| |
| |||||||
Log-Analyse und Auswertung: Polizei Department Control TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
30.12.2012, 16:27
| #1 |
 |  Polizei Department Control Trojaner Hallo Leute, hab mir heute diesen Polizei-Trojaner eingefangen. Könnt ihr mir bitte dabei helfen den los zu werden! Vielen Dank hier meine Scan-Daten. Code:
ATTFilter OTL Extras logfile created on: 30.12.2012 15:19:51 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Admir\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
3,97 Gb Total Physical Memory | 3,38 Gb Available Physical Memory | 85,22% Memory free
7,93 Gb Paging File | 7,38 Gb Available in Paging File | 93,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186,31 Gb Total Space | 73,30 Gb Free Space | 39,35% Space Free | Partition Type: NTFS
Drive D: | 185,91 Gb Total Space | 58,94 Gb Free Space | 31,70% Space Free | Partition Type: NTFS
Drive G: | 3,65 Gb Total Space | 3,64 Gb Free Space | 99,56% Space Free | Partition Type: FAT32
Computer Name: ADMIR-TOSHIBA | User Name: Admir | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2063069217-60928023-77756203-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FD26CEF-0BD7-43C0-98C5-83FDD47758C4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{10F77B53-D464-463A-803F-62B3594B3D5D}" = rport=138 | protocol=17 | dir=out | app=system |
"{11D17610-9A94-48ED-92EF-8E4B2B816739}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{13DFFB39-A37F-4C55-BF91-9FF3BF169CDA}" = lport=10243 | protocol=6 | dir=in | app=system |
"{15E2E31A-E4D9-45EB-890A-5C82B7E9D8C0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{178EDD43-7F25-4A9F-B0B5-BADDBA6188E7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{182ADFCB-8E10-4545-A64D-19A01A78AD12}" = rport=10243 | protocol=6 | dir=out | app=system |
"{193DECFC-8C18-4863-A071-92889572F3FB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1ACEC75D-8AFB-4A23-BA07-57FE1B80D0F2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1CFFC563-E441-4D3A-8344-6FC022EB3034}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2377E4DB-A55E-4F63-ADB7-0DFB7D470169}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{27F0489E-46CC-4148-8D23-F2DE4E6AEF3B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{3D70903D-40EB-4566-8B0A-758267542776}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{403F384E-51B4-40E5-BE07-EA32DD58CEC5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4171CB4A-8B58-4A6B-A85C-B693B0A6831C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{422946D0-BB95-4A15-A2F2-73AB596EA87E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{46EC443E-5D67-43DE-A2BE-75572BF23B8E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{50F7D3D2-E1AB-4410-A7DF-E29E2B4FE4B2}" = lport=445 | protocol=6 | dir=in | app=system |
"{54320807-506D-4470-B43B-C85B48887B08}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{68A6D588-5E8A-4EA7-8E1F-C34BE5DAEA70}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6FE47D50-3FFA-414C-BA51-71F097BFBC06}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7EEAE173-9DB3-4473-8540-E76D57A28EA9}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8C97F4DF-65DC-4A67-99AB-2B3F6C0B8530}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{9F1054F0-08E3-4079-8C28-E1E5D03B8C29}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A12C9BFD-5995-46A2-86FE-6FE3AFDF50DF}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A73EE96F-F1FB-4E18-B2ED-2C2E45943239}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{A99D601C-995F-44D4-8CD0-A2936ECF6993}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B3000A39-C240-478A-AD17-60C9F6275B11}" = lport=137 | protocol=17 | dir=in | app=system |
"{BECC23F6-8837-4389-BF62-56E02D49888E}" = lport=138 | protocol=17 | dir=in | app=system |
"{C4FE66E1-A0EC-4B6C-82A1-B78F46EF1BB0}" = rport=139 | protocol=6 | dir=out | app=system |
"{D77FA2EE-312B-4231-837E-656920428620}" = rport=445 | protocol=6 | dir=out | app=system |
"{D9022647-3225-4EDB-87E5-4331F6DB5965}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{DA5CF4D5-91B6-4ABE-9552-1F128016017B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E8F73315-8D6B-402C-B141-FC28DF003369}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F18A8BAE-CEB9-4E03-8178-0C0C421DE9BB}" = rport=137 | protocol=17 | dir=out | app=system |
"{F6B97F04-DC5C-4C0B-801B-4EB8CC4EBC89}" = lport=139 | protocol=6 | dir=in | app=system |
"{F8253C8F-1AEC-401B-ACFB-32433C913D0E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00042D2B-E5E7-421F-B2DE-3B483F3DAE7E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0180A0E0-519D-40C2-BE56-27679754AF4D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{05378852-3C85-4764-9D95-41170AFA5FBA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{053D950E-9FF7-41C7-80A6-C6965BAFFC0A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{09B85434-0679-4B71-927B-2EA2C070E480}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1402FE1C-2260-4FFD-9907-66288933DEBD}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{1B38C172-1D33-4729-B171-E71A7C807573}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{1C37CA33-2927-4F1B-88A0-FBEBF03FDC78}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{20225BB9-5636-4011-A83F-8921589E4A4D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2E9DE717-CD23-4941-8686-133991C5C4FF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{32053EC5-E5EC-4D48-B13C-D24B9B7BDAF0}" = protocol=6 | dir=in | app=c:\program files (x86)\a1\a1 breitband\a1breitband.exe |
"{35CFD96A-73CE-4BA2-A147-2C847E88C23B}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{4373440C-9616-4922-B5AE-5057AC40BB53}" = protocol=6 | dir=in | app=c:\program files (x86)\a1\a1 diagnose\a1wlanassistent.exe |
"{44C5017D-50C2-47BF-A5D1-87E215CBBB74}" = protocol=17 | dir=in | app=c:\program files (x86)\a1\a1 breitband\a1breitband.exe |
"{44E9C97A-15EC-4843-A755-1851A88969FE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{4505638D-C256-4B70-AECC-8A8166047B10}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{49EC7198-FDE7-41E4-A9FC-F84DEDF5699B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4F963B9A-AC62-4B81-88D3-B08104C7A8F4}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{5A4DC6CE-242D-44CD-8C20-0F18B4C2A079}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5A994F3A-0B5E-4405-B31E-72CD95C8E291}" = protocol=6 | dir=in | app=c:\program files (x86)\a1\a1 breitband\a1breitband.exe |
"{6001F8CE-BB54-49FF-9CAD-7751BD82F960}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |
"{62D86642-4161-4E3D-919A-FC386DE8DB55}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer_service.exe |
"{639B05C6-6C65-40A3-8959-67092304CC4D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6889073D-F213-4798-874D-89C97D699994}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{69C81A4B-E7B1-47A2-9B96-23C3AC074CC5}" = protocol=6 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2011\pes2011.exe |
"{69E7D859-F12E-4AC5-A456-FCE9DC4CE8E3}" = protocol=17 | dir=in | app=c:\program files (x86)\a1\a1 diagnose\a1modemkonfigurator.exe |
"{7CF8B8A6-1664-4D4C-92B4-1953E7281B7B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{7DC859F3-DB79-4DC7-9B4B-BF80C23955BA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{81F063D7-E3B6-4A05-BF94-0A4EC1F939A8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8437F741-29C5-4DD2-8859-3AC5206D1A22}" = protocol=6 | dir=in | app=c:\program files (x86)\a1\a1 servicecenter\a1servicecenter.exe |
"{851FE9E5-D908-4361-A8BD-5273D14A008C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{91921E20-5D47-4DF4-9DB1-9B0ECE88D7B8}" = protocol=17 | dir=in | app=c:\program files (x86)\a1\a1 bandbreiten-optimierer\a1_bandbreiten_optimierer.exe |
"{93C72620-7983-4DEE-B600-4AB97EB40A5C}" = protocol=6 | dir=in | app=c:\program files (x86)\a1\a1 bandbreiten-optimierer\a1_bandbreiten_optimierer.exe |
"{95E79C03-9A9F-43C7-B148-21621EE49498}" = protocol=6 | dir=out | app=system |
"{9995150B-8A33-4F43-9A7B-A6C6BDC998B2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A12EF311-0D53-4E3C-9463-9C0A8AD12C71}" = protocol=6 | dir=in | app=c:\program files (x86)\a1\a1 diagnose\a1diagnose.exe |
"{A3954445-A147-4AD3-AF65-40287F439EB0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{ABE171B7-1095-41B9-AD32-24F571F85086}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer_service.exe |
"{B1B0F284-2FD2-45F7-85B5-6E00CA8035E2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B1FE3D76-4671-493A-95BD-6A9867035021}" = protocol=17 | dir=in | app=c:\program files (x86)\a1\a1 diagnose\a1diagnose.exe |
"{BA51897D-1179-4B3F-9E76-8FCA53E9805E}" = protocol=6 | dir=in | app=c:\program files (x86)\a1\a1 diagnose\a1modemkonfigurator.exe |
"{BC113929-166B-452C-BE39-B8B3502897A2}" = protocol=6 | dir=in | app=c:\program files (x86)\a1\a1 modemwechsel\a1modemwechsel.exe |
"{BD729CFD-3431-4072-917F-AA00BE0A51CA}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{C3AFC690-4EF9-457D-8A1E-F7D94F13F5E3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C4D85A53-120B-497A-848B-5D4C7E60DE1A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C9904A39-65BF-4064-BD8B-88E13855C900}" = protocol=17 | dir=in | app=c:\program files (x86)\a1\a1 servicecenter\a1servicecenter.exe |
"{CB77C5E4-7F36-4580-8168-F6601F6C9CAE}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |
"{D8E40D3B-3BE3-468A-939D-700A622B6844}" = protocol=17 | dir=in | app=c:\program files (x86)\a1\a1 diagnose\a1wlanassistent.exe |
"{D99B38D1-AFA4-43DD-895C-0B856B2AD7F8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E0379BDD-8525-4DAF-865F-829F3C966F73}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E075CDCD-F91A-4AF5-B1BD-148ED1C05153}" = protocol=17 | dir=in | app=c:\program files (x86)\a1\a1 breitband\a1breitband.exe |
"{E6819E51-2DF1-4332-B43B-C0A9E28CBA14}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{E8505959-3D10-49E4-BEFE-DC024ABF3820}" = protocol=17 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2011\pes2011.exe |
"{EBE86ED7-93C8-46C3-8E63-7B04B55B9270}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{EEB0C9C2-DCE7-4506-8B21-C9F806FBD83D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F19E8320-3DEF-4E51-91E2-314C6BAAA1F7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F5B6759B-F028-40FD-9B37-4AFC327C705C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FBCCF8EA-5B8D-4F00-AC99-F3A9C0518B91}" = protocol=17 | dir=in | app=c:\program files (x86)\a1\a1 modemwechsel\a1modemwechsel.exe |
"{FE592F15-00FD-4CF3-A8F4-BDC4340F10AA}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{052E9B9B-10EC-4A00-A013-D2DC836BE09C}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{40F5BE8C-B279-4148-B8C5-C21D2FA07C3D}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe |
"TCP Query User{45C42F77-54B8-4F12-9CA9-2162FB6E4076}C:\program files (x86)\thq\motogp urt 3\motogp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\motogp urt 3\motogp.exe |
"TCP Query User{70FA950D-00C1-416C-8ACD-3664A86A162F}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{897F9E17-D510-4F44-B539-541772984503}C:\program files (x86)\connectify\connectify.exe" = protocol=6 | dir=in | app=c:\program files (x86)\connectify\connectify.exe |
"TCP Query User{94DF53CE-1A63-4FB9-846A-0ACBC65FB471}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{996E0DE4-FD47-47E6-9724-286D3EF48197}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"TCP Query User{A956EB98-00A9-46DD-9712-07FAD7A662B8}C:\program files (x86)\thq\motogp urt 3\motogp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\motogp urt 3\motogp.exe |
"TCP Query User{EA90987C-7261-4428-A694-C2FB92158DC7}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{F89D03F2-B61C-4DD0-AE6B-D6553E86A9A9}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"UDP Query User{16787419-C709-4D78-B945-AD1392DAE29A}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{25B5B5A4-AB11-4239-8ECB-6A0692820D02}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"UDP Query User{28805D98-DE01-4168-8B36-B6465E0E2522}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{36ECB028-72DD-4826-8EF8-C92B08A83162}C:\program files (x86)\thq\motogp urt 3\motogp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\motogp urt 3\motogp.exe |
"UDP Query User{43FB6EFC-C400-4A7D-85D8-FD191A4B6455}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe |
"UDP Query User{878ADB0F-B6C5-4B06-9111-2BDECF11E8B2}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{CC0809C4-103E-4A81-B77D-17068130D52F}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"UDP Query User{D3819389-D40F-4234-99ED-7B11702C28A6}C:\program files (x86)\connectify\connectify.exe" = protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectify.exe |
"UDP Query User{F0CA3F9F-04E1-4191-9F06-4798D8329752}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{F11F2BFC-962D-407B-96A7-8F3E32C1435A}C:\program files (x86)\thq\motogp urt 3\motogp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\motogp urt 3\motogp.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{0FB2E75A-1024-331F-77EF-D45F71505D58}" = ATI Catalyst Install Manager
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}" = TOSHIBA Bulletin Board
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}" = SpyHunter
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{9EE58CAC-21D5-1412-F0F2-CB9CD8834B59}" = ccc-utility64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C2DDF845-7107-40E8-8D2A-8719F1799570}" = TOSHIBA ReelTime
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0163E195-D5EF-BF70-CBEE-73AA7CBBBEEE}" = CCC Help Thai
"{03883959-80DA-6151-CEAE-46A058CF774F}" = CCC Help Danish
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0823A2E3-69DD-A37A-7CD9-1CBEB037545C}" = Toshiba Photo Service - powered by myphotobook
"{096D1CCF-0F1E-08FB-094F-C40A633D5AEB}" = ccc-core-static
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{1148E85C-E1AF-48E0-A29C-68DACE07E054}" = Pro Evolution Soccer 2011
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{13D0EB07-FCA0-C005-A6C5-B1A4B7E5BB48}" = Catalyst Control Center Core Implementation
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D4A3E7D-A580-5BB7-DED3-48508A53D2B2}" = CCC Help Chinese Standard
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1DFE388B-6FD3-4230-A47B-393AEA68C01D}" = EndNote Web
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22354A21-BE84-0D40-191D-6E530B715CCF}" = CCC Help Polish
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver
"{2F36BA32-7986-9E40-B3F6-908B214EC898}" = CCC Help Japanese
"{2F4A39B2-5A2D-3E9F-E8EA-6F891A097ACF}" = CCC Help English
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3DBE8669-1F7D-E1C9-2BC8-CC4BAE0A5136}" = CCC Help Turkish
"{3FF5FF03-DB97-2ACE-BAE7-61D6D4A39F9B}" = Catalyst Control Center Graphics Full Existing
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CEE0E9F-2116-BE92-CD54-8D1834935B54}" = Catalyst Control Center Localization All
"{511D88E4-9922-4DB0-BA3A-F51D24172239}" = bob internet
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{5DD59391-FED6-576D-B6BD-71111EF96522}" = CCC Help Russian
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6168260A-6D56-50BB-193C-BF6F471394AA}" = CCC Help Greek
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A150790-FC79-D323-92D4-E773E3A03789}" = CCC Help Portuguese
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6CB88B54-4C1C-E6AB-49C6-476DE56327BC}" = CCC Help Spanish
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DE880FE-F0C9-BC57-B7C5-2ABEAE1E501E}" = CCC Help German
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79660B73-3DD0-9C3D-3F29-0E266F3AE5EA}" = CCC Help Norwegian
"{7E4FBD52-148F-49EE-AFCC-96FB498F4D7D}" = A1 Servicecenter
"{81E5E076-F2C1-AE09-A360-0CAC2967FD5F}" = CCC Help Swedish
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{92083A9A-549D-4057-88E8-223EA08563FA}" = Cisco AnyConnect VPN Client
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{986CAA52-3249-B34F-DC64-07347926CF57}" = CCC Help Korean
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E4FF410-471F-49E3-9358-74FF0D5E9901}" = Toshiba TEMPRO
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B06D7A82-E7C6-47D1-97FB-54CA5CA21743}" = ARIS Platform
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B5B8BA5D-55CA-9351-984B-048FEF97A544}" = Catalyst Control Center Graphics Previews Vista
"{B6DECBD2-EC09-17C3-35AE-8C72B08062C9}" = CCC Help Czech
"{BF29BDFC-4DF0-4C00-BE14-B326D0BA84B6}_is1" = GermaniX Transcoder
"{BF3AB290-563B-2F6F-9AF0-189B5CCF2C01}" = Catalyst Control Center Graphics Light
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C644BA4B-07D6-A67E-9EB4-157F6DEB68BE}" = CCC Help Chinese Traditional
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0831990-FF97-1F08-668D-4743CC32EFBC}" = CCC Help Finnish
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D9835CE0-E294-83FE-AF9F-BC113A0D2EA9}" = CCC Help Hungarian
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E25FA4E1-678F-414F-9777-1E3FDBBDA4D1}" = Catalyst Control Center InstallProxy
"{E3D63B95-4B21-414A-A2C7-D6D6A6AC6D79}" = Catalyst Control Center - Branding
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E8B28EF5-2A73-03A7-4F02-2DFF1D182940}" = Catalyst Control Center Graphics Full New
"{E94F833D-6435-40A2-112C-4BC18100B91D}" = CCC Help Italian
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEA02668-D5D9-AEFF-6FFB-1EB5BC765A52}" = CCC Help French
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCD674E3-F281-46D6-7717-6EAFDD16D8FC}" = CCC Help Dutch
"A1 Servicecenter" = A1 Servicecenter
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"bob internet" = bob internet
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Deluxe Ski Jump 3_is1" = Deluxe Ski Jump 3 v1.7.0
"Deluxe Ski Jump 4_is1" = Deluxe Ski Jump 4
"DreamBoxEdit" = dreamboxEDIT -- The one and only settings editor for your Dreambox
"ENTERPRISE" = Microsoft Office Enterprise 2007
"eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Toshiba Photo Service - powered by myphotobook
"Google Chrome" = Google Chrome
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}" = TOSHIBA Bulletin Board
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{C2DDF845-7107-40E8-8D2A-8719F1799570}" = TOSHIBA ReelTime
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MotoGP 2007_is1" = MotoGP 2007
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"Softonic" = Softonic toolbar on IE and Chrome
"SopCast" = SopCast 3.2.8
"TeamViewer 5" = TeamViewer 5
"TVUPlayer" = TVUPlayer 2.5.3.1
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.9
"WildTangent toshiba Master Uninstall" = WildTangent-Spiele
"WinLiveSuite" = Windows Live Essentials
"winscp3_is1" = WinSCP 5.1
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2063069217-60928023-77756203-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 29.12.2012 13:56:14 | Computer Name = Admir-Toshiba | Source = Application Hang | ID = 1002
Description = Programm dreamboxedit.exe, Version 3.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1734 Startzeit:
01cde5ed473bbdb4 Endzeit: 0 Anwendungspfad: C:\Program Files (x86)\DreamBoxEdit\dreamboxedit.exe
Berichts-ID:
04e2d799-51e1-11e2-96bc-002622eb2d40
Error - 29.12.2012 13:59:31 | Computer Name = Admir-Toshiba | Source = Application Hang | ID = 1002
Description = Programm dreamboxedit.exe, Version 3.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: dcc Startzeit:
01cde5edd20b38eb Endzeit: 10 Anwendungspfad: C:\Program Files (x86)\DreamBoxEdit\dreamboxedit.exe
Berichts-ID:
74378dcd-51e1-11e2-96bc-002622eb2d40
Error - 29.12.2012 14:04:51 | Computer Name = Admir-Toshiba | Source = Application Hang | ID = 1002
Description = Programm dreamboxedit.exe, Version 3.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 164c Startzeit:
01cde5ee6542a752 Endzeit: 10 Anwendungspfad: C:\Program Files (x86)\DreamBoxEdit\dreamboxedit.exe
Berichts-ID:
32fa4794-51e2-11e2-96bc-002622eb2d40
Error - 29.12.2012 14:11:32 | Computer Name = Admir-Toshiba | Source = Application Hang | ID = 1002
Description = Programm dreamboxEDIT.exe, Version 5.0.1.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1648 Startzeit:
01cde5ef987fd921 Endzeit: 15 Anwendungspfad: C:\Program Files (x86)\DreamBoxEdit\dreamboxEDIT.exe
Berichts-ID:
20f9fc04-51e3-11e2-96bc-002622eb2d40
Error - 29.12.2012 14:12:55 | Computer Name = Admir-Toshiba | Source = Application Hang | ID = 1002
Description = Programm dreamboxedit.exe, Version 5.0.1.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1428 Startzeit:
01cde5eff0a7f6fe Endzeit: 20 Anwendungspfad: C:\Program Files (x86)\DreamBoxEdit\dreamboxedit.exe
Berichts-ID:
538b8762-51e3-11e2-96bc-002622eb2d40
Error - 30.12.2012 07:29:03 | Computer Name = Admir-Toshiba | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBt1st.exe". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:.
