Modemwechsel\A1Modemwechsel.exe
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Modemwechsel\inifiles.dat -> C:\program files (x86)\A1\A1 Modemwechsel\inifiles.dat
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Modemwechsel\ipworks6.dll -> C:\program files (x86)\A1\A1 Modemwechsel\ipworks6.dll
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\A1Servicecenter.chm -> C:\program files (x86)\A1\A1 Servicecenter\A1Servicecenter.chm
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\A1Servicecenter.exe -> C:\program files (x86)\A1\A1 Servicecenter\A1Servicecenter.exe
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\icudt42.dll -> C:\program files (x86)\A1\A1 Servicecenter\icudt42.dll
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\libcef.dll -> C:\program files (x86)\A1\A1 Servicecenter\libcef.dll
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\reqdata.cfg -> C:\program files (x86)\A1\A1 Servicecenter\reqdata.cfg
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Start.exe -> C:\program files (x86)\A1\A1 Servicecenter\Start.exe
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Start.ini -> C:\program files (x86)\A1\A1 Servicecenter\Start.ini
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\broadband.html -> C:\program files (x86)\A1\A1 Servicecenter\Content\broadband.html
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\cd_index.html -> C:\program files (x86)\A1\A1 Servicecenter\Content\cd_index.html
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\index.html -> C:\program files (x86)\A1\A1 Servicecenter\Content\index.html
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\manuals.html -> C:\program files (x86)\A1\A1 Servicecenter\Content\manuals.html
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\software.html -> C:\program files (x86)\A1\A1 Servicecenter\Content\software.html
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\wlan.html -> C:\program files (x86)\A1\A1 Servicecenter\Content\wlan.html
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\fonts\a1ta_medium_web01-webfont.ttf -> C:\program files (x86)\A1\A1 Servicecenter\Content\fonts\a1ta_medium_web01-webfont.ttf
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\fonts\a1ta_regular_web01-webfont.ttf -> C:\program files (x86)\A1\A1 Servicecenter\Content\fonts\a1ta_regular_web01-webfont.ttf
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\01a_a1_breitband_200x300.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\01a_a1_breitband_200x300.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\01a_weitere_services.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\01a_weitere_services.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\01a_wlan_einrichten.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\01a_wlan_einrichten.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\02a_a1_breitband_installieren_200x366.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\02a_a1_breitband_installieren_200x366.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\02a_modemkonfigurationssoftware.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\02a_modemkonfigurationssoftware.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\02a_modemwechselsoftware.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\02a_modemwechselsoftware.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\02b_breitband_unterwegs.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\02b_breitband_unterwegs.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\02b_breitband_zuhause.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\02b_breitband_zuhause.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\02b_hinzufuegen.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\02b_hinzufuegen.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\02b_installation.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\02b_installation.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\02b_wiederherstellen.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\02b_wiederherstellen.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\03_zusaetzliche_wlan_geraete.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\03_zusaetzliche_wlan_geraete.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\03_zusaetzliche_wlan_sicherheitseinstellungen.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\03_zusaetzliche_wlan_sicherheitseinstellungen.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\1x1_white_15.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\1x1_white_15.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\AdobeX_48x48.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\AdobeX_48x48.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\arrow_down_black.gif -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\arrow_down_black.gif
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\arrow_down_green.gif -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\arrow_down_green.gif
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\arrow_up_green.gif -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\arrow_up_green.gif
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\back.gif -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\back.gif
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\bg_box_big.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\bg_box_big.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\bg_box_small.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\bg_box_small.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\bg_faq.gif -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\bg_faq.gif
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\bg_faq_open.gif -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\bg_faq_open.gif
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\bg_overlay.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\bg_overlay.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\bg_sliderButtonLeft.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\bg_sliderButtonLeft.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\bg_sliderButtonRight.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\bg_sliderButtonRight.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\btn_close.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\btn_close.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\cd_intro.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\cd_intro.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\FF_48x48.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\FF_48x48.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\footer_trenner.gif -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\footer_trenner.gif
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\icon_info.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\icon_info.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\IE_48x48.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\IE_48x48.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\info_bl.gif -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\info_bl.gif
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\info_br.gif -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\info_br.gif
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\info_tl.gif -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\info_tl.gif
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\info_tr.gif -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\info_tr.gif
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\intro.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\intro.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\link_active_center.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\link_active_center.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\link_active_left.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\link_active_left.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\link_active_right.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\link_active_right.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\link_arrow.gif -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\link_arrow.gif
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\link_arrow_back.gif -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\link_arrow_back.gif
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\link_arrow_back_black.gif -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\link_arrow_back_black.gif
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\link_arrow_black.gif -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\link_arrow_black.gif
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\loader.gif -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\loader.gif
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\logo.jpg -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\logo.jpg
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\logo_chrome_150.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\logo_chrome_150.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\logo_chrome_48.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\logo_chrome_48.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\logo_glas_48.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\logo_glas_48.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\logo_kabel_48.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\logo_kabel_48.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\mm_icon_48x48.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\mm_icon_48x48.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\productslider_next.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\productslider_next.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\productslider_prev.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\productslider_prev.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\start_diagnose.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\start_diagnose.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\start_diagnose_green.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\start_diagnose_green.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\start_internet.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\start_internet.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\start_internet_green.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\start_internet_green.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\start_mail.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\start_mail.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\start_mail_green.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\start_mail_green.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\start_manuals.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\start_manuals.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\start_manuals_green.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\start_manuals_green.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\start_wlan.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\start_wlan.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\start_wlan_green.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\start_wlan_green.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\start_zusatzsoftware.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\start_zusatzsoftware.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\start_zusatzsoftware_green.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\start_zusatzsoftware_green.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\includes\main.css -> C:\program files (x86)\A1\A1 Servicecenter\Content\includes\main.css
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\includes\main.js -> C:\program files (x86)\A1\A1 Servicecenter\Content\includes\main.js
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Update\M2Updater.exe -> C:\program files (x86)\A1\A1 Update\M2Updater.exe
101 Datei(en) kopiert
         

Alt 30.12.2012, 22:30   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Polizei Department Control Trojaner - Standard

Polizei Department Control Trojaner



adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 30.12.2012, 22:40   #13
ado_87
 
Polizei Department Control Trojaner - Standard

Polizei Department Control Trojaner



Suche bei adwCleaner:
Code:
ATTFilter
# AdwCleaner v2.104 - Datei am 30/12/2012 um 23:38:39 erstellt
# Aktualisiert am 29/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Admir - ADMIR-TOSHIBA
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Admir\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v18.0 (de)

Datei : C:\Users\Admir\AppData\Roaming\Mozilla\Firefox\Profiles\4uyw43bj.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Admir\AppData\Roaming\Mozilla\Firefox\Profiles\w89gi4f3.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v23.0.1271.97