Komponente
1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 30.12.2012 07:29:36 | Computer Name = Admir-Toshiba | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\TOSHIBA\Bluetooth Toshiba Stack\Tools\AVRCPTestTool.exe". Fehler in Manifest-
oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 30.12.2012 07:30:44 | Computer Name = Admir-Toshiba | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 30.12.2012 08:52:51 | Computer Name = Admir-Toshiba | Source = System Restore | ID = 8193
Description =
Error - 30.12.2012 08:52:59 | Computer Name = Admir-Toshiba | Source = System Restore | ID = 8193
Description =
[ System Events ]
Error - 30.12.2012 10:12:06 | Computer Name = Admir-Toshiba | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 30.12.2012 10:12:06 | Computer Name = Admir-Toshiba | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 30.12.2012 10:12:07 | Computer Name = Admir-Toshiba | Source = DCOM | ID = 10005
Description =
Error - 30.12.2012 10:12:07 | Computer Name = Admir-Toshiba | Source = DCOM | ID = 10005
Description =
Error - 30.12.2012 10:12:08 | Computer Name = Admir-Toshiba | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 30.12.2012 10:12:08 | Computer Name = Admir-Toshiba | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 30.12.2012 10:12:08 | Computer Name = Admir-Toshiba | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 30.12.2012 10:12:08 | Computer Name = Admir-Toshiba | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 30.12.2012 10:12:08 | Computer Name = Admir-Toshiba | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 30.12.2012 10:12:08 | Computer Name = Admir-Toshiba | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
< End of report >
Code:
ATTFilter OTL logfile created on: 30.12.2012 15:19:51 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Admir\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,97 Gb Total Physical Memory | 3,38 Gb Available Physical Memory | 85,22% Memory free 7,93 Gb Paging File | 7,38 Gb Available in Paging File | 93,11% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 186,31 Gb Total Space | 73,30 Gb Free Space | 39,35% Space Free | Partition Type: NTFS Drive D: | 185,91 Gb Total Space | 58,94 Gb Free Space | 31,70% Space Free | Partition Type: NTFS Drive G: | 3,65 Gb Total Space | 3,64 Gb Free Space | 99,56% Space Free | Partition Type: FAT32 Computer Name: ADMIR-TOSHIBA | User Name: Admir | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Admir\Desktop\OTL.exe (OldTimer Tools) ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (SpyHunter 4 Service) -- C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (GameConsoleService) -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (StarWind Software) SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (TOSHIBA eco Utility Service) -- C:\Programme\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation) SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation) SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION) SRV - (TemproMonitoringService) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH) SRV - (TosCoSrv) -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV - (TPCHSrv) -- C:\Programme\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation) SRV - (TOSHIBA HDD SSD Alert Service) -- C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) SRV - (ConfigFree Gadget Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (EsgScanner) -- C:\Windows\SysNative\drivers\EsgScanner.sys () DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (nmwcdnsux64) -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys (Nokia) DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia) DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia) DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia) DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.) DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.) DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.) DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.) DRV:64bit: - (mfesmfk) -- C:\Windows\SysNative\drivers\mfesmfk.sys (McAfee, Inc.) DRV:64bit: - (mferkdk) -- C:\Windows\SysNative\drivers\mferkdk.sys (McAfee, Inc.) DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (rtl8192se) -- C:\Windows\SysNative\drivers\rtl8192se.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (Tosrfusb) -- C:\Windows\SysNative\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV:64bit: - (TosRfSnd) -- C:\Windows\SysNative\drivers\TosRfSnd.sys (TOSHIBA Corporation) DRV:64bit: - (LPCFilter) -- C:\Windows\SysNative\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.) DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (Tosrfcom) -- C:\Windows\SysNative\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\drivers\tos_sps64.sys (TOSHIBA Corporation) DRV:64bit: - (hwusbdev) -- C:\Windows\SysNative\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (tosrfnds) -- C:\Windows\SysNative\drivers\tosrfnds.sys (TOSHIBA Corporation.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (tosrfec) -- C:\Windows\SysNative\drivers\tosrfec.sys (TOSHIBA Corporation) DRV:64bit: - (tosrfbd) -- C:\Windows\SysNative\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation) DRV:64bit: - (Tosrfhid) -- C:\Windows\SysNative\drivers\Tosrfhid.sys (TOSHIBA Corporation.) DRV:64bit: - (tosrfbnp) -- C:\Windows\SysNative\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV:64bit: - (tosporte) -- C:\Windows\SysNative\drivers\tosporte.sys (TOSHIBA Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (netr7364) -- C:\Windows\SysNative\drivers\netr7364.sys (Ralink Technology, Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = : IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = : IE - HKU\S-1-5-21-2063069217-60928023-77756203-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH IE - HKU\S-1-5-21-2063069217-60928023-77756203-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=110824&tt=031012_ccp_4012_8&babsrc=HP_ss&mntrId=38403924000000000000701a04374fe1 IE - HKU\S-1-5-21-2063069217-60928023-77756203-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2063069217-60928023-77756203-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT IE - HKU\S-1-5-21-2063069217-60928023-77756203-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C6 D7 23 54 64 A1 CD 01 [binary data] IE - HKU\S-1-5-21-2063069217-60928023-77756203-1001\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-2063069217-60928023-77756203-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2063069217-60928023-77756203-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&r= IE - HKU\S-1-5-21-2063069217-60928023-77756203-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110824&tt=031012_ccp_4012_8&babsrc=SP_ss&mntrId=38403924000000000000701a04374fe1 IE - HKU\S-1-5-21-2063069217-60928023-77756203-1001\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=SPC2&o=15000&src=crm&q={searchTerms}&locale=de_US&apn_ptnrs=PV&apn_dtid=&apn_uid=5A4FE52B-3A8D-4286-9CD0-3BEF7AE66966&apn_sauid=58AF061D-16CE-41C1-99DE-1C084B6B5E6D IE - HKU\S-1-5-21-2063069217-60928023-77756203-1001\..\SearchScopes\{1C143B6F-D94F-4DB1-BECE-72EE4C785825}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2 IE - HKU\S-1-5-21-2063069217-60928023-77756203-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSEH_deAT358AT358 IE - HKU\S-1-5-21-2063069217-60928023-77756203-1001\..\SearchScopes\{E9969677-A2EF-438A-8B3C-249F8E9676B8}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms} IE - HKU\S-1-5-21-2063069217-60928023-77756203-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2 FF - prefs.js..extensions.enabledAddons: %7BB0BBFC8E-6697-4D2B-8FC4-B5AD9B3B1F11%7D:0.6 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0 FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?affID=110824&tt=031012_ccp_4012_8&babsrc=KW_ss&mntrId=38403924000000000000701a04374fe1&q=" FF - prefs.js..network.proxy.backup.ftp: ":" FF - prefs.js..network.proxy.backup.ftp_port: 0 FF - prefs.js..network.proxy.backup.socks: ":" FF - prefs.js..network.proxy.backup.socks_port: 0 FF - prefs.js..network.proxy.backup.ssl: ":" FF - prefs.js..network.proxy.backup.ssl_port: 0 FF - prefs.js..network.proxy.gopher: "" FF - prefs.js..network.proxy.gopher_port: 0 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "hxxp://www2.wu.ac.at/bib/cgi-bin/proxy.pac" FF - prefs.js..network.proxy.ssl: "hxxp://www2.wu.ac.at/bib/cgi-bin/proxy.pac" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.9: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Admir\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.30 13:19:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.30 13:19:20 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.30 13:19:23 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.30 13:19:20 | 000,000,000 | ---D | M] [2012.12.07 12:53:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admir\AppData\Roaming\mozilla\Extensions [2012.12.07 12:43:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admir\AppData\Roaming\mozilla\Firefox\Profiles\4uyw43bj.default\extensions [2012.12.07 12:53:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admir\AppData\Roaming\mozilla\Firefox\Profiles\w89gi4f3.default\extensions [2012.09.12 19:34:28 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\Admir\AppData\Roaming\mozilla\firefox\profiles\4uyw43bj.default\extensions\testpilot@labs.mozilla.com.xpi [2012.12.07 12:53:07 | 000,615,655 | ---- | M] () (No name found) -- C:\Users\Admir\AppData\Roaming\mozilla\firefox\profiles\w89gi4f3.default\extensions\testpilot@labs.mozilla.com.xpi [2012.12.30 13:19:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.12.30 13:19:19 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2012.12.30 13:19:19 | 000,000,000 | ---D | M] (A1 Servicecenter) -- C:\Program Files (x86)\mozilla firefox\extensions\{B0BBFC8E-6697-4D2B-8FC4-B5AD9B3B1F11} [2012.12.30 13:19:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions [2012.12.30 13:19:23 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.11.13 20:36:03 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.06 18:15:27 | 000,002,360 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.11.13 20:36:03 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.11.13 20:36:03 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.11.13 20:36:03 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.11.13 20:36:03 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.11.13 20:36:03 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://search.babylon.com/?affID=110824&tt=031012_ccp_4012_8&babsrc=HP_ss&mntrId=38403924000000000000701a04374fe1 CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://search.babylon.com/?affID=110824&tt=031012_ccp_4012_8&babsrc=HP_ss&mntrId=38403924000000000000701a04374fe1 CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Admir\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.140.8 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll CHR - plugin: Java(TM) Platform SE 6 U14 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Admir\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - Extension: YouTube = C:\Users\Admir\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\Admir\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Google Mail = C:\Users\Admir\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2010.11.14 11:31:33 | 000,000,698 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (EndNote Web) - {82D2E569-25A7-4E4D-9FA3-C5025B4B7912} - C:\Program Files (x86)\EndNote Web\ENWIEPlug.dll (Thomson Reuters) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\Softonic\1.5.21.0\bh\Softonic.dll (Softonic.com) O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\Softonic\1.5.21.0\SoftonicTlbr.dll (Softonic.com) O3 - HKLM\..\Toolbar: (EndNote Web) - {945C8270-A848-11D5-A805-00B0D092F45B} - C:\Program Files (x86)\EndNote Web\ENWIEPlug.dll (Thomson Reuters) O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found. O3 - HKU\S-1-5-21-2063069217-60928023-77756203-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3:64bit: - HKU\S-1-5-21-2063069217-60928023-77756203-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKU\S-1-5-21-2063069217-60928023-77756203-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [TosNC] C:\Programme\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Programme\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Programme\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.) O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA) O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) O4 - HKU\.DEFAULT..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA) O4 - HKU\S-1-5-18..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2063069217-60928023-77756203-1001..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Admir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Admir\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-2063069217-60928023-77756203-1001\..Trusted Domains: blank ([]about in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 10.9.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{490465FE-1230-4D68-93BA-0B2E32E641AE}: DhcpNameServer = 10.0.0.138 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~3\browse~1\23762~1.17\{16cdf~1\browse~1.dll) - File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.11.14 11:03:28 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{4efb8c85-ac8b-11df-9fb9-701a04374fe1}\Shell - "" = AutoRun O33 - MountPoints2\{4efb8c85-ac8b-11df-9fb9-701a04374fe1}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{a9c80cde-683a-11df-af38-701a04374fe1}\Shell - "" = AutoRun O33 - MountPoints2\{a9c80cde-683a-11df-af38-701a04374fe1}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{a9c80cf1-683a-11df-af38-701a04374fe1}\Shell - "" = AutoRun O33 - MountPoints2\{a9c80cf1-683a-11df-af38-701a04374fe1}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{dc88346d-4536-11e2-aaa9-002622eb2d40}\Shell - "" = AutoRun O33 - MountPoints2\{dc88346d-4536-11e2-aaa9-002622eb2d40}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{fdba2f49-ee2a-11de-a67a-002622eb2d40}\Shell - "" = AutoRun O33 - MountPoints2\{fdba2f49-ee2a-11de-a67a-002622eb2d40}\Shell\AutoRun\command - "" = G:\setup.exe AUTORUN=1 O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.30 15:05:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Admir\Desktop\OTL.exe [2012.12.30 13:53:01 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter [2012.12.30 13:53:00 | 000,000,000 | ---D | C] -- C:\sh4ldr [2012.12.30 13:53:00 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2012.12.30 13:38:09 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Users\Admir\wgsdgsdgdsgsd.dll [2012.12.30 13:19:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.12.30 12:07:16 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{7BDBB1C7-E847-446A-B165-4DAFEF139D4E} [2012.12.29 10:36:54 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{49C539E5-ADF2-481B-9A1B-3001F8F7487B} [2012.12.28 16:04:24 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{E6A39827-331B-4BDD-BB24-5FA66DCF0AA6} [2012.12.27 18:05:54 | 000,000,000 | ---D | C] -- C:\Users\Admir\Documents\Deluxe Ski Jump 4 [2012.12.27 18:05:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluxe Ski Jump 4 [2012.12.27 18:05:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Deluxe Ski Jump 4 [2012.12.27 18:05:32 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\Programs [2012.12.27 12:52:16 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{208D83C4-73C4-4B7B-A12F-2B24C722B768} [2012.12.27 00:51:52 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{DDB1C3A3-C527-4CA1-81CC-D35384402E85} [2012.12.26 11:51:43 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{E13C91EF-7E39-4C99-B9D9-AE3D581808F3} [2012.12.25 12:17:53 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{FA5E66E0-DF62-44A1-AB06-470F0FD56997} [2012.12.24 23:12:39 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{3F313C9B-06B4-439F-BEED-E4F6E8C5B689} [2012.12.24 15:47:48 | 000,000,000 | ---D | C] -- C:\Users\Admir\Documents\Deluxe Ski Jump 3 [2012.12.24 15:47:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluxe Ski Jump 3 [2012.12.24 15:47:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Deluxe Ski Jump 3 [2012.12.24 11:12:06 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{7ADD7824-8E85-48DB-999D-973659544294} [2012.12.23 13:52:34 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{EC67A73E-5EEA-4A25-84BC-1D461D79F0D2} [2012.12.22 12:06:56 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{B0BB9356-B161-468C-B79D-4E215B581BBD} [2012.12.22 02:12:29 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012.12.22 02:12:29 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012.12.22 02:12:29 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012.12.22 02:12:28 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012.12.21 23:10:18 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{61080790-FEEB-429F-84D9-EE34A08ACDCD} [2012.12.21 11:09:54 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{EA0B8376-761C-4FC0-AFAA-A0F808EA15DD} [2012.12.20 11:42:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.12.20 11:41:23 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.12.20 11:41:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012.12.20 11:41:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.12.20 11:41:23 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2012.12.20 10:26:20 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{7D6B14BF-68F2-4B8E-82C2-919345327FD5} [2012.12.19 13:52:39 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{7A914B22-5C1B-4657-BA1B-E683C616163B} [2012.12.19 12:06:49 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{3221DDE6-1EB2-4B6D-87D5-FBAE950B768F} [2012.12.19 09:50:58 