Datei : C:\Users\Admir\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [15120 octets] - [30/12/2012 17:49:18]
AdwCleaner[R2].txt - [1059 octets] - [30/12/2012 23:38:39]
AdwCleaner[S1].txt - [14835 octets] - [30/12/2012 17:50:26]

########## EOF - C:\AdwCleaner[R2].txt - [1180 octets] ##########
         

Alt 30.12.2012, 22:54   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Polizei Department Control Trojaner - Standard

Polizei Department Control Trojaner



Eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 30.12.2012, 23:10   #15
ado_87
 
Polizei Department Control Trojaner - Standard

Polizei Department Control Trojaner



OTL.txt:
Code:
ATTFilter
OTL logfile created on: 30.12.2012 23:56:22 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Admir\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 2,50 Gb Available Physical Memory | 62,95% Memory free
7,93 Gb Paging File | 6,06 Gb Available in Paging File | 76,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186,31 Gb Total Space | 80,87 Gb Free Space | 43,41% Space Free | Partition Type: NTFS
Drive D: | 185,91 Gb Total Space | 58,62 Gb Free Space | 31,53% Space Free | Partition Type: NTFS
 
Computer Name: ADMIR-TOSHIBA | User Name: Admir | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Admir\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Admir\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (StarWind Software)
PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA)
PRC - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosHdpProc.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (GameConsoleService) -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (StarWind Software)
SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (TOSHIBA eco Utility Service) -- C:\Programme\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION)
SRV - (TemproMonitoringService) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
SRV - (TosCoSrv) -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (TPCHSrv) -- C:\Programme\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV - (TOSHIBA HDD SSD Alert Service) -- C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (ConfigFree Gadget Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (nmwcdnsux64) -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys (Nokia)
DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfesmfk) -- C:\Windows\SysNative\drivers\mfesmfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdk) -- C:\Windows\SysNative\drivers\mferkdk.sys (McAfee, Inc.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (rtl8192se) -- C:\Windows\SysNative\drivers\rtl8192se.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (Tosrfusb) -- C:\Windows\SysNative\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV:64bit: - (TosRfSnd) -- C:\Windows\SysNative\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV:64bit: - (LPCFilter) -- C:\Windows\SysNative\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (Tosrfcom) -- C:\Windows\SysNative\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\drivers\tos_sps64.sys (TOSHIBA Corporation)
DRV:64bit: - (hwusbdev) -- C:\Windows\SysNative\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (tosrfnds) -- C:\Windows\SysNative\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (tosrfec) -- C:\Windows\SysNative\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV:64bit: - (tosrfbd) -- C:\Windows\SysNative\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV:64bit: - (Tosrfhid) -- C:\Windows\SysNative\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV:64bit: - (tosrfbnp) -- C:\Windows\SysNative\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV:64bit: - (tosporte) -- C:\Windows\SysNative\drivers\tosporte.sys (TOSHIBA Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (netr7364) -- C:\Windows\SysNative\drivers\netr7364.sys (Ralink Technology, Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2063069217-60928023-77756203-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKU\S-1-5-21-2063069217-60928023-77756203-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
IE - HKU\S-1-5-21-2063069217-60928023-77756203-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C6 D7 23 54 64 A1 CD 01  [binary data]
IE - HKU\S-1-5-21-2063069217-60928023-77756203-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2063069217-60928023-77756203-1001\..\SearchScopes\{1C143B6F-D94F-4DB1-BECE-72EE4C785825}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
IE - HKU\S-1-5-21-2063069217-60928023-77756203-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSEH_deAT358AT358
IE - HKU\S-1-5-21-2063069217-60928023-77756203-1001\..\SearchScopes\{E9969677-A2EF-438A-8B3C-249F8E9676B8}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
IE - HKU\S-1-5-21-2063069217-60928023-77756203-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2
FF - prefs.js..extensions.enabledAddons: %7BB0BBFC8E-6697-4D2B-8FC4-B5AD9B3B1F11%7D:0.6
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - prefs.js..network.proxy.backup.ftp: ":"
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.socks: ":"
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ":"
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.gopher: ""
FF - prefs.js..network.proxy.gopher_port: 0
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "hxxp://www2.wu.ac.at/bib/cgi-bin/proxy.pac"
FF - prefs.js..network.proxy.ssl: "hxxp://www2.wu.ac.at/bib/cgi-bin/proxy.pac"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.9: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Admir\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.30 13:19:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.30 13:19:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.30 13:19:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.30 13:19:20 | 000,000,000 | ---D | M]
 
[2012.12.07 12:53:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admir\AppData\Roaming\mozilla\Extensions
[2012.12.07 12:43:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admir\AppData\Roaming\mozilla\Firefox\Profiles\4uyw43bj.default\extensions
[2012.12.07 12:53:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admir\AppData\Roaming\mozilla\Firefox\Profiles\w89gi4f3.default\extensions
[2012.09.12 19:34:28 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\Admir\AppData\Roaming\mozilla\firefox\profiles\4uyw43bj.default\extensions\testpilot@labs.mozilla.com.xpi
[2012.12.07 12:53:07 | 000,615,655 | ---- | M] () (No name found) -- C:\Users\Admir\AppData\Roaming\mozilla\firefox\profiles\w89gi4f3.default\extensions\testpilot@labs.mozilla.com.xpi
[2012.12.30 13:19:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.12.30 13:19:19 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012.12.30 13:19:19 | 000,000,000 | ---D | M] (A1 Servicecenter) -- C:\Program Files (x86)\mozilla firefox\extensions\{B0BBFC8E-6697-4D2B-8FC4-B5AD9B3B1F11}
[2012.12.30 13:19:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions
[2012.12.30 13:19:23 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.11.13 20:36:03 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.13 20:36:03 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.13 20:36:03 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.13 20:36:03 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.13 20:36:03 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.13 20:36:03 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Admir\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.140.8 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U14 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Admir\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Admir\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\Admir\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Google Mail = C:\Users\Admir\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2012.12.30 21:07:16 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (EndNote Web) - {82D2E569-25A7-4E4D-9FA3-C5025B4B7912} - C:\Program Files (x86)\EndNote Web\ENWIEPlug.dll (Thomson Reuters)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (EndNote Web) - {945C8270-A848-11D5-A805-00B0D092F45B} - C:\Program Files (x86)\EndNote Web\ENWIEPlug.dll (Thomson Reuters)
O3 - HKU\S-1-5-21-2063069217-60928023-77756203-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Programme\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Programme\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Programme\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKU\.DEFAULT..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-21-2063069217-60928023-77756203-1001..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - Startup: C:\Users\Admir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Admir\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2063069217-60928023-77756203-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2063069217-60928023-77756203-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2063069217-60928023-77756203-1001\..Trusted Domains: blank ([]about in Local intranet)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{490465FE-1230-4D68-93BA-0B2E32E641AE}: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-2063069217-60928023-77756203-1001 Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.30 23:22:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.12.30 23:16:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\A1
[2012.12.30 23:15:01 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012.12.30 21:09:40 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.12.30 20:57:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.12.30 20:57:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.12.30 20:57:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.12.30 20:57:22 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.12.30 20:55:55 | 005,015,826 | R--- | C] (Swearware) -- C:\Users\Admir\Desktop\ComboFix.exe
[2012.12.30 20:23:19 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Admir\Desktop\tdsskiller.exe
[2012.12.30 20:16:19 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Admir\Desktop\aswMBR.exe
[2012.12.30 19:11:56 | 000,000,000 | ---D | C] -- C:\Users\Admir\Desktop\mbar
[2012.12.30 16:14:39 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.12.30 15:05:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Admir\Desktop\OTL.exe
[2012.12.30 13:53:01 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2012.12.30 13:53:00 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012.12.30 13:19:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.12.30 12:07:16 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{7BDBB1C7-E847-446A-B165-4DAFEF139D4E}
[2012.12.29 10:36:54 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{49C539E5-ADF2-481B-9A1B-3001F8F7487B}
[2012.12.28 16:04:24 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{E6A39827-331B-4BDD-BB24-5FA66DCF0AA6}
[2012.12.27 18:05:54 | 000,000,000 | ---D | C] -- C:\Users\Admir\Documents\Deluxe Ski Jump 4
[2012.12.27 18:05:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluxe Ski Jump 4
[2012.12.27 18:05:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Deluxe Ski Jump 4
[2012.12.27 18:05:32 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\Programs
[2012.12.27 12:52:16 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{208D83C4-73C4-4B7B-A12F-2B24C722B768}
[2012.12.27 00:51:52 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{DDB1C3A3-C527-4CA1-81CC-D35384402E85}
[2012.12.26 11:51:43 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{E13C91EF-7E39-4C99-B9D9-AE3D581808F3}
[2012.12.25 12:17:53 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{FA5E66E0-DF62-44A1-AB06-470F0FD56997}
[2012.12.24 23:12:39 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{3F313C9B-06B4-439F-BEED-E4F6E8C5B689}
[2012.12.24 15:47:48 | 000,000,000 | ---D | C] -- C:\Users\Admir\Documents\Deluxe Ski Jump 3
[2012.12.24 15:47:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluxe Ski Jump 3
[2012.12.24 15:47:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Deluxe Ski Jump 3
[2012.12.24 11:12:06 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{7ADD7824-8E85-48DB-999D-973659544294}
[2012.12.23 13:52:34 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{EC67A73E-5EEA-4A25-84BC-1D461D79F0D2}
[2012.12.22 12:06:56 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{B0BB9356-B161-468C-B79D-4E215B581BBD}
[2012.12.22 02:12:29 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.22 02:12:29 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.22 02:12:29 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.22 02:12:28 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.21 23:10:18 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{61080790-FEEB-429F-84D9-EE34A08ACDCD}
[2012.12.21 11:09:54 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{EA0B8376-761C-4FC0-AFAA-A0F808EA15DD}
[2012.12.20 11:42:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.12.20 11:41:23 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.12.20 11:41:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.12.20 11:41:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.12.20 11:41:23 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012.12.20 10:26:20 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{7D6B14BF-68F2-4B8E-82C2-919345327FD5}
[2012.12.19 13:52:39 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{7A914B22-5C1B-4657-BA1B-E683C616163B}
[2012.12.19 12:06:49 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{3221DDE6-1EB2-4B6D-87D5-FBAE950B768F}
[2012.12.19 09:50:58 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{9E3D4D77-E273-4A87-881F-2E72C5182223}
[2012.12.18 16:32:18 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{56E01F32-DE16-473D-B814-97DD11C98D72}
[2012.12.18 09:42:15 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{5F8195DD-847C-4527-BAEB-12D395ED33AD}
[2012.12.17 19:46:18 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{264C8A50-9910-494B-A517-2E1FD013F6BE}
[2012.12.17 07:44:40 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{D3E0682E-F7B3-4C8E-9DAE-9EDF7DD3EA49}
[2012.12.16 15:45:40 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{E768AF08-1424-411B-98BD-6C8BF2A2ED2C}
[2012.12.16 03:43:20 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{656F2C84-E8D9-4F5A-A62B-1D3F7A59FB42}
[2012.12.15 10:39:48 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{B1705902-70DC-4EC9-98BA-987426AAD075}
[2012.12.14 22:29:12 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{BA29D809-6C70-4A69-91CD-75766F9F2993}
[2012.12.14 10:27:19 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{F3B4D7BA-BEA3-4E98-AB0F-EB5EA934D29D}
[2012.12.13 22:27:02 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{908734CC-B149-40DA-A241-313A9A541C88}
[2012.12.13 22:26:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012.12.13 22:26:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.12.13 22:26:32 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012.12.13 22:26:32 | 000,746,984 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012.12.13 22:26:32 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.12.13 22:26:16 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012.12.13 10:26:12 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{58A9B2DC-7221-4CC7-8BE9-0470C1D97AFA}