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{9E3D4D77-E273-4A87-881F-2E72C5182223} [2012.12.18 16:32:18 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{56E01F32-DE16-473D-B814-97DD11C98D72} [2012.12.18 09:42:15 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{5F8195DD-847C-4527-BAEB-12D395ED33AD} [2012.12.17 19:46:18 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{264C8A50-9910-494B-A517-2E1FD013F6BE} [2012.12.17 07:44:40 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{D3E0682E-F7B3-4C8E-9DAE-9EDF7DD3EA49} [2012.12.16 15:45:40 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{E768AF08-1424-411B-98BD-6C8BF2A2ED2C} [2012.12.16 03:43:20 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{656F2C84-E8D9-4F5A-A62B-1D3F7A59FB42} [2012.12.15 10:39:48 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{B1705902-70DC-4EC9-98BA-987426AAD075} [2012.12.14 22:29:12 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{BA29D809-6C70-4A69-91CD-75766F9F2993} [2012.12.14 10:27:19 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{F3B4D7BA-BEA3-4E98-AB0F-EB5EA934D29D} [2012.12.13 22:27:02 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{908734CC-B149-40DA-A241-313A9A541C88} [2012.12.13 22:26:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012.12.13 22:26:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.12.13 22:26:32 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2012.12.13 22:26:32 | 000,746,984 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2012.12.13 22:26:32 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012.12.13 22:26:16 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012.12.13 10:26:12 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{58A9B2DC-7221-4CC7-8BE9-0470C1D97AFA} [2012.12.12 21:12:14 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.12.12 21:12:14 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.12.12 21:12:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.12.12 21:12:04 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.12.12 21:12:04 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.12.12 21:12:04 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.12.12 21:12:04 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.12.12 21:12:04 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.12.12 21:12:04 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.12.12 21:12:03 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.12.12 21:12:03 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.12.12 21:12:03 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.12.12 21:12:02 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.12.12 21:12:02 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.12.12 21:12:01 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.12.12 21:05:47 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012.12.12 21:05:47 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2012.12.12 21:05:46 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2012.12.12 21:05:46 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2012.12.12 21:05:46 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2012.12.12 21:05:46 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2012.12.12 21:05:46 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2012.12.12 21:05:46 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2012.12.12 21:05:46 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2012.12.12 21:05:46 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2012.12.12 21:05:46 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2012.12.12 21:05:45 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2012.12.12 21:05:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012.12.12 21:05:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012.12.12 21:05:43 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012.12.12 21:05:43 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012.12.12 21:05:43 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012.12.12 21:05:43 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012.12.12 21:05:43 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012.12.12 21:05:43 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012.12.12 21:05:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012.12.12 21:05:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012.12.12 21:05:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012.12.12 21:05:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012.12.12 21:05:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012.12.12 21:05:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.12.12 21:05:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012.12.12 21:05:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012.12.12 21:05:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012.12.12 21:05:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012.12.12 21:05:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012.12.12 21:05:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012.12.12 21:05:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012.12.12 21:05:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012.12.12 21:05:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012.12.12 21:05:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012.12.12 21:05:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012.12.12 21:05:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012.12.12 21:05:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012.12.12 21:05:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012.12.12 21:05:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.12.12 21:05:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012.12.12 21:05:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012.12.12 21:05:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012.12.12 21:05:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012.12.12 21:05:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012.12.12 21:05:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012.12.12 21:05:42 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012.12.12 21:05:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012.12.12 21:05:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012.12.12 21:05:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012.12.12 21:05:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012.12.12 21:05:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012.12.12 21:05:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012.12.12 21:05:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012.12.12 21:05:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012.12.12 21:05:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012.12.12 21:05:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012.12.12 21:05:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012.12.12 21:05:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012.12.12 21:05:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012.12.12 21:05:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012.12.12 21:05:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012.12.12 21:05:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012.12.12 21:05:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012.12.12 21:05:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012.12.12 21:05:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012.12.12 21:05:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012.12.12 21:05:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2012.12.12 21:05:29 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll [2012.12.12 21:05:29 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll [2012.12.12 20:47:49 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{5675FF6B-9D58-4143-A069-95203084F4F0} [2012.12.11 21:48:56 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{541FF0F3-8C2E-430A-9255-E0D1ACD4565C} [2012.12.11 09:48:27 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{13824635-8209-49A6-9B77-CF6978898F68} [2012.12.10 14:26:50 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{9781312E-8284-44FC-A738-26599D3FD15F} [2012.12.09 23:17:40 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{95BDA647-E2C8-469C-90B0-C92651A9A405} [2012.12.09 11:16:10 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{51510419-3176-4E40-BD4A-977DFF35EBD3} [2012.12.08 23:17:06 | 000,000,000 | ---D | C] -- C:\Users\Admir\Desktop\Nedo U-Kurs [2012.12.08 22:47:28 | 000,000,000 | ---D | C] -- C:\Users\Admir\Documents\Neuer Ordner [2012.12.08 14:21:58 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{EF6CF001-063E-4D1C-8EEF-EF65534325FF} [2012.12.07 11:21:08 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{463CD27D-8623-4945-8611-5E2A19E2BD36} [2012.12.06 23:20:33 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{733E2568-803E-45F4-890E-6A329EF6C70E} [2012.12.06 11:20:09 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{CABACB64-4EFF-4CD6-A603-DCE4999FE38F} [2012.12.05 01:34:31 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{7D812F67-986B-448D-B71F-43E0BF68D66A} [2012.12.04 17:07:53 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{8AEEFCE0-73C7-4407-B16F-56024ED17F52} [2012.12.03 22:41:17 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{82D8C90B-5AD7-4A1E-87E3-6C380FA70F7F} [2012.12.03 10:40:50 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{82A03ED8-72E3-4D91-BBAF-943499AEB1CB} [2012.12.01 14:55:27 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{1A40812A-60B0-4F1B-B2E2-CB28C1414145} [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.30 15:11:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.30 15:11:39 | 3193,602,048 | -HS- | M] () -- C:\hiberfil.sys [2012.12.30 15:09:44 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.12.30 15:05:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admir\Desktop\OTL.exe [2012.12.30 13:53:01 | 000,002,257 | ---- | M] () -- C:\Users\Admir\Desktop\SpyHunter.lnk [2012.12.30 13:48:18 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.30 13:48:17 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.30 13:38:15 | 000,002,890 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js [2012.12.30 13:38:15 | 000,001,086 | ---- | M] () -- C:\Users\Admir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk [2012.12.30 13:38:09 | 000,212,992 | ---- | M] (Microsoft Corporation) -- C:\Users\Admir\wgsdgsdgdsgsd.dll [2012.12.30 12:08:22 | 000,001,062 | ---- | M] () -- C:\Users\Admir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.12.29 19:09:06 | 000,001,990 | ---- | M] () -- C:\Users\Admir\Desktop\DreamBoxEdit.lnk [2012.12.27 18:05:45 | 000,001,087 | ---- | M] () -- C:\Users\Admir\Desktop\DSJ4.lnk [2012.12.24 15:47:34 | 000,001,005 | ---- | M] () -- C:\Users\Admir\Desktop\DSJ3.lnk [2012.12.22 12:04:23 | 000,426,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.20 18:44:52 | 001,622,100 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.20 18:44:52 | 000,700,630 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.20 18:44:52 | 000,655,302 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.20 18:44:52 | 000,149,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.20 18:44:52 | 000,122,174 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.20 11:42:07 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.12.18 16:37:05 | 000,001,620 | ---- | M] () -- C:\Users\Admir\Desktop\K2 - Kollektivarbeitsrecht - Verknüpfung.lnk [2012.12.16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012.12.16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012.12.13 22:26:05 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2012.12.13 22:26:05 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2012.12.13 22:26:05 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012.12.13 22:26:05 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012.12.13 22:26:05 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012.12.13 22:26:05 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012.12.12 21:08:36 | 000,002,415 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.12.11 15:54:41 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.12.11 15:54:40 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.30 13:53:03 | 000,022,704 | ---- | C] () -- C:\Windows\SysNative\drivers\EsgScanner.sys [2012.12.30 13:53:01 | 000,002,257 | ---- | C] () -- C:\Users\Admir\Desktop\SpyHunter.lnk [2012.12.30 13:38:15 | 000,002,890 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js [2012.12.30 13:38:15 | 000,001,086 | ---- | C] () -- C:\Users\Admir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk [2012.12.30 13:38:13 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.12.27 18:05:45 | 000,001,087 | ---- | C] () -- C:\Users\Admir\Desktop\DSJ4.lnk [2012.12.24 15:47:34 | 000,001,005 | ---- | C] () -- C:\Users\Admir\Desktop\DSJ3.lnk [2012.12.20 11:42:07 | 000,001,828 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.10.02 17:40:58 | 000,000,600 | ---- | C] () -- C:\Users\Admir\AppData\Roaming\winscp.rnd [2012.06.25 09:44:37 | 000,004,096 | -H-- | C] () -- C:\Users\Admir\AppData\Local\keyfile3.drm [2012.05.14 22:06:34 | 000,000,098 | ---- | C] () -- C:\Users\Admir\AppData\Roaming\CamStudio.Producer.command [2012.05.14 22:03:17 | 000,001,205 | ---- | C] () -- C:\Users\Admir\AppData\Roaming\CamStudio.Producer.ini [2012.05.14 22:03:17 | 000,000,000 | ---- | C] () -- C:\Users\Admir\AppData\Roaming\CamStudio.Producer.Data.ini [2012.05.14 21:28:20 | 000,005,120 | ---- | C] () -- C:\Users\Admir\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.05.14 21:26:47 | 000,000,408 | ---- | C] () -- C:\Users\Admir\AppData\Roaming\CamShapes.ini [2012.05.14 21:26:47 | 000,000,408 | ---- | C] () -- C:\Users\Admir\AppData\Roaming\CamLayout.ini [2012.05.14 21:26:47 | 000,000,103 | ---- | C] () -- C:\Users\Admir\AppData\Roaming\Camdata.ini [2012.05.14 21:13:33 | 000,004,425 | ---- | C] () -- C:\Users\Admir\AppData\Roaming\CamStudio.cfg [2011.12.22 15:09:49 | 000,074,248 | ---- | C] () -- C:\Windows\hpqins16.dat [2011.06.01 13:43:37 | 001,642,510 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.11.15 01:57:25 | 000,001,072 | R-S- | C] () -- C:\Users\Admir\AppData\Roaming\chkntfs.dat [2010.07.10 11:52:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011.10.09 16:37:12 | 000,000,000 | ---D | M] -- C:\Users\Admir\AppData\Roaming\.minecraft [2012.10.12 18:40:31 | 000,000,000 | ---D | M] -- C:\Users\Admir\AppData\Roaming\A1 Servicecenter [2012.10.02 17:26:05 | 000,000,000 | ---D | M] -- C:\Users\Admir\AppData\Roaming\Babylon [2012.10.02 18:20:53 | 000,000,000 | ---D | M] -- C:\Users\Admir\AppData\Roaming\BrowserCompanion [2010.01.15 12:22:38 | 000,000,000 | ---D | M] -- C:\Users\Admir\AppData\Roaming\DAEMON Tools Lite [2010.07.14 06:29:47 | 000,000,000 | ---D | M] -- C:\Users\Admir\AppData\Roaming\DEAC8354A32E98459090B8C647948D32 [2012.12.30 15:10:00 | 000,000,000 | ---D | M] -- C:\Users\Admir\AppData\Roaming\Dropbox [2011.07.01 20:26:38 | 000,000,000 | ---D | M] -- C:\Users\Admir\AppData\Roaming\DVDVideoSoft [2011.07.01 20:21:09 | 000,000,000 | ---D | M] -- C:\Users\Admir\AppData\Roaming\DVDVideoSoftIEHelpers [2012.11.01 13:38:28 | 000,000,000 | ---D | M] -- C:\Users\Admir\AppData\Roaming\EndNote [2010.06.28 00:17:56 | 000,000,000 | ---D | M] -- C:\Users\Admir\AppData\Roaming\Facebook [2009.12.19 12:13:14 | 000,000,000 | ---D | M] -- C:\Users\Admir\AppData\Roaming\Leadertech [2012.10.12 18:37:55 | 000,000,000 | ---D | M] -- C:\Users\Admir\AppData\Roaming\mquadr.at [2011.12.23 09:58:06 | 000,000,000 | ---D | M] -- C:\Users\Admir\AppData\Roaming\Nokia Ovi Suite [2011.10.07 23:03:13 | 000,000,000 | ---D | M] -- C:\Users\Admir\AppData\Roaming\PC Suite [2009.12.21 19:22:18 | 000,000,000 | ---D | M] -- C:\Users\Admir\AppData\Roaming\Program Files (x86) [2012.10.14 13:45:29 | 000,000,000 | ---D | M] -- C:\Users\Admir\AppData\Roaming\redsn0w [2010.10.17 17:59:50 | 000,000,000 | ---D | M] -- C:\Users\Admir\AppData\Roaming\TeamViewer [2009.12.18 13:23:06 | 000,000,000 | ---D | M] -- C:\Users\Admir\AppData\Roaming\Toshiba [2012.10.13 23:32:29 | 000,000,000 | ---D | M] -- C:\Users\Admir\AppData\Roaming\uTorrent [2010.10.06 18:10:50 | 000,000,000 | ---D | M] -- C:\Users\Admir\AppData\Roaming\WildTangent [2009.12.18 14:41:17 | 000,000,000 | ---D | M] -- C:\Users\Admir\AppData\Roaming\WinBatch ========== Purity Check ========== < End of report > |
|
30.12.2012, 18:40
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Polizei Department Control Trojaner Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!
__________________ |
|
30.12.2012, 18:50
| #3 |
| | Polizei Department Control Trojaner Hallo!!
__________________Danke für die Infos, zuerst habe im abgesicherten Modus (nachdem ich auf einem anderen Computer OTL.exe runtergeladen habe und per USB-Stick auf diesen Computer übertragen habe) OTL.exe nach eurer Anleitung den Scan durchgeführt. Daraus sind diese 2 Reports entstanden. Anschließend habe ich überlesen, dass man ein Fix von anderen Benutzern nicht verwenden sollte. Ich habe es aber unwissentlich gemacht und im abgesicherten Modus gefixt. Diesen fix habe ich verwendet: Code:
ATTFilter :OTL
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?AF=109992&babsrc=HP_ss&mntrId=853668800000000000000009dd5084cf
IE - HKCU\..\URLSearchHook: {66bd2442-241b-44cd-8c7a-b51037053cdb} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{033D0AAE-1F9D-4141-AA17-8965E3B86015}: "URL" = hxxp://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=109992&babsrc=SP_ss&mntrId=853668800000000000000009dd5084cf
IE - HKCU\..\SearchScopes\{ABB50930-30DE-43A4-9CF5-2FEA0BF812BA}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (no name) - {D6E0063B-7B09-45C9-A51D-1FB51840EBE0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {66BD2442-241B-44CD-8C7A-B51037053CDB} - No CLSID value found.