[2012.12.12 21:12:14 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.12.12 21:12:14 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.12.12 21:12:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.12.12 21:12:04 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.12.12 21:12:04 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.12.12 21:12:04 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.12.12 21:12:04 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.12.12 21:12:04 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.12.12 21:12:04 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.12.12 21:12:03 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.12.12 21:12:03 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.12.12 21:12:03 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.12.12 21:12:02 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.12.12 21:12:02 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.12.12 21:12:01 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.12.12 21:05:47 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.12.12 21:05:47 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012.12.12 21:05:46 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012.12.12 21:05:46 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012.12.12 21:05:46 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012.12.12 21:05:46 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012.12.12 21:05:46 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012.12.12 21:05:46 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012.12.12 21:05:46 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012.12.12 21:05:46 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012.12.12 21:05:46 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012.12.12 21:05:45 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012.12.12 21:05:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.12 21:05:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.12.12 21:05:43 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.12.12 21:05:43 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.12.12 21:05:43 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.12.12 21:05:43 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.12 21:05:43 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.12 21:05:43 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.12 21:05:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.12 21:05:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.12.12 21:05:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.12.12 21:05:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.12 21:05:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.12 21:05:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.12 21:05:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.12 21:05:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.12 21:05:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.12 21:05:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.12 21:05:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.12.12 21:05:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.12.12 21:05:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.12.12 21:05:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.12 21:05:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.12 21:05:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.12 21:05:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.12 21:05:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.12.12 21:05:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.12.12 21:05:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.12.12 21:05:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.12 21:05:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.12.12 21:05:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.12.12 21:05:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.12.12 21:05:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.12.12 21:05:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.12 21:05:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.12.12 21:05:42 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.12.12 21:05:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.12 21:05:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.12.12 21:05:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.12.12 21:05:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.12.12 21:05:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.12 21:05:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.12.12 21:05:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.12.12 21:05:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.12.12 21:05:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.12 21:05:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.12 21:05:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.12 21:05:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.12 21:05:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.12 21:05:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.12 21:05:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.12.12 21:05:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.12.12 21:05:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.12 21:05:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.12 21:05:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.12.12 21:05:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.12.12 21:05:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012.12.12 21:05:29 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012.12.12 21:05:29 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012.12.12 20:47:49 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{5675FF6B-9D58-4143-A069-95203084F4F0}
[2012.12.11 21:48:56 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{541FF0F3-8C2E-430A-9255-E0D1ACD4565C}
[2012.12.11 09:48:27 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{13824635-8209-49A6-9B77-CF6978898F68}
[2012.12.10 14:26:50 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{9781312E-8284-44FC-A738-26599D3FD15F}
[2012.12.09 23:17:40 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{95BDA647-E2C8-469C-90B0-C92651A9A405}
[2012.12.09 11:16:10 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{51510419-3176-4E40-BD4A-977DFF35EBD3}
[2012.12.08 23:17:06 | 000,000,000 | ---D | C] -- C:\Users\Admir\Desktop\Nedo U-Kurs
[2012.12.08 22:47:28 | 000,000,000 | ---D | C] -- C:\Users\Admir\Documents\Neuer Ordner
[2012.12.08 14:21:58 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{EF6CF001-063E-4D1C-8EEF-EF65534325FF}
[2012.12.07 11:21:08 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{463CD27D-8623-4945-8611-5E2A19E2BD36}
[2012.12.06 23:20:33 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{733E2568-803E-45F4-890E-6A329EF6C70E}
[2012.12.06 11:20:09 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{CABACB64-4EFF-4CD6-A603-DCE4999FE38F}
[2012.12.05 01:34:31 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{7D812F67-986B-448D-B71F-43E0BF68D66A}
[2012.12.04 17:07:53 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{8AEEFCE0-73C7-4407-B16F-56024ED17F52}
[2012.12.03 22:41:17 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{82D8C90B-5AD7-4A1E-87E3-6C380FA70F7F}
[2012.12.03 10:40:50 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{82A03ED8-72E3-4D91-BBAF-943499AEB1CB}
[2012.12.01 14:55:27 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{1A40812A-60B0-4F1B-B2E2-CB28C1414145}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.30 23:38:13 | 000,551,997 | ---- | M] () -- C:\Users\Admir\Desktop\adwcleaner.exe
[2012.12.30 23:29:24 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.30 23:29:24 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.30 23:21:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.30 23:21:05 | 3193,602,048 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.30 21:07:16 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.12.30 20:56:19 | 005,015,826 | R--- | M] (Swearware) -- C:\Users\Admir\Desktop\ComboFix.exe
[2012.12.30 20:45:37 | 000,000,512 | ---- | M] () -- C:\Users\Admir\Desktop\MBR.dat
[2012.12.30 20:23:20 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Admir\Desktop\tdsskiller.exe
[2012.12.30 20:17:09 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Admir\Desktop\aswMBR.exe
[2012.12.30 16:32:59 | 000,001,112 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.30 15:05:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admir\Desktop\OTL.exe
[2012.12.30 13:38:15 | 000,002,890 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012.12.30 12:08:22 | 000,001,062 | ---- | M] () -- C:\Users\Admir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.12.29 19:09:06 | 000,001,990 | ---- | M] () -- C:\Users\Admir\Desktop\DreamBoxEdit.lnk
[2012.12.27 18:05:45 | 000,001,087 | ---- | M] () -- C:\Users\Admir\Desktop\DSJ4.lnk
[2012.12.24 15:47:34 | 000,001,005 | ---- | M] () -- C:\Users\Admir\Desktop\DSJ3.lnk
[2012.12.22 12:04:23 | 000,426,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.20 18:44:52 | 001,622,100 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.20 18:44:52 | 000,700,630 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.20 18:44:52 | 000,655,302 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.20 18:44:52 | 000,149,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.20 18:44:52 | 000,122,174 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.20 11:42:07 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.12.18 16:37:05 | 000,001,620 | ---- | M] () -- C:\Users\Admir\Desktop\K2 - Kollektivarbeitsrecht - Verknüpfung.lnk
[2012.12.16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.13 22:26:05 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012.12.13 22:26:05 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012.12.13 22:26:05 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.12.13 22:26:05 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.12.13 22:26:05 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.12.13 22:26:05 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012.12.12 21:08:36 | 000,002,415 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.12.11 15:54:41 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.12.11 15:54:40 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.12.30 23:38:13 | 000,551,997 | ---- | C] () -- C:\Users\Admir\Desktop\adwcleaner.exe
[2012.12.30 20:57:46 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.12.30 20:57:46 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.12.30 20:57:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.12.30 20:57:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.12.30 20:57:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.12.30 20:45:37 | 000,000,512 | ---- | C] () -- C:\Users\Admir\Desktop\MBR.dat
[2012.12.30 16:32:59 | 000,001,112 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.30 13:38:15 | 000,002,890 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012.12.27 18:05:45 | 000,001,087 | ---- | C] () -- C:\Users\Admir\Desktop\DSJ4.lnk
[2012.12.24 15:47:34 | 000,001,005 | ---- | C] () -- C:\Users\Admir\Desktop\DSJ3.lnk
[2012.12.20 11:42:07 | 000,001,828 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.10.02 17:40:58 | 000,000,600 | ---- | C] () -- C:\Users\Admir\AppData\Roaming\winscp.rnd
[2012.06.25 09:44:37 | 000,004,096 | -H-- | C] () -- C:\Users\Admir\AppData\Local\keyfile3.drm
[2012.05.14 22:06:34 | 000,000,098 | ---- | C] () -- C:\Users\Admir\AppData\Roaming\CamStudio.Producer.command
[2012.05.14 22:03:17 | 000,001,205 | ---- | C] () -- C:\Users\Admir\AppData\Roaming\CamStudio.Producer.ini
[2012.05.14 22:03:17 | 000,000,000 | ---- | C] () -- C:\Users\Admir\AppData\Roaming\CamStudio.Producer.Data.ini
[2012.05.14 21:28:20 | 000,005,120 | ---- | C] () -- C:\Users\Admir\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.14 21:26:47 | 000,000,408 | ---- | C] () -- C:\Users\Admir\AppData\Roaming\CamShapes.ini
[2012.05.14 21:26:47 | 000,000,408 | ---- | C] () -- C:\Users\Admir\AppData\Roaming\CamLayout.ini
[2012.05.14 21:26:47 | 000,000,103 | ---- | C] () -- C:\Users\Admir\AppData\Roaming\Camdata.ini
[2012.05.14 21:13:33 | 000,004,425 | ---- | C] () -- C:\Users\Admir\AppData\Roaming\CamStudio.cfg
[2011.12.22 15:09:49 | 000,074,248 | ---- | C] () -- C:\Windows\hpqins16.dat
[2011.06.01 13:43:37 | 001,642,510 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         

Extras.txt:

Code:
ATTFilter
OTL Extras logfile created on: 30.12.2012 23:56:22 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Admir\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 2,50 Gb Available Physical Memory | 62,95% Memory free
7,93 Gb Paging File | 6,06 Gb Available in Paging File | 76,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186,31 Gb Total Space | 80,87 Gb Free Space | 43,41% Space Free | Partition Type: NTFS
Drive D: | 185,91 Gb Total Space | 58,62 Gb Free Space | 31,53% Space Free | Partition Type: NTFS
 
Computer Name: ADMIR-TOSHIBA | User Name: Admir | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2063069217-60928023-77756203-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FD26CEF-0BD7-43C0-98C5-83FDD47758C4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{10F77B53-D464-463A-803F-62B3594B3D5D}" = rport=138 | protocol=17 | dir=out | app=system | 
"{11D17610-9A94-48ED-92EF-8E4B2B816739}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{13DFFB39-A37F-4C55-BF91-9FF3BF169CDA}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{15E2E31A-E4D9-45EB-890A-5C82B7E9D8C0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{178EDD43-7F25-4A9F-B0B5-BADDBA6188E7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{182ADFCB-8E10-4545-A64D-19A01A78AD12}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{193DECFC-8C18-4863-A071-92889572F3FB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1ACEC75D-8AFB-4A23-BA07-57FE1B80D0F2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1CFFC563-E441-4D3A-8344-6FC022EB3034}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{2377E4DB-A55E-4F63-ADB7-0DFB7D470169}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{27F0489E-46CC-4148-8D23-F2DE4E6AEF3B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{3D70903D-40EB-4566-8B0A-758267542776}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{403F384E-51B4-40E5-BE07-EA32DD58CEC5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4171CB4A-8B58-4A6B-A85C-B693B0A6831C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{422946D0-BB95-4A15-A2F2-73AB596EA87E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{46EC443E-5D67-43DE-A2BE-75572BF23B8E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{50F7D3D2-E1AB-4410-A7DF-E29E2B4FE4B2}" = lport=445 | protocol=6 | dir=in | app=system | 
"{54320807-506D-4470-B43B-C85B48887B08}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{68A6D588-5E8A-4EA7-8E1F-C34BE5DAEA70}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6FE47D50-3FFA-414C-BA51-71F097BFBC06}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{7EEAE173-9DB3-4473-8540-E76D57A28EA9}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{8C97F4DF-65DC-4A67-99AB-2B3F6C0B8530}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{9F1054F0-08E3-4079-8C28-E1E5D03B8C29}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{A12C9BFD-5995-46A2-86FE-6FE3AFDF50DF}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{A73EE96F-F1FB-4E18-B2ED-2C2E45943239}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{A99D601C-995F-44D4-8CD0-A2936ECF6993}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B3000A39-C240-478A-AD17-60C9F6275B11}" = lport=137 | protocol=17 | dir=in | app=system | 
"{BECC23F6-8837-4389-BF62-56E02D49888E}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C4FE66E1-A0EC-4B6C-82A1-B78F46EF1BB0}" = rport=139 | protocol=6 | dir=out | app=system | 
"{D77FA2EE-312B-4231-837E-656920428620}" = rport=445 | protocol=6 | dir=out | app=system | 
"{D9022647-3225-4EDB-87E5-4331F6DB5965}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{DA5CF4D5-91B6-4ABE-9552-1F128016017B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E8F73315-8D6B-402C-B141-FC28DF003369}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F18A8BAE-CEB9-4E03-8178-0C0C421DE9BB}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F6B97F04-DC5C-4C0B-801B-4EB8CC4EBC89}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F8253C8F-1AEC-401B-ACFB-32433C913D0E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00042D2B-E5E7-421F-B2DE-3B483F3DAE7E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0180A0E0-519D-40C2-BE56-27679754AF4D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{05378852-3C85-4764-9D95-41170AFA5FBA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{053D950E-9FF7-41C7-80A6-C6965BAFFC0A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{09B85434-0679-4B71-927B-2EA2C070E480}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{1402FE1C-2260-4FFD-9907-66288933DEBD}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{1B38C172-1D33-4729-B171-E71A7C807573}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{1C37CA33-2927-4F1B-88A0-FBEBF03FDC78}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{20225BB9-5636-4011-A83F-8921589E4A4D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2E9DE717-CD23-4941-8686-133991C5C4FF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{32053EC5-E5EC-4D48-B13C-D24B9B7BDAF0}" = protocol=6 | dir=in | app=c:\program files (x86)\a1\a1 breitband\a1breitband.exe | 
"{35CFD96A-73CE-4BA2-A147-2C847E88C23B}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{4373440C-9616-4922-B5AE-5057AC40BB53}" = protocol=6 | dir=in | app=c:\program files (x86)\a1\a1 diagnose\a1wlanassistent.exe | 
"{44C5017D-50C2-47BF-A5D1-87E215CBBB74}" = protocol=17 | dir=in | app=c:\program files (x86)\a1\a1 breitband\a1breitband.exe | 
"{44E9C97A-15EC-4843-A755-1851A88969FE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{4505638D-C256-4B70-AECC-8A8166047B10}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{49EC7198-FDE7-41E4-A9FC-F84DEDF5699B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4F963B9A-AC62-4B81-88D3-B08104C7A8F4}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{5A4DC6CE-242D-44CD-8C20-0F18B4C2A079}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5A994F3A-0B5E-4405-B31E-72CD95C8E291}" = protocol=6 | dir=in | app=c:\program files (x86)\a1\a1 breitband\a1breitband.exe | 
"{6001F8CE-BB54-49FF-9CAD-7751BD82F960}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe | 
"{62D86642-4161-4E3D-919A-FC386DE8DB55}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer_service.exe | 