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKCU..\Run: [Nero MediaHome 4] "C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Playlist - res://C:\Program Files\PacketVideo\TwonkyBeam\Internet Explorer\TwonkyIEPlugin.dll/314 File not found
O15 - HKCU\..Trusted Domains: cleverreach.com ([novastor] http in Trusted sites)
O15 - HKCU\..Trusted Domains: google-analytics.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: novastor.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: novastor.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
[
[2012.08.31 18:37:32 | 004,503,728 | ---- | M] () -- C:\ProgramData\nud0repor.pad
[2012.02.28 19:50:44 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Babylon
[2010.06.13 12:38:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
:Files
C:\Users\User\AppData\Local\{*}
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\User\AppData\Local\Temp\*.exe
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
%SystemRoot%\System32\*.tmp
%SystemRoot%\SysWOW64\*.tmp
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
Hier die Reports von Malwarebytes und vom adwcleaner: Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2012.12.30.07 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 Admir :: ADMIR-TOSHIBA [Administrator] 30.12.2012 16:37:27 mbam-log-2012-12-30 (16-37-27).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 393114 Laufzeit: 1 Stunde(n), 4 Minute(n), 21 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\Users\Admir\wgsdgsdgdsgsd.dll (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Admir\AppData\Roaming\chkntfs.dat (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Admir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter # AdwCleaner v2.104 - Datei am 30/12/2012 um 17:50:26 erstellt
# Aktualisiert am 29/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Admir - ADMIR-TOSHIBA
# Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung
# Ausgeführt unter : C:\Users\Admir\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\user.js
Ordner Gelöscht : C:\Program Files (x86)\BrowserCompanion
Ordner Gelöscht : C:\Program Files (x86)\DAEMON Tools Toolbar
Ordner Gelöscht : C:\Program Files (x86)\Softonic
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\Admir\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Admir\AppData\Roaming\BrowserCompanion
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\58edad9b735ee45
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Softonic.dskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Softonic.dskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SoftonicApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SoftonicApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B15F118E-AF21-45E8-A809-29FDD7362565}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\58edad9b735ee45
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{44B50C01-4993-48E2-ADEE-D812BAE2E9A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A3E2F089-DDBB-4CBF-B06C-5D44DA316ED3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A5679AB0-C59E-49E7-83C4-5289F844A6E0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA0167C2-6295-41B8-9BDA-704B2F5E4CD9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Software
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{5018CFD2-804D-4C99-9F81-25EAEA2769DE}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v18.0 (de)
Datei : C:\Users\Admir\AppData\Roaming\Mozilla\Firefox\Profiles\4uyw43bj.default\prefs.js
Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Gelöscht : user_pref("browser.search.order.1", "Search the web (Babylon)");
Gelöscht : user_pref("extensions.BabylonToolbar.admin", false);
Gelöscht : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Gelöscht : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Gelöscht : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Gelöscht : user_pref("extensions.BabylonToolbar.excTlbr", false);
Gelöscht : user_pref("extensions.BabylonToolbar.id", "38403924000000000000701a04374fe1");
Gelöscht : user_pref("extensions.BabylonToolbar.instlDay", "15619");
Gelöscht : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Gelöscht : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Gelöscht : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Gelöscht : user_pref("extensions.BabylonToolbar.vrsn", "1.8.0.7");
Gelöscht : user_pref("extensions.BabylonToolbar.vrsni", "1.8.0.7");
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", true);
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "about:home");
Gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.0.719:15:38");
Gelöscht : user_pref("extensions.Softonic.admin", false);
Gelöscht : user_pref("extensions.Softonic.aflt", "orgnl");
Gelöscht : user_pref("extensions.Softonic.autoRvrt", "false");
Gelöscht : user_pref("extensions.Softonic.cntry", "AT");
Gelöscht : user_pref("extensions.Softonic.dfltLng", "");
Gelöscht : user_pref("extensions.Softonic.dfltSrch", false);
Gelöscht : user_pref("extensions.Softonic.dfltlng", "de");
Gelöscht : user_pref("extensions.Softonic.dfltsrch", "false");
Gelöscht : user_pref("extensions.Softonic.envrmnt", "production");
Gelöscht : user_pref("extensions.Softonic.excTlbr", false);
Gelöscht : user_pref("extensions.Softonic.hdrMd5", "3291D035B63C1E84D838C3EFB7C95494");
Gelöscht : user_pref("extensions.Softonic.hmpg", false);
Gelöscht : user_pref("extensions.Softonic.hrdid", "38403924000000000000000000000000");
Gelöscht : user_pref("extensions.Softonic.id", "38403924000000000000000000000000");
Gelöscht : user_pref("extensions.Softonic.instlDay", "15474");
Gelöscht : user_pref("extensions.Softonic.instlRef", "MON00001");
Gelöscht : user_pref("extensions.Softonic.instlday", "15474");
Gelöscht : user_pref("extensions.Softonic.instlref", "MON00015");
Gelöscht : user_pref("extensions.Softonic.isdcmntcmplt", "false");
Gelöscht : user_pref("extensions.Softonic.keywordurl", "");
Gelöscht : user_pref("extensions.Softonic.lastVrsnTs", "1.5.21.022:06:40");
Gelöscht : user_pref("extensions.Softonic.logicsmngrdailyreporttime", "14-05-2012");
Gelöscht : user_pref("extensions.Softonic.mntrvrsn", "1.3.0");
Gelöscht : user_pref("extensions.Softonic.newTab", false);
Gelöscht : user_pref("extensions.Softonic.newtab", "false");
Gelöscht : user_pref("extensions.Softonic.newtaburl", "");
Gelöscht : user_pref("extensions.Softonic.prdct", "Softonic");
Gelöscht : user_pref("extensions.Softonic.prtnrId", "softonic");
Gelöscht : user_pref("extensions.Softonic.prtnrid", "softonic");
Gelöscht : user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search set[...]
Gelöscht : user_pref("extensions.Softonic.savedVrsnTs", "1");
Gelöscht : user_pref("extensions.Softonic.sg", "az");
Gelöscht : user_pref("extensions.Softonic.similarsitesstorage-pid2", "3fdc87e2ec2aceb8");
Gelöscht : user_pref("extensions.Softonic.smplGrp", "none");
Gelöscht : user_pref("extensions.Softonic.smplgrp", "none");
Gelöscht : user_pref("extensions.Softonic.srch", "");
Gelöscht : user_pref("extensions.Softonic.srchprvdr", "");
Gelöscht : user_pref("extensions.Softonic.tlbrId", "base");
Gelöscht : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MON00001/tb_v1?SearchSource[...]
Gelöscht : user_pref("extensions.Softonic.tlbrid", "base");
Gelöscht : user_pref("extensions.Softonic.tlbrsrchurl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource[...]
Gelöscht : user_pref("extensions.Softonic.vrsn", "1.5.21.0");
Gelöscht : user_pref("extensions.Softonic.vrsnTs", "1.5.21.022:06:40");
Gelöscht : user_pref("extensions.Softonic.vrsni", "1.5.21.0");
Gelöscht : user_pref("extensions.Softonic.vrsnts", "1.5.21.022:06:40");
Gelöscht : user_pref("extensions.Softonic.xpestat\\xpereportdata", "14-4-2012");
Gelöscht : user_pref("extensions.Softonic_i.newTab", false);
Gelöscht : user_pref("extensions.Softonic_i.smplGrp", "none");
Gelöscht : user_pref("extensions.Softonic_i.vrsnTs", "1.5.21.022:10:14");
Gelöscht : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=110824&tt=031012_ccp_4012_8&babsrc=KW_ss&[...]
Datei : C:\Users\Admir\AppData\Roaming\Mozilla\Firefox\Profiles\w89gi4f3.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v23.0.1271.97
Datei : C:\Users\Admir\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gelöscht [l.11] : homepage = "hxxp://search.babylon.com/?affID=110824&tt=031012_ccp_4012_8&babsrc=HP_ss&mntrId=[...]
Gelöscht [l.15] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=110824&tt=031012_ccp_4012[...]
Gelöscht [l.1553] : homepage = "hxxp://search.babylon.com/?affID=110824&tt=031012_ccp_4012_8&babsrc=HP_ss&mntrId=384[...]
Gelöscht [l.1895] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=110824&tt=031012_ccp_4012_8&[...]
*************************
AdwCleaner[R1].txt - [15120 octets] - [30/12/2012 17:49:18]
AdwCleaner[S1].txt - [14742 octets] - [30/12/2012 17:50:26]
########## EOF - C:\AdwCleaner[S1].txt - [14803 octets] ##########
Code:
ATTFilter # AdwCleaner v2.104 - Datei am 30/12/2012 um 17:49:18 erstellt
# Aktualisiert am 29/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Admir - ADMIR-TOSHIBA
# Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung
# Ausgeführt unter : G:\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gefunden : C:\user.js
Ordner Gefunden : C:\Program Files (x86)\BrowserCompanion
Ordner Gefunden : C:\Program Files (x86)\DAEMON Tools Toolbar
Ordner Gefunden : C:\Program Files (x86)\Softonic
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\Users\Admir\AppData\Roaming\Babylon
Ordner Gefunden : C:\Users\Admir\AppData\Roaming\BrowserCompanion
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\DataMngr
Schlüssel Gefunden : HKCU\Software\DataMngr_Toolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\58edad9b735ee45
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\S
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Softonic.dskBnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Softonic.dskBnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SoftonicApp.appCore
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SoftonicApp.appCore.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{B15F118E-AF21-45E8-A809-29FDD7362565}
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gefunden : HKLM\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\58edad9b735ee45
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{44B50C01-4993-48E2-ADEE-D812BAE2E9A2}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A3E2F089-DDBB-4CBF-B06C-5D44DA316ED3}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A5679AB0-C59E-49E7-83C4-5289F844A6E0}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA0167C2-6295-41B8-9BDA-704B2F5E4CD9}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Schlüssel Gefunden : HKLM\SOFTWARE\Software
Schlüssel Gefunden : HKU\S-1-5-21-2063069217-60928023-77756203-1001\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{5018CFD2-804D-4C99-9F81-25EAEA2769DE}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v18.0 (de)
Datei : C:\Users\Admir\AppData\Roaming\Mozilla\Firefox\Profiles\4uyw43bj.default\prefs.js
Gefunden : user_pref("browser.search.defaultengine", "Ask.com");
Gefunden : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Gefunden : user_pref("browser.search.order.1", "Search the web (Babylon)");
Gefunden : user_pref("extensions.BabylonToolbar.admin", false);
Gefunden : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Gefunden : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Gefunden : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Gefunden : user_pref("extensions.BabylonToolbar.excTlbr", false);
Gefunden : user_pref("extensions.BabylonToolbar.id", "38403924000000000000701a04374fe1");
Gefunden : user_pref("extensions.BabylonToolbar.instlDay", "15619");
Gefunden : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Gefunden : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Gefunden : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Gefunden : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Gefunden : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Gefunden : user_pref("extensions.BabylonToolbar.vrsn", "1.8.0.7");
Gefunden : user_pref("extensions.BabylonToolbar.vrsni", "1.8.0.7");
Gefunden : user_pref("extensions.BabylonToolbar_i.newTab", true);
Gefunden : user_pref("extensions.BabylonToolbar_i.newTabUrl", "about:home");
Gefunden : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gefunden : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.0.719:15:38");
Gefunden : user_pref("extensions.Softonic.admin", false);
Gefunden : user_pref("extensions.Softonic.aflt", "orgnl");
Gefunden : user_pref("extensions.Softonic.autoRvrt", "false");
Gefunden : user_pref("extensions.Softonic.cntry", "AT");
Gefunden : user_pref("extensions.Softonic.dfltLng", "");
Gefunden : user_pref("extensions.Softonic.dfltSrch", false);
Gefunden : user_pref("extensions.Softonic.dfltlng", "de");
Gefunden : user_pref("extensions.Softonic.dfltsrch", "false");
Gefunden : user_pref("extensions.Softonic.envrmnt", "production");
Gefunden : user_pref("extensions.Softonic.excTlbr", false);
Gefunden : user_pref("extensions.Softonic.hdrMd5", "3291D035B63C1E84D838C3EFB7C95494");
Gefunden : user_pref("extensions.Softonic.hmpg", false);
Gefunden : user_pref("extensions.Softonic.hrdid", "38403924000000000000000000000000");
Gefunden : user_pref("extensions.Softonic.id", "38403924000000000000000000000000");
Gefunden : user_pref("extensions.Softonic.instlDay", "15474");
Gefunden : user_pref("extensions.Softonic.instlRef", "MON00001");
Gefunden : user_pref("extensions.Softonic.instlday", "15474");
Gefunden : user_pref("extensions.Softonic.instlref", "MON00015");
Gefunden : user_pref("extensions.Softonic.isdcmntcmplt", "false");
Gefunden : user_pref("extensions.Softonic.keywordurl", "");
Gefunden : user_pref("extensions.Softonic.lastVrsnTs", "1.5.21.022:06:40");
Gefunden : user_pref("extensions.Softonic.logicsmngrdailyreporttime", "14-05-2012");
Gefunden : user_pref("extensions.Softonic.mntrvrsn", "1.3.0");
Gefunden : user_pref("extensions.Softonic.newTab", false);
Gefunden : user_pref("extensions.Softonic.newtab", "false");
Gefunden : user_pref("extensions.Softonic.newtaburl", "");
Gefunden : user_pref("extensions.Softonic.prdct", "Softonic");
Gefunden : user_pref("extensions.Softonic.prtnrId", "softonic");
Gefunden : user_pref("extensions.Softonic.prtnrid", "softonic");
Gefunden : user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search set[...]
Gefunden : user_pref("extensions.Softonic.savedVrsnTs", "1");
Gefunden : user_pref("extensions.Softonic.sg", "az");
Gefunden : user_pref("extensions.Softonic.similarsitesstorage-pid2", "3fdc87e2ec2aceb8");
Gefunden : user_pref("extensions.Softonic.smplGrp", "none");
Gefunden : user_pref("extensions.Softonic.smplgrp", "none");
Gefunden : user_pref("extensions.Softonic.srch", "");
Gefunden : user_pref("extensions.Softonic.srchprvdr", "");
Gefunden : user_pref("extensions.Softonic.tlbrId", "base");
Gefunden : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MON00001/tb_v1?SearchSource[...]
Gefunden : user_pref("extensions.Softonic.tlbrid", "base");
Gefunden : user_pref("extensions.Softonic.tlbrsrchurl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource[...]
Gefunden : user_pref("extensions.Softonic.vrsn", "1.5.21.0");
Gefunden : user_pref("extensions.Softonic.vrsnTs", "1.5.21.022:06:40");
Gefunden : user_pref("extensions.Softonic.vrsni", "1.5.21.0");
Gefunden : user_pref("extensions.Softonic.vrsnts", "1.5.21.022:06:40");
Gefunden : user_pref("extensions.Softonic.xpestat\\xpereportdata", "14-4-2012");
Gefunden : user_pref("extensions.Softonic_i.newTab", false);
Gefunden : user_pref("extensions.Softonic_i.smplGrp", "none");
Gefunden : user_pref("extensions.Softonic_i.vrsnTs", "1.5.21.022:10:14");
Gefunden : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=110824&tt=031012_ccp_4012_8&babsrc=KW_ss&[...]
Datei : C:\Users\Admir\AppData\Roaming\Mozilla\Firefox\Profiles\w89gi4f3.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v23.0.1271.97
Datei : C:\Users\Admir\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gefunden [l.11] : homepage = "hxxp://search.babylon.com/?affID=110824&tt=031012_ccp_4012_8&babsrc=HP_ss&mntrId=38403924000000000000701a04374fe1",
Gefunden [l.15] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=110824&tt=031012_ccp_4012_8&babsrc=HP_ss&mntrId=38403924000000000000701a04374fe1", "hxxp://www.google.com/" ]
Gefunden [l.1553] : homepage = "hxxp://search.babylon.com/?affID=110824&tt=031012_ccp_4012_8&babsrc=HP_ss&mntrId=38403924000000000000701a04374fe1",
Gefunden [l.1895] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=110824&tt=031012_ccp_4012_8&babsrc=HP_ss&mntrId=38403924000000000000701a04374fe1", "hxxp://www.google.com/" ]
*************************
AdwCleaner[R1].txt - [15027 octets] - [30/12/2012 17:49:18]
########## EOF - C:\AdwCleaner[R1].txt - [15088 octets] ##########
Seitdem ist die Meldung, die vorher beim Starten sofort gekommen ist, nicht mehr aufgetaucht... nach dem ich alles abgeschlossen habe, habe ich einen Systemstart durchgeführt und folgender Report ist erschienen Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{66bd2442-241b-44cd-8c7a-b51037053cdb} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66bd2442-241b-44cd-8c7a-b51037053cdb}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{033D0AAE-1F9D-4141-AA17-8965E3B86015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{033D0AAE-1F9D-4141-AA17-8965E3B86015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ABB50930-30DE-43A4-9CF5-2FEA0BF812BA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABB50930-30DE-43A4-9CF5-2FEA0BF812BA}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
File C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ not found.
File C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D6E0063B-7B09-45C9-A51D-1FB51840EBE0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D6E0063B-7B09-45C9-A51D-1FB51840EBE0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ not found.
File C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
File C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{66BD2442-241B-44CD-8C7A-B51037053CDB} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66BD2442-241B-44CD-8C7A-B51037053CDB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate not found.
File C:\Program Files\DivX\DivX Update\DivXUpdate.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Nero MediaHome 4 not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Playlist\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cleverreach.com\novastor\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\google-analytics.com\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\novastor.com\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\novastor.com\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File not found.
File C:\ProgramData\nud0repor.pad not found.
Folder C:\Users\User\AppData\Roaming\Babylon\ not found.
C:\ProgramData\ezsidmv.dat moved successfully.
========== FILES ==========
File\Folder C:\Users\User\AppData\Local\{*} not found.
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\TEMP not found.
File\Folder C:\Users\User\AppData\Local\Temp\*.exe not found.
File\Folder C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache not found.
File/Folder C:\Users\Admir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
File/Folder C:\Windows\System32\*.tmp not found.
File/Folder C:\Windows\SysWOW64\*.tmp not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache konnte nicht geleert werden: Beim Ausfhren der Funktion ist ein Fehler aufgetreten.
C:\Users\Admir\Desktop\cmd.bat deleted successfully.
C:\Users\Admir\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Admir
->Temp folder emptied: 77444478 bytes
->Temporary Internet Files folder emptied: 56416695 bytes
->Java cache emptied: 4614291 bytes
->FireFox cache emptied: 100292130 bytes
->Google Chrome cache emptied: 111056733 bytes
->Flash cache emptied: 46979 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 43909 bytes
->Flash cache emptied: 41044 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1280946 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1165463325 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1.446,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 12302012_161439
Files\Folders moved on Reboot...
C:\Users\Admir\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
30.12.2012, 19:08
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Polizei Department Control Trojaner Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Malwarebytes Anti-Rootkit  Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
30.12.2012, 19:58
| #5 |
| | Polizei Department Control Trojaner hab alles genauso gemacht wie in der Anleitung! Es wurde keine Malware gefunden, stand nach Ende des Scans. Code:
ATTFilter Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org
Database version: v2012.12.30.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Admir :: ADMIR-TOSHIBA [administrator]
30.12.2012 19:55:51
mbar-log-2012-12-30 (19-55-51).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30776
Time elapsed: 39 minute(s), 40 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
30.12.2012, 20:15
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Polizei Department Control Trojaner 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ --> Polizei Department Control Trojaner |
|
30.12.2012, 20:51
| #7 |
| | Polizei Department Control Trojaner so diese Schritte wären auch erledigt. hier die Logs aswMBR: Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-30 20:18:47
-----------------------------
20:18:47.599 OS Version: Windows x64 6.1.7601 Service Pack 1
20:18:47.599 Number of processors: 2 586 0x170A
20:18:47.599 ComputerName: ADMIR-TOSHIBA UserName: Admir
20:18:48.880 Initialize success
20:20:59.871 AVAST engine defs: 12123000
20:21:20.026 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:21:20.036 Disk 0 Vendor: TOSHIBA_ FG01 Size: 381554MB BusType: 3
20:21:20.056 Disk 0 MBR read successfully
20:21:20.066 Disk 0 MBR scan
20:21:20.066 Disk 0 Windows 7 default MBR code
20:21:20.086 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 400 MB offset 2048
20:21:20.096 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 190777 MB offset 821248
20:21:20.126 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 190376 MB offset 391532544
20:21:20.176 Disk 0 scanning C:\Windows\system32\drivers
20:21:34.599 Service scanning
20:22:20.044 Modules scanning
20:22:20.044 Disk 0 trace - called modules:
20:22:20.084 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys sptd.sys hal.dll
20:22:20.084 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800575d6b0]
20:22:20.084 3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004718050]
20:22:21.535 AVAST engine scan C:\Windows
20:22:23.856 AVAST engine scan C:\Windows\system32
20:26:24.753 AVAST engine scan C:\Windows\system32\drivers
20:26:41.824 AVAST engine scan C:\Users\Admir
20:33:06.218 AVAST engine scan C:\ProgramData
20:37:08.556 Scan finished successfully
20:45:37.370 Disk 0 MBR has been saved successfully to "C:\Users\Admir\Desktop\MBR.dat"
20:45:37.380 The log file has been saved successfully to "C:\Users\Admir\Desktop\aswMBR.txt"
TDSSKiller: Code:
ATTFilter 20:47:51.0746 0760 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:47:51.0986 0760 ============================================================
20:47:51.0986 0760 Current date / time: 2012/12/30 20:47:51.0986
20:47:51.0986 0760 SystemInfo:
20:47:51.0986 0760
20:47:51.0986 0760 OS Version: 6.1.7601 ServicePack: 1.0
20:47:51.0986 0760 Product type: Workstation
20:47:51.0986 0760 ComputerName: ADMIR-TOSHIBA
20:47:51.0986 0760 UserName: Admir
20:47:51.0986 0760 Windows directory: C:\Windows
20:47:51.0986 0760 System windows directory: C:\Windows
20:47:51.0986 0760 Running under WOW64
20:47:51.0986 0760 Processor architecture: Intel x64
20:47:51.0986 0760 Number of processors: 2
20:47:51.0986 0760 Page size: 0x1000
20:47:51.0986 0760 Boot type: Normal boot
20:47:51.0986 0760 ============================================================
20:47:52.0586 0760 Drive \Device\Harddisk0\DR0 - Size: 0x5D27216000 (372.61 Gb), SectorSize: 0x200, Cylinders: 0xBE01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:47:52.0606 0760 ============================================================
20:47:52.0606 0760 \Device\Harddisk0\DR0:
20:47:52.0606 0760 MBR partitions:
20:47:52.0606 0760 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC8800, BlocksNum 0x1749C800
20:47:52.0606 0760 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x17565000, BlocksNum 0x173D4000
20:47:52.0606 0760 ============================================================
20:47:52.0626 0760 C: <-> \Device\Harddisk0\DR0\Partition1
20:47:52.0656 0760 D: <-> \Device\Harddisk0\DR0\Partition2
20:47:52.0656 0760 ============================================================
20:47:52.0656 0760 Initialize success
20:47:52.0656 0760 ============================================================
20:48:20.0996 5096 ============================================================
20:48:20.0996 5096 Scan started
20:48:20.0996 5096 Mode: Manual; SigCheck; TDLFS;
20:48:20.0996 5096 ============================================================
20:48:21.0526 5096 ================ Scan system memory ========================
20:48:21.0526 5096 System memory - ok
20:48:21.0526 5096 ================ Scan services =============================
20:48:21.0836 5096 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:48:22.0016 5096 1394ohci - ok
20:48:22.0086 5096 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:48:22.0116 5096 ACPI - ok
20:48:22.0166 5096 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:48:22.0226 5096 AcpiPmi - ok
20:48:22.0346 5096 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:48:22.0376 5096 AdobeARMservice - ok
20:48:22.0436 5096 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:48:22.0466 5096 adp94xx - ok
20:48:22.0496 5096 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:48:22.0516 5096 adpahci - ok
20:48:22.0546 5096 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:48:22.0586 5096 adpu320 - ok
20:48:22.0626 5096 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:48:22.0706 5096 AeLookupSvc - ok
20:48:22.0756 5096 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
20:48:22.0816 5096 AFD - ok
20:48:22.0866 5096 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:48:22.0906 5096 agp440 - ok
20:48:22.0946 5096 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
20:48:23.0026 5096 ALG - ok
20:48:23.0076 5096 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
20:48:23.0086 5096 aliide - ok
20:48:23.0156 5096 [ 98A2774D3F18C107874C8C1163EBE484 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:48:23.0226 5096 AMD External Events Utility - ok
20:48:23.0276 5096 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
20:48:23.0306 5096 amdide - ok
20:48:23.0356 5096 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:48:23.0416 5096 AmdK8 - ok
20:48:23.0446 5096 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:48:23.0516 5096 AmdPPM - ok
20:48:23.0566 5096 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:48:23.0576 5096 amdsata - ok
20:48:23.0626 5096 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:48:23.0646 5096 amdsbs - ok
20:48:23.0666 5096 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:48:23.0676 5096 amdxata - ok
20:48:23.0796 5096 [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
20:48:23.0826 5096 AntiVirSchedulerService - ok
20:48:23.0896 5096 [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
20:48:23.0926 5096 AntiVirService - ok
20:48:23.0986 5096 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
20:48:24.0056 5096 AppID - ok
20:48:24.0076 5096 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:48:24.0136 5096 AppIDSvc - ok
20:48:24.0196 5096 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
20:48:24.0266 5096 Appinfo - ok
20:48:24.0366 5096 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:48:24.0386 5096 Apple Mobile Device - ok
20:48:24.0426 5096 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
20:48:24.0446 5096 arc - ok
20:48:24.0466 5096 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:48:24.0476 5096 arcsas - ok
20:48:24.0606 5096 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:48:24.0626 5096 aspnet_state - ok
20:48:24.0656 5096 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:48:24.0716 5096 AsyncMac - ok
20:48:24.0766 5096 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
20:48:24.0806 5096 atapi - ok
20:48:24.0886 5096 [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr C:\Windows\system32\DRIVERS\athrx.sys
20:48:24.0976 5096 athr - ok
20:48:25.0186 5096 [ 173F4C05F87085E9BDA3F7037BC9F40E ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
20:48:25.0417 5096 atikmdag - ok
20:48:25.0477 5096 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:48:25.0567 5096 AudioEndpointBuilder - ok
20:48:25.0577 5096 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:48:25.0617 5096 AudioSrv - ok
20:48:25.0667 5096 [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
20:48:25.0687 5096 avgntflt - ok
20:48:25.0767 5096 [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
20:48:25.0797 5096 avipbb - ok
20:48:25.0817 5096 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
20:48:25.0827 5096 avkmgr - ok
20:48:25.0887 5096 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:48:25.0987 5096 AxInstSV - ok
20:48:26.0047 5096 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
20:48:26.0117 5096 b06bdrv - ok
20:48:26.0157 5096 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:48:26.0207 5096 b57nd60a - ok
20:48:26.0247 5096 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
20:48:26.0297 5096 BDESVC - ok
20:48:26.0347 5096 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
20:48:26.0447 5096 Beep - ok
20:48:26.0507 5096 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
20:48:26.0597 5096 BFE - ok
20:48:26.0627 5096 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
20:48:26.0707 5096 BITS - ok
20:48:26.0737 5096 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:48:26.0757 5096 blbdrive - ok
20:48:26.0847 5096 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:48:26.0877 5096 Bonjour Service - ok
20:48:26.0927 5096 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:48:26.0977 5096 bowser - ok
20:48:27.0017 5096 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:48:27.0087 5096 BrFiltLo - ok
20:48:27.0107 5096 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:48:27.0117 5096 BrFiltUp - ok
20:48:27.0167 5096 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
20:48:27.0227 5096 Browser - ok
20:48:27.0257 5096 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:48:27.0327 5096 Brserid - ok
20:48:27.0347 5096 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:48:27.0377 5096 BrSerWdm - ok
20:48:27.0417 5096 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:48:27.0477 5096 BrUsbMdm - ok
20:48:27.0487 5096 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:48:27.0527 5096 BrUsbSer - ok
20:48:27.0547 5096 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:48:27.0587 5096 BTHMODEM - ok
20:48:27.0627 5096 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
20:48:27.0727 5096 bthserv - ok
20:48:27.0787 5096 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:48:27.0827 5096 cdfs - ok
20:48:27.0877 5096 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:48:27.0927 5096 cdrom - ok
20:48:27.0977 5096 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
20:48:28.0047 5096 CertPropSvc - ok
20:48:28.0127 5096 [ 837FF2D497880198C918E6954DBD170C ] cfWiMAXService C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
20:48:28.0147 5096 cfWiMAXService - ok
20:48:28.0187 5096 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:48:28.0257 5096 circlass - ok
20:48:28.0307 5096 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
20:48:28.0327 5096 CLFS - ok
20:48:28.0387 5096 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:48:28.0417 5096 clr_optimization_v2.0.50727_32 - ok
20:48:28.0477 5096 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:48:28.0517 5096 clr_optimization_v2.0.50727_64 - ok
20:48:28.0607 5096 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:48:28.0647 5096 clr_optimization_v4.0.30319_32 - ok
20:48:28.0647 5096 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:48:28.0667 5096 clr_optimization_v4.0.30319_64 - ok
20:48:28.0687 5096 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:48:28.0717 5096 CmBatt - ok
20:48:28.0737 5096 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:48:28.0757 5096 cmdide - ok
20:48:28.0807 5096 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
20:48:28.0877 5096 CNG - ok
20:48:28.0907 5096 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:48:28.0927 5096 Compbatt - ok
20:48:28.0957 5096 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
20:48:29.0007 5096 CompositeBus - ok
20:48:29.0027 5096 COMSysApp - ok
20:48:29.0067 5096 [ D252C53BCDFC199BBA55EEB10CDB266E ] ConfigFree Gadget Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
20:48:29.0087 5096 ConfigFree Gadget Service - ok
20:48:29.0117 5096 [ CAB0EEAF5295FC96DDD3E19DCE27E131 ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
20:48:29.0127 5096 ConfigFree Service - ok
20:48:29.0157 5096 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:48:29.0177 5096 crcdisk - ok
20:48:29.0247 5096 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:48:29.0347 5096 CryptSvc - ok
20:48:29.0407 5096 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:48:29.0487 5096 DcomLaunch - ok
20:48:29.0527 5096 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
20:48:29.0587 5096 defragsvc - ok
20:48:29.0627 5096 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:48:29.0687 5096 DfsC - ok
20:48:29.0747 5096 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
20:48:29.0827 5096 Dhcp - ok
20:48:29.0857 5096 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
20:48:29.0917 5096 discache - ok
20:48:29.0947 5096 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:48:29.0967 5096 Disk - ok
20:48:29.0997 5096 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:48:30.0047 5096 Dnscache - ok
20:48:30.0077 5096 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
20:48:30.0167 5096 dot3svc - ok
20:48:30.0197 5096 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
20:48:30.0267 5096 DPS - ok
20:48:30.0297 5096 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:48:30.0337 5096 drmkaud - ok
20:48:30.0397 5096 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:48:30.0457 5096 DXGKrnl - ok
20:48:30.0497 5096 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
20:48:30.0547 5096 EapHost - ok
20:48:30.0657 5096 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
20:48:30.0717 5096 ebdrv - ok
20:48:30.0757 5096 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
20:48:30.0837 5096 EFS - ok
20:48:30.0917 5096 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:48:31.0007 5096 ehRecvr - ok
20:48:31.0027 5096 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
20:48:31.0067 5096 ehSched - ok
20:48:31.0137 5096 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:48:31.0177 5096 elxstor - ok
20:48:31.0217 5096 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:48:31.0257 5096 ErrDev - ok
20:48:31.0297 5096 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
20:48:31.0377 5096 EventSystem - ok
20:48:31.0407 5096 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
20:48:31.0467 5096 exfat - ok
20:48:31.0487 5096 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:48:31.0547 5096 fastfat - ok
20:48:31.0627 5096 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
20:48:31.0697 5096 Fax - ok
20:48:31.0737 5096 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:48:31.0767 5096 fdc - ok
20:48:31.0807 5096 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
20:48:31.0867 5096 fdPHost - ok
20:48:31.0887 5096 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
20:48:31.0937 5096 FDResPub - ok
20:48:31.0957 5096 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:48:31.0967 5096 FileInfo - ok
20:48:32.0007 5096 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:48:32.0077 5096 Filetrace - ok
20:48:32.0117 5096 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:48:32.0147 5096 flpydisk - ok
20:48:32.0197 5096 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:48:32.0217 5096 FltMgr - ok
20:48:32.0277 5096 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
20:48:32.0327 5096 FontCache - ok
20:48:32.0388 5096 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:48:32.0418 5096 FontCache3.0.0.0 - ok
20:48:32.0448 5096 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:48:32.0458 5096 FsDepends - ok
20:48:32.0528 5096 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
20:48:32.0568 5096 fssfltr - ok
20:48:32.0708 5096 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
20:48:32.0748 5096 fsssvc - ok
20:48:32.0788 5096 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:48:32.0818 5096 Fs_Rec - ok
20:48:32.0868 5096 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:48:32.0908 5096 fvevol - ok
20:48:32.0948 5096 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:48:32.0968 5096 gagp30kx - ok
20:48:33.0068 5096 [ 551D463E4CCEB5240234DA6718C93A44 ] GameConsoleService C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
20:48:33.0108 5096 GameConsoleService - ok
20:48:33.0148 5096 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:48:33.0168 5096 GEARAspiWDM - ok
20:48:33.0228 5096 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
20:48:33.0298 5096 gpsvc - ok
20:48:33.0428 5096 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:48:33.0448 5096 gupdate - ok
20:48:33.0468 5096 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:48:33.0478 5096 gupdatem - ok
20:48:33.0508 5096 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:48:33.0568 5096 hcw85cir - ok
20:48:33.0618 5096 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:48:33.0678 5096 HdAudAddService - ok
20:48:33.0718 5096 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
20:48:33.0748 5096 HDAudBus - ok
20:48:33.0788 5096 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:48:33.0838 5096 HidBatt - ok
20:48:33.0858 5096 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:48:33.0888 5096 HidBth - ok
20:48:33.0918 5096 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:48:33.0958 5096 HidIr - ok
20:48:33.0988 5096 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
20:48:34.0058 5096 hidserv - ok
20:48:34.0118 5096 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:48:34.0138 5096 HidUsb - ok
20:48:34.0178 5096 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:48:34.0278 5096 hkmsvc - ok
20:48:34.0318 5096 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:48:34.0388 5096 HomeGroupListener - ok
20:48:34.0428 5096 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:48:34.0458 5096 HomeGroupProvider - ok
20:48:34.0538 5096 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:48:34.0548 5096 HpSAMD - ok
20:48:34.0608 5096 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:48:34.0668 5096 HTTP - ok
20:48:34.0738 5096 [ 8F9B0FC4EC3A8194BD4CBC5ED3E7ABEB ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
20:48:34.0778 5096 hwdatacard - ok
20:48:34.0818 5096 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:48:34.0838 5096 hwpolicy - ok
20:48:34.0888 5096 [ 230C041AF8DF1D2308C3AC5146E3FF4F ] hwusbdev C:\Windows\system32\DRIVERS\ewusbdev.sys
20:48:34.0928 5096 hwusbdev - ok
20:48:34.0988 5096 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
20:48:35.0018 5096 i8042prt - ok
20:48:35.0058 5096 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
20:48:35.0078 5096 iaStor - ok
20:48:35.0118 5096 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:48:35.0148 5096 iaStorV - ok
20:48:35.0218 5096 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:48:35.0258 5096 idsvc - ok
20:48:35.0449 5096 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
20:48:35.0689 5096 igfx - ok
20:48:35.0729 5096 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:48:35.0759 5096 iirsp - ok
20:48:35.0809 5096 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
20:48:35.0879 5096 IKEEXT - ok
20:48:35.0999 5096 [ 0C3CF4B3BAE28E121A1689E3538F8712 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:48:36.0069 5096 IntcAzAudAddService - ok
20:48:36.0099 5096 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
20:48:36.0109 5096 intelide - ok
20:48:36.0159 5096 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:48:36.0209 5096 intelppm - ok
20:48:36.0239 5096 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:48:36.0289 5096 IPBusEnum - ok
20:48:36.0339 5096 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:48:36.0389 5096 IpFilterDriver - ok
20:48:36.0429 5096 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:48:36.0469 5096 iphlpsvc - ok
20:48:36.0499 5096 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:48:36.0539 5096 IPMIDRV - ok
20:48:36.0579 5096 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:48:36.0629 5096 IPNAT - ok
20:48:36.0759 5096 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:48:36.0789 5096 iPod Service - ok