"{639B05C6-6C65-40A3-8959-67092304CC4D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6889073D-F213-4798-874D-89C97D699994}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{69C81A4B-E7B1-47A2-9B96-23C3AC074CC5}" = protocol=6 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2011\pes2011.exe | 
"{69E7D859-F12E-4AC5-A456-FCE9DC4CE8E3}" = protocol=17 | dir=in | app=c:\program files (x86)\a1\a1 diagnose\a1modemkonfigurator.exe | 
"{7CF8B8A6-1664-4D4C-92B4-1953E7281B7B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{7DC859F3-DB79-4DC7-9B4B-BF80C23955BA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{81F063D7-E3B6-4A05-BF94-0A4EC1F939A8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8437F741-29C5-4DD2-8859-3AC5206D1A22}" = protocol=6 | dir=in | app=c:\program files (x86)\a1\a1 servicecenter\a1servicecenter.exe | 
"{851FE9E5-D908-4361-A8BD-5273D14A008C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{91921E20-5D47-4DF4-9DB1-9B0ECE88D7B8}" = protocol=17 | dir=in | app=c:\program files (x86)\a1\a1 bandbreiten-optimierer\a1_bandbreiten_optimierer.exe | 
"{93C72620-7983-4DEE-B600-4AB97EB40A5C}" = protocol=6 | dir=in | app=c:\program files (x86)\a1\a1 bandbreiten-optimierer\a1_bandbreiten_optimierer.exe | 
"{95E79C03-9A9F-43C7-B148-21621EE49498}" = protocol=6 | dir=out | app=system | 
"{9995150B-8A33-4F43-9A7B-A6C6BDC998B2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A12EF311-0D53-4E3C-9463-9C0A8AD12C71}" = protocol=6 | dir=in | app=c:\program files (x86)\a1\a1 diagnose\a1diagnose.exe | 
"{A3954445-A147-4AD3-AF65-40287F439EB0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{ABE171B7-1095-41B9-AD32-24F571F85086}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer_service.exe | 
"{B1B0F284-2FD2-45F7-85B5-6E00CA8035E2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B1FE3D76-4671-493A-95BD-6A9867035021}" = protocol=17 | dir=in | app=c:\program files (x86)\a1\a1 diagnose\a1diagnose.exe | 
"{BA51897D-1179-4B3F-9E76-8FCA53E9805E}" = protocol=6 | dir=in | app=c:\program files (x86)\a1\a1 diagnose\a1modemkonfigurator.exe | 
"{BC113929-166B-452C-BE39-B8B3502897A2}" = protocol=6 | dir=in | app=c:\program files (x86)\a1\a1 modemwechsel\a1modemwechsel.exe | 
"{BD729CFD-3431-4072-917F-AA00BE0A51CA}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{C3AFC690-4EF9-457D-8A1E-F7D94F13F5E3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C4D85A53-120B-497A-848B-5D4C7E60DE1A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{C9904A39-65BF-4064-BD8B-88E13855C900}" = protocol=17 | dir=in | app=c:\program files (x86)\a1\a1 servicecenter\a1servicecenter.exe | 
"{CB77C5E4-7F36-4580-8168-F6601F6C9CAE}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe | 
"{D8E40D3B-3BE3-468A-939D-700A622B6844}" = protocol=17 | dir=in | app=c:\program files (x86)\a1\a1 diagnose\a1wlanassistent.exe | 
"{D99B38D1-AFA4-43DD-895C-0B856B2AD7F8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E0379BDD-8525-4DAF-865F-829F3C966F73}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{E075CDCD-F91A-4AF5-B1BD-148ED1C05153}" = protocol=17 | dir=in | app=c:\program files (x86)\a1\a1 breitband\a1breitband.exe | 
"{E6819E51-2DF1-4332-B43B-C0A9E28CBA14}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{E8505959-3D10-49E4-BEFE-DC024ABF3820}" = protocol=17 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2011\pes2011.exe | 
"{EBE86ED7-93C8-46C3-8E63-7B04B55B9270}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{EEB0C9C2-DCE7-4506-8B21-C9F806FBD83D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{F19E8320-3DEF-4E51-91E2-314C6BAAA1F7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F5B6759B-F028-40FD-9B37-4AFC327C705C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FBCCF8EA-5B8D-4F00-AC99-F3A9C0518B91}" = protocol=17 | dir=in | app=c:\program files (x86)\a1\a1 modemwechsel\a1modemwechsel.exe | 
"{FE592F15-00FD-4CF3-A8F4-BDC4340F10AA}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"TCP Query User{052E9B9B-10EC-4A00-A013-D2DC836BE09C}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"TCP Query User{40F5BE8C-B279-4148-B8C5-C21D2FA07C3D}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe | 
"TCP Query User{45C42F77-54B8-4F12-9CA9-2162FB6E4076}C:\program files (x86)\thq\motogp urt 3\motogp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\motogp urt 3\motogp.exe | 
"TCP Query User{70FA950D-00C1-416C-8ACD-3664A86A162F}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"TCP Query User{897F9E17-D510-4F44-B539-541772984503}C:\program files (x86)\connectify\connectify.exe" = protocol=6 | dir=in | app=c:\program files (x86)\connectify\connectify.exe | 
"TCP Query User{94DF53CE-1A63-4FB9-846A-0ACBC65FB471}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"TCP Query User{996E0DE4-FD47-47E6-9724-286D3EF48197}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"TCP Query User{A956EB98-00A9-46DD-9712-07FAD7A662B8}C:\program files (x86)\thq\motogp urt 3\motogp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\motogp urt 3\motogp.exe | 
"TCP Query User{EA90987C-7261-4428-A694-C2FB92158DC7}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"TCP Query User{F89D03F2-B61C-4DD0-AE6B-D6553E86A9A9}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"UDP Query User{16787419-C709-4D78-B945-AD1392DAE29A}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"UDP Query User{25B5B5A4-AB11-4239-8ECB-6A0692820D02}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"UDP Query User{28805D98-DE01-4168-8B36-B6465E0E2522}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"UDP Query User{36ECB028-72DD-4826-8EF8-C92B08A83162}C:\program files (x86)\thq\motogp urt 3\motogp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\motogp urt 3\motogp.exe | 
"UDP Query User{43FB6EFC-C400-4A7D-85D8-FD191A4B6455}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe | 
"UDP Query User{878ADB0F-B6C5-4B06-9111-2BDECF11E8B2}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"UDP Query User{CC0809C4-103E-4A81-B77D-17068130D52F}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"UDP Query User{D3819389-D40F-4234-99ED-7B11702C28A6}C:\program files (x86)\connectify\connectify.exe" = protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectify.exe | 