20:48:36.0809 5096 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:48:36.0839 5096 IRENUM - ok
20:48:36.0859 5096 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:48:36.0869 5096 isapnp - ok
20:48:36.0919 5096 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:48:36.0939 5096 iScsiPrt - ok
20:48:36.0949 5096 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
20:48:36.0969 5096 kbdclass - ok
20:48:36.0999 5096 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
20:48:37.0019 5096 kbdhid - ok
20:48:37.0029 5096 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
20:48:37.0049 5096 KeyIso - ok
20:48:37.0089 5096 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:48:37.0109 5096 KSecDD - ok
20:48:37.0149 5096 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:48:37.0169 5096 KSecPkg - ok
20:48:37.0199 5096 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:48:37.0259 5096 ksthunk - ok
20:48:37.0299 5096 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
20:48:37.0369 5096 KtmRm - ok
20:48:37.0409 5096 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
20:48:37.0489 5096 LanmanServer - ok
20:48:37.0519 5096 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:48:37.0579 5096 LanmanWorkstation - ok
20:48:37.0629 5096 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:48:37.0699 5096 lltdio - ok
20:48:37.0739 5096 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:48:37.0819 5096 lltdsvc - ok
20:48:37.0839 5096 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:48:37.0879 5096 lmhosts - ok
20:48:37.0909 5096 [ 41E122F6D1448C94CC05196BC41D6BFB ] LPCFilter C:\Windows\system32\DRIVERS\LPCFilter.sys
20:48:37.0919 5096 LPCFilter - ok
20:48:37.0949 5096 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:48:37.0959 5096 LSI_FC - ok
20:48:37.0979 5096 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:48:37.0989 5096 LSI_SAS - ok
20:48:38.0009 5096 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:48:38.0019 5096 LSI_SAS2 - ok
20:48:38.0049 5096 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:48:38.0069 5096 LSI_SCSI - ok
20:48:38.0109 5096 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
20:48:38.0179 5096 luafv - ok
20:48:38.0189 5096 massfilter - ok
20:48:38.0219 5096 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:48:38.0249 5096 Mcx2Svc - ok
20:48:38.0279 5096 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:48:38.0289 5096 megasas - ok
20:48:38.0329 5096 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:48:38.0349 5096 MegaSR - ok
20:48:38.0389 5096 [ 4A1C21576FB7F96F4DBDEA627FFDA775 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
20:48:38.0399 5096 mfeavfk - ok
20:48:38.0419 5096 [ 9E0AC52B3232FF8DC65FEE1A9C2FE8D1 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
20:48:38.0429 5096 mfehidk - ok
20:48:38.0469 5096 [ 624D717B11E5004F68442B5740F17F21 ] mferkdk C:\Windows\system32\drivers\mferkdk.sys
20:48:38.0479 5096 mferkdk - ok
20:48:38.0489 5096 [ 0CD9DE7B96735F33F078C4EA044E8B34 ] mfesmfk C:\Windows\system32\drivers\mfesmfk.sys
20:48:38.0499 5096 mfesmfk - ok
20:48:38.0599 5096 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
20:48:38.0639 5096 Microsoft Office Groove Audit Service - ok
20:48:38.0669 5096 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
20:48:38.0769 5096 MMCSS - ok
20:48:38.0809 5096 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
20:48:38.0899 5096 Modem - ok
20:48:38.0949 5096 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:48:39.0009 5096 monitor - ok
20:48:39.0069 5096 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:48:39.0109 5096 mouclass - ok
20:48:39.0149 5096 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:48:39.0199 5096 mouhid - ok
20:48:39.0249 5096 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:48:39.0279 5096 mountmgr - ok
20:48:39.0339 5096 [ D0431544D07A817C0959C73228A62AB0 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:48:39.0349 5096 MozillaMaintenance - ok
20:48:39.0379 5096 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
20:48:39.0419 5096 mpio - ok
20:48:39.0449 5096 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:48:39.0489 5096 mpsdrv - ok
20:48:39.0549 5096 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:48:39.0609 5096 MpsSvc - ok
20:48:39.0659 5096 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:48:39.0699 5096 MRxDAV - ok
20:48:39.0739 5096 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:48:39.0779 5096 mrxsmb - ok
20:48:39.0819 5096 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:48:39.0849 5096 mrxsmb10 - ok
20:48:39.0889 5096 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:48:39.0919 5096 mrxsmb20 - ok
20:48:39.0959 5096 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
20:48:39.0999 5096 msahci - ok
20:48:40.0029 5096 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:48:40.0049 5096 msdsm - ok
20:48:40.0079 5096 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
20:48:40.0109 5096 MSDTC - ok
20:48:40.0159 5096 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:48:40.0199 5096 Msfs - ok
20:48:40.0209 5096 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:48:40.0269 5096 mshidkmdf - ok
20:48:40.0299 5096 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:48:40.0319 5096 msisadrv - ok
20:48:40.0369 5096 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:48:40.0420 5096 MSiSCSI - ok
20:48:40.0420 5096 msiserver - ok
20:48:40.0470 5096 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:48:40.0550 5096 MSKSSRV - ok
20:48:40.0580 5096 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:48:40.0640 5096 MSPCLOCK - ok
20:48:40.0660 5096 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:48:40.0720 5096 MSPQM - ok
20:48:40.0770 5096 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:48:40.0810 5096 MsRPC - ok
20:48:40.0850 5096 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
20:48:40.0860 5096 mssmbios - ok
20:48:40.0900 5096 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:48:40.0980 5096 MSTEE - ok
20:48:40.0990 5096 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:48:41.0010 5096 MTConfig - ok
20:48:41.0030 5096 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
20:48:41.0040 5096 Mup - ok
20:48:41.0090 5096 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
20:48:41.0180 5096 napagent - ok
20:48:41.0240 5096 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:48:41.0290 5096 NativeWifiP - ok
20:48:41.0350 5096 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:48:41.0390 5096 NDIS - ok
20:48:41.0430 5096 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:48:41.0520 5096 NdisCap - ok
20:48:41.0540 5096 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:48:41.0590 5096 NdisTapi - ok
20:48:41.0620 5096 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:48:41.0700 5096 Ndisuio - ok
20:48:41.0730 5096 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:48:41.0790 5096 NdisWan - ok
20:48:41.0830 5096 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:48:41.0890 5096 NDProxy - ok
20:48:41.0930 5096 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:48:42.0000 5096 NetBIOS - ok
20:48:42.0040 5096 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:48:42.0090 5096 NetBT - ok
20:48:42.0110 5096 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
20:48:42.0130 5096 Netlogon - ok
20:48:42.0170 5096 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
20:48:42.0260 5096 Netman - ok
20:48:42.0310 5096 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:48:42.0350 5096 NetMsmqActivator - ok
20:48:42.0360 5096 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:48:42.0370 5096 NetPipeActivator - ok
20:48:42.0400 5096 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
20:48:42.0460 5096 netprofm - ok
20:48:42.0540 5096 [ 81B8D0C1CE44A7FDBD596B693783950C ] netr7364 C:\Windows\system32\DRIVERS\netr7364.sys
20:48:42.0580 5096 netr7364 - ok
20:48:42.0610 5096 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:48:42.0630 5096 NetTcpActivator - ok
20:48:42.0630 5096 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:48:42.0650 5096 NetTcpPortSharing - ok
20:48:42.0690 5096 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:48:42.0710 5096 nfrd960 - ok
20:48:42.0770 5096 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:48:42.0800 5096 NlaSvc - ok
20:48:42.0840 5096 [ 907B5E1E4A592E5EDC5E4CCBDE4863C2 ] nmwcd C:\Windows\system32\drivers\ccdcmbx64.sys
20:48:42.0880 5096 nmwcd - ok
20:48:42.0930 5096 [ 31C1FAC4AE14FB2F8771C59BA3F90BAD ] nmwcdc C:\Windows\system32\drivers\ccdcmbox64.sys
20:48:43.0020 5096 nmwcdc - ok
20:48:43.0080 5096 [ 9573223E205907247AE6D948E3453770 ] nmwcdnsux64 C:\Windows\system32\drivers\nmwcdnsux64.sys
20:48:43.0130 5096 nmwcdnsux64 - ok
20:48:43.0160 5096 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:48:43.0200 5096 Npfs - ok
20:48:43.0240 5096 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
20:48:43.0290 5096 nsi - ok
20:48:43.0310 5096 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:48:43.0360 5096 nsiproxy - ok
20:48:43.0440 5096 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:48:43.0490 5096 Ntfs - ok
20:48:43.0520 5096 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
20:48:43.0570 5096 Null - ok
20:48:43.0620 5096 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:48:43.0640 5096 nvraid - ok
20:48:43.0660 5096 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:48:43.0680 5096 nvstor - ok
20:48:43.0730 5096 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:48:43.0750 5096 nv_agp - ok
20:48:43.0880 5096 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:48:43.0900 5096 odserv - ok
20:48:43.0930 5096 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:48:43.0960 5096 ohci1394 - ok
20:48:44.0030 5096 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:48:44.0040 5096 ose - ok
20:48:44.0080 5096 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:48:44.0120 5096 p2pimsvc - ok
20:48:44.0150 5096 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
20:48:44.0170 5096 p2psvc - ok
20:48:44.0210 5096 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:48:44.0220 5096 Parport - ok
20:48:44.0270 5096 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:48:44.0280 5096 partmgr - ok
20:48:44.0320 5096 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:48:44.0350 5096 PcaSvc - ok
20:48:44.0400 5096 pccsmcfd - ok
20:48:44.0440 5096 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
20:48:44.0460 5096 pci - ok
20:48:44.0480 5096 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
20:48:44.0500 5096 pciide - ok
20:48:44.0530 5096 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:48:44.0550 5096 pcmcia - ok
20:48:44.0570 5096 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
20:48:44.0580 5096 pcw - ok
20:48:44.0610 5096 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:48:44.0680 5096 PEAUTH - ok
20:48:44.0750 5096 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:48:44.0790 5096 PerfHost - ok
20:48:44.0850 5096 [ 663962900E7FEA522126BA287715BB4A ] PGEffect C:\Windows\system32\DRIVERS\pgeffect.sys
20:48:44.0870 5096 PGEffect - ok
20:48:44.0950 5096 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
20:48:45.0040 5096 pla - ok
20:48:45.0100 5096 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:48:45.0140 5096 PlugPlay - ok
20:48:45.0170 5096 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:48:45.0210 5096 PNRPAutoReg - ok
20:48:45.0240 5096 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:48:45.0260 5096 PNRPsvc - ok
20:48:45.0310 5096 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:48:45.0370 5096 PolicyAgent - ok
20:48:45.0410 5096 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
20:48:45.0470 5096 Power - ok
20:48:45.0530 5096 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:48:45.0620 5096 PptpMiniport - ok
20:48:45.0650 5096 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:48:45.0690 5096 Processor - ok
20:48:45.0730 5096 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
20:48:45.0780 5096 ProfSvc - ok
20:48:45.0790 5096 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:48:45.0810 5096 ProtectedStorage - ok
20:48:45.0850 5096 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:48:45.0900 5096 Psched - ok
20:48:45.0950 5096 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:48:45.0990 5096 ql2300 - ok
20:48:46.0030 5096 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:48:46.0040 5096 ql40xx - ok
20:48:46.0080 5096 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
20:48:46.0130 5096 QWAVE - ok
20:48:46.0140 5096 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:48:46.0160 5096 QWAVEdrv - ok
20:48:46.0190 5096 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:48:46.0270 5096 RasAcd - ok
20:48:46.0330 5096 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:48:46.0380 5096 RasAgileVpn - ok
20:48:46.0410 5096 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
20:48:46.0480 5096 RasAuto - ok
20:48:46.0530 5096 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:48:46.0590 5096 Rasl2tp - ok
20:48:46.0640 5096 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
20:48:46.0750 5096 RasMan - ok
20:48:46.0790 5096 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:48:46.0840 5096 RasPppoe - ok
20:48:46.0870 5096 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:48:46.0920 5096 RasSstp - ok
20:48:46.0960 5096 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:48:47.0020 5096 rdbss - ok
20:48:47.0050 5096 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:48:47.0090 5096 rdpbus - ok
20:48:47.0110 5096 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:48:47.0160 5096 RDPCDD - ok
20:48:47.0190 5096 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:48:47.0240 5096 RDPENCDD - ok
20:48:47.0250 5096 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:48:47.0290 5096 RDPREFMP - ok
20:48:47.0330 5096 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:48:47.0400 5096 RDPWD - ok
20:48:47.0441 5096 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:48:47.0461 5096 rdyboost - ok
20:48:47.0491 5096 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:48:47.0561 5096 RemoteAccess - ok
20:48:47.0592 5096 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:48:47.0642 5096 RemoteRegistry - ok
20:48:47.0662 5096 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:48:47.0722 5096 RpcEptMapper - ok
20:48:47.0752 5096 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
20:48:47.0782 5096 RpcLocator - ok
20:48:47.0832 5096 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
20:48:47.0902 5096 RpcSs - ok
20:48:47.0952 5096 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:48:48.0032 5096 rspndr - ok
20:48:48.0092 5096 [ 8C22F21C924413D4E109995F748E18BB ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
20:48:48.0162 5096 RSUSBSTOR - ok
20:48:48.0212 5096 [ 483C537E69FA97C77F7FE0E2E1C1F102 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
20:48:48.0242 5096 RTHDMIAzAudService - ok
20:48:48.0302 5096 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
20:48:48.0342 5096 RTL8167 - ok
20:48:48.0422 5096 [ A9EDE191B5478D18F0A1BFF3B822F7A5 ] rtl8192se C:\Windows\system32\DRIVERS\rtl8192se.sys
20:48:48.0482 5096 rtl8192se - ok
20:48:48.0502 5096 RtsUIR - ok
20:48:48.0522 5096 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
20:48:48.0542 5096 SamSs - ok
20:48:48.0582 5096 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:48:48.0602 5096 sbp2port - ok
20:48:48.0632 5096 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:48:48.0692 5096 SCardSvr - ok
20:48:48.0722 5096 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:48:48.0772 5096 scfilter - ok
20:48:48.0822 5096 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
20:48:48.0892 5096 Schedule - ok
20:48:48.0932 5096 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:48:48.0972 5096 SCPolicySvc - ok
20:48:49.0002 5096 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:48:49.0052 5096 SDRSVC - ok
20:48:49.0092 5096 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:48:49.0152 5096 secdrv - ok
20:48:49.0192 5096 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
20:48:49.0252 5096 seclogon - ok
20:48:49.0282 5096 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
20:48:49.0332 5096 SENS - ok
20:48:49.0372 5096 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:48:49.0402 5096 SensrSvc - ok
20:48:49.0432 5096 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:48:49.0442 5096 Serenum - ok
20:48:49.0472 5096 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:48:49.0502 5096 Serial - ok
20:48:49.0532 5096 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:48:49.0542 5096 sermouse - ok
20:48:49.0582 5096 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
20:48:49.0662 5096 SessionEnv - ok
20:48:49.0692 5096 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:48:49.0722 5096 sffdisk - ok
20:48:49.0732 5096 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:48:49.0752 5096 sffp_mmc - ok
20:48:49.0772 5096 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:48:49.0792 5096 sffp_sd - ok
20:48:49.0842 5096 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:48:49.0882 5096 sfloppy - ok
20:48:49.0932 5096 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:48:50.0012 5096 SharedAccess - ok
20:48:50.0052 5096 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:48:50.0112 5096 ShellHWDetection - ok
20:48:50.0132 5096 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:48:50.0142 5096 SiSRaid2 - ok
20:48:50.0182 5096 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:48:50.0192 5096 SiSRaid4 - ok
20:48:50.0242 5096 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
20:48:50.0252 5096 SkypeUpdate - ok
20:48:50.0272 5096 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:48:50.0362 5096 Smb - ok
20:48:50.0402 5096 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:48:50.0432 5096 SNMPTRAP - ok
20:48:50.0462 5096 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
20:48:50.0472 5096 spldr - ok
20:48:50.0522 5096 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
20:48:50.0602 5096 Spooler - ok
20:48:50.0732 5096 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
20:48:50.0932 5096 sppsvc - ok
20:48:50.0962 5096 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:48:51.0012 5096 sppuinotify - ok
20:48:51.0092 5096 [ 34F974F8B3C86DE03A30DCBE79091C97 ] sptd C:\Windows\system32\Drivers\sptd.sys
20:48:51.0092 5096 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 34F974F8B3C86DE03A30DCBE79091C97
20:48:51.0092 5096 sptd ( LockedFile.Multi.Generic ) - warning
20:48:51.0092 5096 sptd - detected LockedFile.Multi.Generic (1)
20:48:51.0152 5096 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
20:48:51.0192 5096 srv - ok
20:48:51.0222 5096 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:48:51.0252 5096 srv2 - ok
20:48:51.0292 5096 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:48:51.0332 5096 srvnet - ok
20:48:51.0372 5096 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:48:51.0452 5096 SSDPSRV - ok
20:48:51.0472 5096 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:48:51.0512 5096 SstpSvc - ok
20:48:51.0642 5096 [ E5C796B621F6FBA8616511063D7F0FFE ] StarWindServiceAE C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
20:48:51.0662 5096 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - warning
20:48:51.0662 5096 StarWindServiceAE - detected UnsignedFile.Multi.Generic (1)
20:48:51.0682 5096 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:48:51.0702 5096 stexstor - ok
20:48:51.0762 5096 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
20:48:51.0802 5096 stisvc - ok
20:48:51.0852 5096 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
20:48:51.0872 5096 swenum - ok
20:48:51.0912 5096 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
20:48:51.0972 5096 swprv - ok
20:48:52.0032 5096 [ BE7311DA9D6833FA69ED04B744A1C8F8 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
20:48:52.0042 5096 SynTP - ok
20:48:52.0132 5096 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
20:48:52.0202 5096 SysMain - ok
20:48:52.0242 5096 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:48:52.0302 5096 TabletInputService - ok
20:48:52.0332 5096 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:48:52.0382 5096 TapiSrv - ok
20:48:52.0402 5096 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
20:48:52.0452 5096 TBS - ok
20:48:52.0552 5096 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:48:52.0612 5096 Tcpip - ok
20:48:52.0682 5096 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:48:52.0742 5096 TCPIP6 - ok
20:48:52.0782 5096 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:48:52.0802 5096 tcpipreg - ok
20:48:52.0862 5096 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\Windows\system32\DRIVERS\tdcmdpst.sys
20:48:52.0892 5096 tdcmdpst - ok
20:48:52.0932 5096 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:48:52.0982 5096 TDPIPE - ok
20:48:53.0022 5096 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:48:53.0072 5096 TDTCP - ok