"UDP Query User{F0CA3F9F-04E1-4191-9F06-4798D8329752}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"UDP Query User{F11F2BFC-962D-407B-96A7-8F3E32C1435A}C:\program files (x86)\thq\motogp urt 3\motogp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\motogp urt 3\motogp.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{0FB2E75A-1024-331F-77EF-D45F71505D58}" = ATI Catalyst Install Manager
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}" = TOSHIBA Bulletin Board
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{9EE58CAC-21D5-1412-F0F2-CB9CD8834B59}" = ccc-utility64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C2DDF845-7107-40E8-8D2A-8719F1799570}" = TOSHIBA ReelTime
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0163E195-D5EF-BF70-CBEE-73AA7CBBBEEE}" = CCC Help Thai
"{03883959-80DA-6151-CEAE-46A058CF774F}" = CCC Help Danish
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0823A2E3-69DD-A37A-7CD9-1CBEB037545C}" = Toshiba Photo Service - powered by myphotobook
"{096D1CCF-0F1E-08FB-094F-C40A633D5AEB}" = ccc-core-static
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{1148E85C-E1AF-48E0-A29C-68DACE07E054}" = Pro Evolution Soccer 2011
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{13D0EB07-FCA0-C005-A6C5-B1A4B7E5BB48}" = Catalyst Control Center Core Implementation
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D4A3E7D-A580-5BB7-DED3-48508A53D2B2}" = CCC Help Chinese Standard
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1DFE388B-6FD3-4230-A47B-393AEA68C01D}" = EndNote Web
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22354A21-BE84-0D40-191D-6E530B715CCF}" = CCC Help Polish
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver
"{2F36BA32-7986-9E40-B3F6-908B214EC898}" = CCC Help Japanese
"{2F4A39B2-5A2D-3E9F-E8EA-6F891A097ACF}" = CCC Help English
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3DBE8669-1F7D-E1C9-2BC8-CC4BAE0A5136}" = CCC Help Turkish
"{3FF5FF03-DB97-2ACE-BAE7-61D6D4A39F9B}" = Catalyst Control Center Graphics Full Existing
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CEE0E9F-2116-BE92-CD54-8D1834935B54}" = Catalyst Control Center Localization All
"{511D88E4-9922-4DB0-BA3A-F51D24172239}" = bob internet
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{5DD59391-FED6-576D-B6BD-71111EF96522}" = CCC Help Russian
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6168260A-6D56-50BB-193C-BF6F471394AA}" = CCC Help Greek
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A150790-FC79-D323-92D4-E773E3A03789}" = CCC Help Portuguese
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6CB88B54-4C1C-E6AB-49C6-476DE56327BC}" = CCC Help Spanish
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DE880FE-F0C9-BC57-B7C5-2ABEAE1E501E}" = CCC Help German
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79660B73-3DD0-9C3D-3F29-0E266F3AE5EA}" = CCC Help Norwegian
"{7E4FBD52-148F-49EE-AFCC-96FB498F4D7D}" = A1 Servicecenter
"{81E5E076-F2C1-AE09-A360-0CAC2967FD5F}" = CCC Help Swedish
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{92083A9A-549D-4057-88E8-223EA08563FA}" = Cisco AnyConnect VPN Client
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{986CAA52-3249-B34F-DC64-07347926CF57}" = CCC Help Korean
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E4FF410-471F-49E3-9358-74FF0D5E9901}" = Toshiba TEMPRO
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B06D7A82-E7C6-47D1-97FB-54CA5CA21743}" = ARIS Platform
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B5B8BA5D-55CA-9351-984B-048FEF97A544}" = Catalyst Control Center Graphics Previews Vista
"{B6DECBD2-EC09-17C3-35AE-8C72B08062C9}" = CCC Help Czech
"{BF29BDFC-4DF0-4C00-BE14-B326D0BA84B6}_is1" = GermaniX Transcoder
"{BF3AB290-563B-2F6F-9AF0-189B5CCF2C01}" = Catalyst Control Center Graphics Light
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C644BA4B-07D6-A67E-9EB4-157F6DEB68BE}" = CCC Help Chinese Traditional
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0831990-FF97-1F08-668D-4743CC32EFBC}" = CCC Help Finnish
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D9835CE0-E294-83FE-AF9F-BC113A0D2EA9}" = CCC Help Hungarian
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E25FA4E1-678F-414F-9777-1E3FDBBDA4D1}" = Catalyst Control Center InstallProxy
"{E3D63B95-4B21-414A-A2C7-D6D6A6AC6D79}" = Catalyst Control Center - Branding
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E8B28EF5-2A73-03A7-4F02-2DFF1D182940}" = Catalyst Control Center Graphics Full New
"{E94F833D-6435-40A2-112C-4BC18100B91D}" = CCC Help Italian
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEA02668-D5D9-AEFF-6FFB-1EB5BC765A52}" = CCC Help French
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCD674E3-F281-46D6-7717-6EAFDD16D8FC}" = CCC Help Dutch
"A1 Servicecenter" = A1 Servicecenter
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"bob internet" = bob internet
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Deluxe Ski Jump 3_is1" = Deluxe Ski Jump 3 v1.7.0
"Deluxe Ski Jump 4_is1" = Deluxe Ski Jump 4
"DreamBoxEdit" = dreamboxEDIT -- The one and only settings editor for your Dreambox
"ENTERPRISE" = Microsoft Office Enterprise 2007
"eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Toshiba Photo Service - powered by myphotobook
"Google Chrome" = Google Chrome
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}" = TOSHIBA Bulletin Board
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{C2DDF845-7107-40E8-8D2A-8719F1799570}" = TOSHIBA ReelTime
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MotoGP 2007_is1" = MotoGP 2007
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"SopCast" = SopCast 3.2.8
"TeamViewer 5" = TeamViewer 5
"TVUPlayer" = TVUPlayer 2.5.3.1
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.9
"WildTangent toshiba Master Uninstall" = WildTangent-Spiele
"WinLiveSuite" = Windows Live Essentials
"winscp3_is1" = WinSCP 5.1
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2063069217-60928023-77756203-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 29.12.2012 13:59:31 | Computer Name = Admir-Toshiba | Source = Application Hang | ID = 1002
Description = Programm dreamboxedit.exe, Version 3.0.0.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: dcc    Startzeit: 
01cde5edd20b38eb    Endzeit: 10    Anwendungspfad: C:\Program Files (x86)\DreamBoxEdit\dreamboxedit.exe