20:48:53.0122 5096 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:48:53.0212 5096 tdx - ok
20:48:53.0342 5096 [ 960C1194DC43744C4851995F7DAF0552 ] TeamViewer5 C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
20:48:53.0382 5096 TeamViewer5 - ok
20:48:53.0462 5096 [ 63B4F544664DC5154FDA4213E2AF09D0 ] TemproMonitoringService C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
20:48:53.0492 5096 TemproMonitoringService - ok
20:48:53.0512 5096 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
20:48:53.0532 5096 TermDD - ok
20:48:53.0582 5096 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
20:48:53.0662 5096 TermService - ok
20:48:53.0692 5096 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
20:48:53.0732 5096 Themes - ok
20:48:53.0762 5096 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
20:48:53.0812 5096 THREADORDER - ok
20:48:53.0882 5096 [ 32577B987AE5401038451BB392CB8D89 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
20:48:53.0912 5096 TMachInfo - ok
20:48:53.0942 5096 [ ED32035BDFECED1AD66D459FD9CC1140 ] TODDSrv C:\Windows\system32\TODDSrv.exe
20:48:53.0972 5096 TODDSrv - ok
20:48:54.0062 5096 [ 4DB8C79BCEA76063B83B13410366A1F7 ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
20:48:54.0092 5096 TosCoSrv - ok
20:48:54.0172 5096 [ AB2D61A032A01BF9E84F03CAA9D22932 ] TOSHIBA Bluetooth Service C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
20:48:54.0202 5096 TOSHIBA Bluetooth Service - ok
20:48:54.0272 5096 [ 707800855AFBD7648375EFB1519B8D6D ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
20:48:54.0292 5096 TOSHIBA eco Utility Service - ok
20:48:54.0352 5096 [ DD58E1250F604CBBADDA04575E5E2376 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
20:48:54.0372 5096 TOSHIBA HDD SSD Alert Service - ok
20:48:54.0412 5096 [ 8021F63311797085949FA387F7C83583 ] tosporte C:\Windows\system32\DRIVERS\tosporte.sys
20:48:54.0442 5096 tosporte - ok
20:48:54.0462 5096 [ 71BB669BFCADE1580FDCE010ABC76310 ] tosrfbd C:\Windows\system32\DRIVERS\tosrfbd.sys
20:48:54.0472 5096 tosrfbd - ok
20:48:54.0492 5096 [ 62512B5277D88600F8BD4B7AEC43569D ] tosrfbnp C:\Windows\system32\Drivers\tosrfbnp.sys
20:48:54.0502 5096 tosrfbnp - ok
20:48:54.0512 5096 [ C523A9186C39D65CC9ADEBB2E1B93CCD ] Tosrfcom C:\Windows\system32\Drivers\tosrfcom.sys
20:48:54.0522 5096 Tosrfcom - ok
20:48:54.0572 5096 [ 11699D47B3491D86249C168496D55C92 ] tosrfec C:\Windows\system32\DRIVERS\tosrfec.sys
20:48:54.0592 5096 tosrfec - ok
20:48:54.0642 5096 [ 451B8C1815C6CC39650AF916C2A382CD ] Tosrfhid C:\Windows\system32\DRIVERS\Tosrfhid.sys
20:48:54.0672 5096 Tosrfhid - ok
20:48:54.0692 5096 [ B6FDC3C76FFE9C5171EEA9C37EA367C2 ] tosrfnds C:\Windows\system32\DRIVERS\tosrfnds.sys
20:48:54.0702 5096 tosrfnds - ok
20:48:54.0722 5096 [ E1E045240C1184FA6628F3C7E7FF85D8 ] TosRfSnd C:\Windows\system32\drivers\tosrfsnd.sys
20:48:54.0732 5096 TosRfSnd - ok
20:48:54.0782 5096 [ DA7AA562448E29CA895895920BFF8946 ] Tosrfusb C:\Windows\system32\DRIVERS\tosrfusb.sys
20:48:54.0802 5096 Tosrfusb - ok
20:48:54.0852 5096 [ 09FF7B0B1B5C3D225495CB6F5A9B39F8 ] tos_sps64 C:\Windows\system32\DRIVERS\tos_sps64.sys
20:48:54.0902 5096 tos_sps64 - ok
20:48:54.0972 5096 [ DE64C52BD0671165CF2EEBF2A728A3E2 ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
20:48:55.0002 5096 TPCHSrv - ok
20:48:55.0042 5096 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
20:48:55.0102 5096 TrkWks - ok
20:48:55.0172 5096 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:48:55.0252 5096 TrustedInstaller - ok
20:48:55.0292 5096 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:48:55.0342 5096 tssecsrv - ok
20:48:55.0402 5096 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:48:55.0462 5096 TsUsbFlt - ok
20:48:55.0502 5096 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:48:55.0562 5096 tunnel - ok
20:48:55.0612 5096 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS
20:48:55.0622 5096 TVALZ - ok
20:48:55.0652 5096 [ 9C7191F4B2E49BFF47A6C1144B5923FA ] TVALZFL C:\Windows\system32\DRIVERS\TVALZFL.sys
20:48:55.0662 5096 TVALZFL - ok
20:48:55.0692 5096 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:48:55.0712 5096 uagp35 - ok
20:48:55.0752 5096 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:48:55.0812 5096 udfs - ok
20:48:55.0852 5096 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:48:55.0892 5096 UI0Detect - ok
20:48:55.0922 5096 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:48:55.0942 5096 uliagpkx - ok
20:48:56.0002 5096 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
20:48:56.0042 5096 umbus - ok
20:48:56.0072 5096 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:48:56.0082 5096 UmPass - ok
20:48:56.0132 5096 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
20:48:56.0192 5096 upnphost - ok
20:48:56.0252 5096 [ FBD861E69E1F583BEC906FCD04E4F84E ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
20:48:56.0322 5096 upperdev - ok
20:48:56.0362 5096 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
20:48:56.0402 5096 USBAAPL64 - ok
20:48:56.0443 5096 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:48:56.0473 5096 usbccgp - ok
20:48:56.0483 5096 USBCCID - ok
20:48:56.0523 5096 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:48:56.0563 5096 usbcir - ok
20:48:56.0603 5096 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:48:56.0643 5096 usbehci - ok
20:48:56.0673 5096 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:48:56.0713 5096 usbhub - ok
20:48:56.0743 5096 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:48:56.0793 5096 usbohci - ok
20:48:56.0823 5096 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:48:56.0883 5096 usbprint - ok
20:48:56.0913 5096 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
20:48:56.0943 5096 usbscan - ok
20:48:56.0993 5096 [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser C:\Windows\system32\drivers\usbser.sys
20:48:57.0063 5096 usbser - ok
20:48:57.0093 5096 [ 0FBB0080B287BBCBF5C7076E3D74A35C ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
20:48:57.0133 5096 UsbserFilt - ok
20:48:57.0163 5096 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:48:57.0213 5096 USBSTOR - ok
20:48:57.0243 5096 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
20:48:57.0283 5096 usbuhci - ok
20:48:57.0343 5096 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
20:48:57.0383 5096 usbvideo - ok
20:48:57.0403 5096 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
20:48:57.0453 5096 UxSms - ok
20:48:57.0473 5096 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
20:48:57.0483 5096 VaultSvc - ok
20:48:57.0543 5096 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:48:57.0573 5096 vdrvroot - ok
20:48:57.0623 5096 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
20:48:57.0703 5096 vds - ok
20:48:57.0733 5096 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:48:57.0753 5096 vga - ok
20:48:57.0763 5096 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
20:48:57.0813 5096 VgaSave - ok
20:48:57.0853 5096 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:48:57.0873 5096 vhdmp - ok
20:48:57.0883 5096 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
20:48:57.0903 5096 viaide - ok
20:48:57.0913 5096 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:48:57.0933 5096 volmgr - ok
20:48:57.0963 5096 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:48:57.0983 5096 volmgrx - ok
20:48:58.0003 5096 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:48:58.0023 5096 volsnap - ok
20:48:58.0103 5096 [ 5EA22CB6B100212837A97F281EDB3C47 ] vpnagent C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
20:48:58.0133 5096 vpnagent - ok
20:48:58.0183 5096 [ 0E4DF91E83DA5739FFB18535D4DB10AA ] vpnva C:\Windows\system32\DRIVERS\vpnva64.sys
20:48:58.0203 5096 vpnva - ok
20:48:58.0253 5096 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:48:58.0273 5096 vsmraid - ok
20:48:58.0413 5096 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
20:48:58.0483 5096 VSS - ok
20:48:58.0523 5096 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
20:48:58.0543 5096 vwifibus - ok
20:48:58.0573 5096 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
20:48:58.0623 5096 vwififlt - ok
20:48:58.0663 5096 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
20:48:58.0713 5096 vwifimp - ok
20:48:58.0773 5096 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
20:48:58.0833 5096 W32Time - ok
20:48:58.0863 5096 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:48:58.0883 5096 WacomPen - ok
20:48:58.0983 5096 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:48:59.0053 5096 WANARP - ok
20:48:59.0063 5096 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:48:59.0093 5096 Wanarpv6 - ok
20:48:59.0203 5096 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
20:48:59.0253 5096 WatAdminSvc - ok
20:48:59.0333 5096 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
20:48:59.0373 5096 wbengine - ok
20:48:59.0413 5096 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:48:59.0433 5096 WbioSrvc - ok
20:48:59.0483 5096 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:48:59.0503 5096 wcncsvc - ok
20:48:59.0513 5096 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:48:59.0543 5096 WcsPlugInService - ok
20:48:59.0563 5096 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:48:59.0573 5096 Wd - ok
20:48:59.0633 5096 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:48:59.0673 5096 Wdf01000 - ok
20:48:59.0683 5096 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:48:59.0793 5096 WdiServiceHost - ok
20:48:59.0803 5096 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:48:59.0823 5096 WdiSystemHost - ok
20:48:59.0863 5096 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
20:48:59.0903 5096 WebClient - ok
20:48:59.0933 5096 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:48:59.0993 5096 Wecsvc - ok
20:49:00.0023 5096 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:49:00.0063 5096 wercplsupport - ok
20:49:00.0103 5096 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
20:49:00.0153 5096 WerSvc - ok
20:49:00.0193 5096 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:49:00.0233 5096 WfpLwf - ok
20:49:00.0253 5096 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:49:00.0263 5096 WIMMount - ok
20:49:00.0273 5096 WinDefend - ok
20:49:00.0283 5096 WinHttpAutoProxySvc - ok
20:49:00.0343 5096 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:49:00.0413 5096 Winmgmt - ok
20:49:00.0513 5096 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
20:49:00.0603 5096 WinRM - ok
20:49:00.0663 5096 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
20:49:00.0723 5096 WinUsb - ok
20:49:00.0763 5096 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
20:49:00.0823 5096 Wlansvc - ok
20:49:00.0873 5096 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:49:00.0903 5096 wlcrasvc - ok
20:49:01.0033 5096 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:49:01.0083 5096 wlidsvc - ok
20:49:01.0123 5096 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:49:01.0173 5096 WmiAcpi - ok
20:49:01.0203 5096 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:49:01.0233 5096 wmiApSrv - ok
20:49:01.0283 5096 WMPNetworkSvc - ok
20:49:01.0303 5096 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:49:01.0323 5096 WPCSvc - ok
20:49:01.0363 5096 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:49:01.0403 5096 WPDBusEnum - ok
20:49:01.0423 5096 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:49:01.0484 5096 ws2ifsl - ok
20:49:01.0524 5096 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
20:49:01.0564 5096 wscsvc - ok
20:49:01.0574 5096 WSearch - ok
20:49:01.0674 5096 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
20:49:01.0764 5096 wuauserv - ok
20:49:01.0794 5096 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:49:01.0824 5096 WudfPf - ok
20:49:01.0864 5096 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:49:01.0894 5096 WUDFRd - ok
20:49:01.0934 5096 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:49:01.0964 5096 wudfsvc - ok
20:49:01.0994 5096 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
20:49:02.0054 5096 WwanSvc - ok
20:49:02.0124 5096 ================ Scan global ===============================
20:49:02.0154 5096 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:49:02.0194 5096 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
20:49:02.0204 5096 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
20:49:02.0234 5096 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:49:02.0264 5096 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:49:02.0274 5096 [Global] - ok
20:49:02.0274 5096 ================ Scan MBR ==================================
20:49:02.0284 5096 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:49:03.0274 5096 \Device\Harddisk0\DR0 - ok
20:49:03.0284 5096 ================ Scan VBR ==================================
20:49:03.0314 5096 [ 96168BF4158CF948CAED85769E36259A ] \Device\Harddisk0\DR0\Partition1
20:49:03.0314 5096 \Device\Harddisk0\DR0\Partition1 - ok
20:49:03.0344 5096 [ FAD7D6E3CA08692AFFAF65FAB5AE13EF ] \Device\Harddisk0\DR0\Partition2
20:49:03.0344 5096 \Device\Harddisk0\DR0\Partition2 - ok
20:49:03.0354 5096 ============================================================
20:49:03.0354 5096 Scan finished
20:49:03.0354 5096 ============================================================
20:49:03.0374 3600 Detected object count: 2
20:49:03.0374 3600 Actual detected object count: 2
20:49:14.0745 3600 sptd ( LockedFile.Multi.Generic ) - skipped by user
20:49:14.0745 3600 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
20:49:14.0755 3600 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - skipped by user
20:49:14.0755 3600 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
30.12.2012, 20:54
| #8 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Polizei Department Control Trojaner Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.12.2012, 21:10
| #9 |
| | Polizei Department Control Trojaner so auch das wär erledigt ComboFix Log: Code:
ATTFilter ComboFix 12-12-30.01 - Admir 30.12.2012 20:58:53.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.43.1031.18.4061.2469 [GMT 1:00]
ausgeführt von:: c:\users\Admir\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\A1
c:\program files (x86)\A1\A1 Bandbreiten-Optimierer\A1_Bandbreiten_Optimierer.exe
c:\program files (x86)\A1\A1 Breitband\A1Breitband.chm
c:\program files (x86)\A1\A1 Breitband\A1Breitband.exe
c:\program files (x86)\A1\A1 Breitband\Browser\FF_Setup.exe
c:\program files (x86)\A1\A1 Breitband\inifiles.dat
c:\program files (x86)\A1\A1 Breitband\ipworks6.dll
c:\program files (x86)\A1\A1 Diagnose\A1CMDTool.exe
c:\program files (x86)\A1\A1 Diagnose\A1Diagnose.exe
c:\program files (x86)\A1\A1 Diagnose\A1Mailboxen.exe
c:\program files (x86)\A1\A1 Diagnose\A1Modemkonfigurator.exe
c:\program files (x86)\A1\A1 Diagnose\A1WLANAssistent.exe
c:\program files (x86)\A1\A1 Diagnose\inifiles.dat
c:\program files (x86)\A1\A1 Diagnose\ipworks6.dll
c:\program files (x86)\A1\A1 Diagnose\KCO.exe
c:\program files (x86)\A1\A1 Modemwechsel\A1Modemwechsel.chm
c:\program files (x86)\A1\A1 Modemwechsel\A1Modemwechsel.exe
c:\program files (x86)\A1\A1 Modemwechsel\inifiles.dat
c:\program files (x86)\A1\A1 Modemwechsel\ipworks6.dll
c:\program files (x86)\A1\A1 Servicecenter\A1Servicecenter.chm
c:\program files (x86)\A1\A1 Servicecenter\A1Servicecenter.exe
c:\program files (x86)\A1\A1 Servicecenter\Content\broadband.html
c:\program files (x86)\A1\A1 Servicecenter\Content\cd_index.html
c:\program files (x86)\A1\A1 Servicecenter\Content\fonts\a1ta_medium_web01-webfont.ttf
c:\program files (x86)\A1\A1 Servicecenter\Content\fonts\a1ta_regular_web01-webfont.ttf
c:\program files (x86)\A1\A1 Servicecenter\Content\img\01a_a1_breitband_200x300.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\01a_weitere_services.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\01a_wlan_einrichten.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\02a_a1_breitband_installieren_200x366.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\02a_modemkonfigurationssoftware.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\02a_modemwechselsoftware.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\02b_breitband_unterwegs.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\02b_breitband_zuhause.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\02b_hinzufuegen.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\02b_installation.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\02b_wiederherstellen.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\03_zusaetzliche_wlan_geraete.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\03_zusaetzliche_wlan_sicherheitseinstellungen.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\1x1_white_15.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\AdobeX_48x48.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\arrow_down_black.gif
c:\program files (x86)\A1\A1 Servicecenter\Content\img\arrow_down_green.gif
c:\program files (x86)\A1\A1 Servicecenter\Content\img\arrow_up_green.gif
c:\program files (x86)\A1\A1 Servicecenter\Content\img\back.gif
c:\program files (x86)\A1\A1 Servicecenter\Content\img\bg_box_big.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\bg_box_small.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\bg_faq.gif
c:\program files (x86)\A1\A1 Servicecenter\Content\img\bg_faq_open.gif
c:\program files (x86)\A1\A1 Servicecenter\Content\img\bg_overlay.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\bg_sliderButtonLeft.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\bg_sliderButtonRight.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\btn_close.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\cd_intro.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\FF_48x48.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\footer_trenner.gif
c:\program files (x86)\A1\A1 Servicecenter\Content\img\icon_info.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\IE_48x48.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\info_bl.gif
c:\program files (x86)\A1\A1 Servicecenter\Content\img\info_br.gif
c:\program files (x86)\A1\A1 Servicecenter\Content\img\info_tl.gif
c:\program files (x86)\A1\A1 Servicecenter\Content\img\info_tr.gif
c:\program files (x86)\A1\A1 Servicecenter\Content\img\intro.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\link_active_center.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\link_active_left.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\link_active_right.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\link_arrow.gif
c:\program files (x86)\A1\A1 Servicecenter\Content\img\link_arrow_back.gif
c:\program files (x86)\A1\A1 Servicecenter\Content\img\link_arrow_back_black.gif
c:\program files (x86)\A1\A1 Servicecenter\Content\img\link_arrow_black.gif
c:\program files (x86)\A1\A1 Servicecenter\Content\img\loader.gif
c:\program files (x86)\A1\A1 Servicecenter\Content\img\logo.jpg
c:\program files (x86)\A1\A1 Servicecenter\Content\img\logo_chrome_150.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\logo_chrome_48.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\logo_glas_48.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\logo_kabel_48.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\mm_icon_48x48.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\productslider_next.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\productslider_prev.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\start_diagnose.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\start_diagnose_green.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\start_internet.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\start_internet_green.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\start_mail.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\start_mail_green.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\start_manuals.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\start_manuals_green.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\start_wlan.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\start_wlan_green.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\start_zusatzsoftware.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\start_zusatzsoftware_green.png
c:\program files (x86)\A1\A1 Servicecenter\Content\includes\main.css
c:\program files (x86)\A1\A1 Servicecenter\Content\includes\main.js
c:\program files (x86)\A1\A1 Servicecenter\Content\index.html
c:\program files (x86)\A1\A1 Servicecenter\Content\manuals.html
c:\program files (x86)\A1\A1 Servicecenter\Content\software.html
c:\program files (x86)\A1\A1 Servicecenter\Content\wlan.html
c:\program files (x86)\A1\A1 Servicecenter\icudt42.dll
c:\program files (x86)\A1\A1 Servicecenter\libcef.dll
c:\program files (x86)\A1\A1 Servicecenter\reqdata.cfg
c:\program files (x86)\A1\A1 Servicecenter\Start.exe
c:\program files (x86)\A1\A1 Servicecenter\Start.ini
c:\program files (x86)\A1\A1 Update\M2Updater.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-11-28 bis 2012-12-30 ))))))))))))))))))))))))))))))
.