Berichts-ID:
 74378dcd-51e1-11e2-96bc-002622eb2d40  
 
Error - 29.12.2012 14:04:51 | Computer Name = Admir-Toshiba | Source = Application Hang | ID = 1002
Description = Programm dreamboxedit.exe, Version 3.0.0.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 164c    Startzeit:
 01cde5ee6542a752    Endzeit: 10    Anwendungspfad: C:\Program Files (x86)\DreamBoxEdit\dreamboxedit.exe

Berichts-ID:
 32fa4794-51e2-11e2-96bc-002622eb2d40  
 
Error - 29.12.2012 14:11:32 | Computer Name = Admir-Toshiba | Source = Application Hang | ID = 1002
Description = Programm dreamboxEDIT.exe, Version 5.0.1.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1648    Startzeit:
 01cde5ef987fd921    Endzeit: 15    Anwendungspfad: C:\Program Files (x86)\DreamBoxEdit\dreamboxEDIT.exe

Berichts-ID:
 20f9fc04-51e3-11e2-96bc-002622eb2d40  
 
Error - 29.12.2012 14:12:55 | Computer Name = Admir-Toshiba | Source = Application Hang | ID = 1002
Description = Programm dreamboxedit.exe, Version 5.0.1.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1428    Startzeit:
 01cde5eff0a7f6fe    Endzeit: 20    Anwendungspfad: C:\Program Files (x86)\DreamBoxEdit\dreamboxedit.exe

Berichts-ID:
 538b8762-51e3-11e2-96bc-002622eb2d40  
 
Error - 30.12.2012 07:29:03 | Computer Name = Admir-Toshiba | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBt1st.exe". Fehler in  Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 30.12.2012 07:29:36 | Computer Name = Admir-Toshiba | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\TOSHIBA\Bluetooth Toshiba Stack\Tools\AVRCPTestTool.exe". Fehler in  Manifest-
 oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 30.12.2012 07:30:44 | Computer Name = Admir-Toshiba | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 30.12.2012 08:52:51 | Computer Name = Admir-Toshiba | Source = System Restore | ID = 8193
Description = 
 
Error - 30.12.2012 08:52:59 | Computer Name = Admir-Toshiba | Source = System Restore | ID = 8193
Description = 
 
Error - 30.12.2012 13:13:48 | Computer Name = Admir-Toshiba | Source = Application Hang | ID = 1002
Description = Programm dreamboxedit.exe, Version 5.0.1.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 11e8    Startzeit:
 01cde6b04d8af524    Endzeit: 10    Anwendungspfad: C:\Program Files (x86)\DreamBoxEdit\dreamboxedit.exe

Berichts-ID:
 3bb7f402-52a4-11e2-a5ea-002622eb2d40  
 
[ System Events ]
Error - 30.12.2012 16:52:30 | Computer Name = Admir-Toshiba | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 30.12.2012 16:55:11 | Computer Name = Admir-Toshiba | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 30.12.2012 16:55:12 | Computer Name = Admir-Toshiba | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 30.12.2012 16:55:39 | Computer Name = Admir-Toshiba | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 30.12.2012 16:58:08 | Computer Name = Admir-Toshiba | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 30.12.2012 17:07:31 | Computer Name = Admir-Toshiba | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 30.12.2012 17:12:09 | Computer Name = Admir-Toshiba | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 30.12.2012 17:21:00 | Computer Name = Admir-Toshiba | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 30.12.2012 18:21:10 | Computer Name = Admir-Toshiba | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 30.12.2012 18:21:10 | Computer Name = Admir-Toshiba | Source = atikmdag | ID = 43029
Description = Display is not active
 
 
< End of report >
         

Antwort

Themen zu Polizei Department Control Trojaner
autorun, avira, bho, bonjour, enigma, error, esgscanner.sys, excel, fehler, flash player, google, home, index, install.exe, intranet, logfile, mozilla, object, office 2007, programm, realtek, registry, richtlinie, rundll, search the web, security, senden, server, software, svchost.exe, thomson, trojaner, usb, version., windows



Ähnliche Themen: Polizei Department Control Trojaner


  1. Polizei Control Department Gegen Cyberkriminalität
    Plagegeister aller Art und deren Bekämpfung - 05.04.2013 (8)
  2. Polizei (Österreich) Control Department "Ihr Computer ist gesperrt"
    Plagegeister aller Art und deren Bekämpfung - 26.03.2013 (12)
  3. Polizei Control Department gegen Czberkriminialitaet, auch im abgesicherten Modus
    Plagegeister aller Art und deren Bekämpfung - 13.03.2013 (35)
  4. Polizei Control Department Gegen Cyberkriminalität Virus
    Plagegeister aller Art und deren Bekämpfung - 03.03.2013 (6)
  5. Polizei Control Department
    Plagegeister aller Art und deren Bekämpfung - 19.02.2013 (13)
  6. Laptop infiziert mit Polizei Control Department Gegen Cyberkriminalität Virus - OTL.Txt privat posten
    Plagegeister aller Art und deren Bekämpfung - 01.02.2013 (11)
  7. Polizei (Österreich) Control Department "Ihr Computer ist gesperrt
    Plagegeister aller Art und deren Bekämpfung - 31.01.2013 (11)
  8. Polizei Control Department gegen Cyberkriminalität "Ihr Computer ist gesperrt"
    Plagegeister aller Art und deren Bekämpfung - 31.01.2013 (15)
  9. Polizei Control Department gegen Cyberkriminalität "Ihr Computer ist gesperrt"
    Plagegeister aller Art und deren Bekämpfung - 31.01.2013 (7)
  10. Polizei Control Department Gegen Cyberkriminalität Virus auch im Abgesicherten Modus
    Plagegeister aller Art und deren Bekämpfung - 26.01.2013 (19)
  11. Schweiz. Eidgenossenschaft Polizei Cybercrime Investigation Department Trojaner
    Plagegeister aller Art und deren Bekämpfung - 22.01.2013 (14)
  12. Polizei Control Department - Sperrbildschirm
    Log-Analyse und Auswertung - 10.01.2013 (29)
  13. Polizei Control Department Virus
    Log-Analyse und Auswertung - 29.12.2012 (4)
  14. Polizei Control Department gegen cyberkriminalität Trojaner
    Log-Analyse und Auswertung - 28.12.2012 (3)
  15. polizei cyber crime investigation department trojaner
    Log-Analyse und Auswertung - 23.12.2012 (14)
  16. Polizei Control Department Virus - Bitte um Hilfe!
    Plagegeister aller Art und deren Bekämpfung - 19.12.2012 (2)
  17. Polizei Control Department Virus
    Plagegeister aller Art und deren Bekämpfung - 14.12.2012 (6)

Zum Thema Polizei Department Control Trojaner - Hallo Leute, hab mir heute diesen Polizei-Trojaner eingefangen. Könnt ihr mir bitte dabei helfen den los zu werden! Vielen Dank hier meine Scan-Daten. Code: Alles auswählen Aufklappen ATTFilter OTL Extras - Polizei Department Control Trojaner...
Archiv
Du betrachtest: Polizei Department Control Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.