.
2012-12-30 20:07 . 2012-12-30 20:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-30 17:00 . 2012-12-30 17:00 -------- d-----w- c:\windows\83B952C7F8F34CA3B4C533C85B24E478.TMP
2012-12-30 15:14 . 2012-12-30 15:14 -------- d-----w- C:\_OTL
2012-12-30 12:53 . 2012-12-30 12:53 -------- d-----w- c:\program files\Enigma Software Group
2012-12-30 12:38 . 2012-12-30 12:38 2890 ----a-w- c:\programdata\dsgsdgdsgdsgw.js
2012-12-27 17:05 . 2012-12-27 17:05 -------- d-----w- c:\program files (x86)\Deluxe Ski Jump 4
2012-12-27 17:05 . 2012-12-27 17:05 -------- d-----w- c:\users\Admir\AppData\Local\Programs
2012-12-24 14:47 . 2012-12-24 14:47 -------- d-----w- c:\program files (x86)\Deluxe Ski Jump 3
2012-12-22 01:12 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-22 01:12 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-22 01:12 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-22 01:12 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-20 10:41 . 2012-12-20 10:41 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-20 10:41 . 2012-12-20 10:41 -------- d-----w- c:\program files\iTunes
2012-12-20 10:41 . 2012-12-20 10:41 -------- d-----w- c:\program files (x86)\iTunes
2012-12-20 10:41 . 2012-12-20 10:41 -------- d-----w- c:\program files\iPod
2012-12-13 21:26 . 2012-12-13 21:26 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-12-13 21:26 . 2012-12-13 21:26 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-12-13 21:26 . 2012-12-13 21:26 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-12-13 21:26 . 2012-12-13 21:26 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-12 20:11 . 2012-11-14 07:06 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-12-12 20:11 . 2012-11-14 06:32 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-12-12 20:06 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-12 20:06 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-14 15:49 . 2010-11-14 10:17 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-12 20:16 . 2009-12-20 10:46 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-11 14:54 . 2012-11-03 21:49 129216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-12-11 14:54 . 2012-11-03 21:49 99912 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-11-26 19:06 . 2012-11-26 19:06 31344 ----a-w- c:\windows\system32\drivers\cnnctfy2.sys
2012-11-20 10:25 . 2012-04-21 09:25 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-20 10:25 . 2011-10-12 20:35 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-16 08:38 . 2012-11-28 15:38 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 15:38 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 15:38 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-12 07:19 . 2012-11-02 09:55 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B6C620D4-2327-4001-BBA1-CAE8A259B2D0}\mpengine.dll
2012-10-09 18:17 . 2012-11-15 08:53 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-15 08:53 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-15 08:53 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-15 08:53 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-10-04 16:40 . 2012-12-12 20:05 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-03 17:56 . 2012-11-15 08:53 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-15 08:53 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-15 08:53 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-15 08:53 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-15 08:53 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-15 08:53 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-15 08:53 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-15 08:53 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-15 08:53 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-15 08:53 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-15 08:53 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-08-12 6203296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-08-12 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-01-13 34088]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-29 98304]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-21 83336]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-08-11 2446648]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-12-11 384800]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Z1"="c:\users\Admir\Desktop\mbar\mbar.exe" [2012-12-04 1342312]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-08-12 6203296]
.
c:\users\Admir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Admir\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-29 28539392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-8-6 2680160]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"shell"=hex(0):45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,2e,00,65,00,78,\
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-07-24 114560]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 netr7364;RT73 USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr7364.sys [2009-06-10 707072]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2011-08-17 171008]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-30 222208]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-08 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-26 503352]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-07-24 482384]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-29 203264]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-11 85280]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-10 248688]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-14 42368]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-06 2002728]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2009-08-06 116104]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-27 251760]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 14472]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-12-17 497856]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-08-26 942080]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-03 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-04 826224]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 35127024
*NewlyCreated* - ASWMBR
*Deregistered* - 35127024
*Deregistered* - aswMBR
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-03 709976]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2009-08-06 1050000]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2009-07-30 134032]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Admir\AppData\Roaming\Mozilla\Firefox\Profiles\w89gi4f3.default\
FF - ExtSQL: 2012-12-04 22:01; {AB2CE124-6272-4b12-94A9-7303C7397BD1}; c:\program files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - ExtSQL: 2012-12-04 22:01; {B0BBFC8E-6697-4D2B-8FC4-B5AD9B3B1F11}; c:\program files (x86)\Mozilla Firefox\extensions\{B0BBFC8E-6697-4D2B-8FC4-B5AD9B3B1F11}
FF - ExtSQL: 2012-12-07 12:53; testpilot@labs.mozilla.com; c:\users\Admir\AppData\Roaming\Mozilla\Firefox\Profiles\w89gi4f3.default\extensions\testpilot@labs.mozilla.com.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
AddRemove-DAEMON Tools Toolbar - c:\program files (x86)\DAEMON Tools Toolbar\uninst.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{32099AAC-C132-4136-9E9A-4E364A424E17}"=hex:51,66,7a,6c,4c,1d,38,12,c2,99,1a,
36,00,8f,58,04,e1,8c,0d,76,4f,1c,0a,03
"{5018CFD2-804D-4C99-9F81-25EAEA2769DE}"=hex:51,66,7a,6c,4c,1d,38,12,bc,cc,0b,
54,7f,ce,f7,09,e0,97,66,aa,ef,79,2d,ca
"{945C8270-A848-11D5-A805-00B0D092F45B}"=hex:51,66,7a,6c,4c,1d,38,12,1e,81,4f,
90,7a,e6,bb,54,d7,13,43,f0,d5,cc,b0,4f
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{82D2E569-25A7-4E4D-9FA3-C5025B4B7912}"=hex:51,66,7a,6c,4c,1d,38,12,07,e6,c1,
86,95,6b,23,0b,e0,b5,86,42,5e,15,3d,06
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E87806B5-E908-45FD-AF5E-957D83E58E68}"=hex:51,66,7a,6c,4c,1d,38,12,db,05,6b,
ec,3a,a7,93,00,d0,48,d6,3d,86,bb,ca,7c
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:dd,8d,e2,ff,0c,ba,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d3,cb,bb,54,0e,35,4f,4b,b6,fb,8d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d3,cb,bb,54,0e,35,4f,4b,b6,fb,8d,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-12-30 21:09:38
ComboFix-quarantined-files.txt 2012-12-30 20:09
.
Vor Suchlauf: 14 Verzeichnis(se), 82.608.242.688 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 82.611.347.456 Bytes frei
.
- - End Of File - - 1E4090D423655B9A1C0D5346B33018E6
|
|
30.12.2012, 23:11
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Polizei Department Control Trojaner Hm, scheint so als würde Combofix das Programm A1 immer noch nicht mögen...  Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Dequarantine::
C:\Qoobox\Quarantine\c\program files (x86)\A1
Quit::
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.12.2012, 23:25
| #11 |
| | Polizei Department Control Trojaner hab das auch gemacht und den computer neugestartet, weil das Internet nicht mehr gegangen ist. hier die Log-Datei: Code:
ATTFilter C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Bandbreiten-Optimierer\A1_Bandbreiten_Optimierer.exe -> C:\program files (x86)\A1\A1 Bandbreiten-Optimierer\A1_Bandbreiten_Optimierer.exe
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Breitband\A1Breitband.chm -> C:\program files (x86)\A1\A1 Breitband\A1Breitband.chm
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Breitband\A1Breitband.exe -> C:\program files (x86)\A1\A1 Breitband\A1Breitband.exe
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Breitband\inifiles.dat -> C:\program files (x86)\A1\A1 Breitband\inifiles.dat
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Breitband\ipworks6.dll -> C:\program files (x86)\A1\A1 Breitband\ipworks6.dll
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Breitband\Browser\FF_Setup.exe -> C:\program files (x86)\A1\A1 Breitband\Browser\FF_Setup.exe
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Diagnose\A1CMDTool.exe -> C:\program files (x86)\A1\A1 Diagnose\A1CMDTool.exe
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Diagnose\A1Diagnose.exe -> C:\program files (x86)\A1\A1 Diagnose\A1Diagnose.exe
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Diagnose\A1Mailboxen.exe -> C:\program files (x86)\A1\A1 Diagnose\A1Mailboxen.exe
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Diagnose\A1Modemkonfigurator.exe -> C:\program files (x86)\A1\A1 Diagnose\A1Modemkonfigurator.exe
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Diagnose\A1WLANAssistent.exe -> C:\program files (x86)\A1\A1 Diagnose\A1WLANAssistent.exe
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Diagnose\inifiles.dat -> C:\program files (x86)\A1\A1 Diagnose\inifiles.dat
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Diagnose\ipworks6.dll -> C:\program files (x86)\A1\A1 Diagnose\ipworks6.dll
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Diagnose\KCO.exe -> C:\program files (x86)\A1\A1 Diagnose\KCO.exe
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Modemwechsel\A1Modemwechsel.chm -> C:\program files (x86)\A1\A1 Modemwechsel\A1Modemwechsel.chm
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Modemwechsel\A1Modemwechsel.exe -> C:\program files (x86)\A1\A1 Modemwechsel\A1Modemwechsel.exe
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Modemwechsel\inifiles.dat -> C:\program files (x86)\A1\A1 Modemwechsel\inifiles.dat
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Modemwechsel\ipworks6.dll -> C:\program files (x86)\A1\A1 Modemwechsel\ipworks6.dll
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\A1Servicecenter.chm -> C:\program files (x86)\A1\A1 Servicecenter\A1Servicecenter.chm
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\A1Servicecenter.exe -> C:\program files (x86)\A1\A1 Servicecenter\A1Servicecenter.exe
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\icudt42.dll -> C:\program files (x86)\A1\A1 Servicecenter\icudt42.dll
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\libcef.dll -> C:\program files (x86)\A1\A1 Servicecenter\libcef.dll
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\reqdata.cfg -> C:\program files (x86)\A1\A1 Servicecenter\reqdata.cfg
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Start.exe -> C:\program files (x86)\A1\A1 Servicecenter\Start.exe
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Start.ini -> C:\program files (x86)\A1\A1 Servicecenter\Start.ini
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\broadband.html -> C:\program files (x86)\A1\A1 Servicecenter\Content\broadband.html
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\cd_index.html -> C:\program files (x86)\A1\A1 Servicecenter\Content\cd_index.html
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\index.html -> C:\program files (x86)\A1\A1 Servicecenter\Content\index.html
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\manuals.html -> C:\program files (x86)\A1\A1 Servicecenter\Content\manuals.html
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\software.html -> C:\program files (x86)\A1\A1 Servicecenter\Content\software.html
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\wlan.html -> C:\program files (x86)\A1\A1 Servicecenter\Content\wlan.html
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\fonts\a1ta_medium_web01-webfont.ttf -> C:\program files (x86)\A1\A1 Servicecenter\Content\fonts\a1ta_medium_web01-webfont.ttf
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\fonts\a1ta_regular_web01-webfont.ttf -> C:\program files (x86)\A1\A1 Servicecenter\Content\fonts\a1ta_regular_web01-webfont.ttf
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\01a_a1_breitband_200x300.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\01a_a1_breitband_200x300.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\01a_weitere_services.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\01a_weitere_services.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\01a_wlan_einrichten.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\01a_wlan_einrichten.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\02a_a1_breitband_installieren_200x366.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\02a_a1_breitband_installieren_200x366.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\02a_modemkonfigurationssoftware.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\02a_modemkonfigurationssoftware.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\02a_modemwechselsoftware.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\02a_modemwechselsoftware.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\02b_breitband_unterwegs.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\02b_breitband_unterwegs.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\02b_breitband_zuhause.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\02b_breitband_zuhause.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\02b_hinzufuegen.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\02b_hinzufuegen.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\02b_installation.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\02b_installation.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\02b_wiederherstellen.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\02b_wiederherstellen.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\03_zusaetzliche_wlan_geraete.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\03_zusaetzliche_wlan_geraete.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\03_zusaetzliche_wlan_sicherheitseinstellungen.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\03_zusaetzliche_wlan_sicherheitseinstellungen.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\1x1_white_15.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\1x1_white_15.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\AdobeX_48x48.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\AdobeX_48x48.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\arrow_down_black.gif -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\arrow_down_black.gif
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\arrow_down_green.gif -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\arrow_down_green.gif
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\arrow_up_green.gif -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\arrow_up_green.gif
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\back.gif -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\back.gif
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\bg_box_big.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\bg_box_big.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\bg_box_small.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\bg_box_small.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\bg_faq.gif -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\bg_faq.gif
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\bg_faq_open.gif -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\bg_faq_open.gif
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\bg_overlay.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\bg_overlay.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\bg_sliderButtonLeft.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\bg_sliderButtonLeft.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\bg_sliderButtonRight.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\bg_sliderButtonRight.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\btn_close.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\btn_close.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\cd_intro.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\cd_intro.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\FF_48x48.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\FF_48x48.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\footer_trenner.gif -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\footer_trenner.gif
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\icon_info.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\icon_info.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\IE_48x48.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\IE_48x48.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\info_bl.gif -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\info_bl.gif
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\info_br.gif -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\info_br.gif
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\info_tl.gif -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\info_tl.gif
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\info_tr.gif -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\info_tr.gif
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\intro.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\intro.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\link_active_center.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\link_active_center.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\link_active_left.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\link_active_left.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\link_active_right.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\link_active_right.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\link_arrow.gif -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\link_arrow.gif
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\link_arrow_back.gif -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\link_arrow_back.gif
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\link_arrow_back_black.gif -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\link_arrow_back_black.gif
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\link_arrow_black.gif -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\link_arrow_black.gif
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\loader.gif -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\loader.gif
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\logo.jpg -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\logo.jpg
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\logo_chrome_150.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\logo_chrome_150.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\logo_chrome_48.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\logo_chrome_48.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\logo_glas_48.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\logo_glas_48.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\logo_kabel_48.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\logo_kabel_48.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\mm_icon_48x48.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\mm_icon_48x48.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\productslider_next.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\productslider_next.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\productslider_prev.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\productslider_prev.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\start_diagnose.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\start_diagnose.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\start_diagnose_green.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\start_diagnose_green.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\start_internet.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\start_internet.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\start_internet_green.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\start_internet_green.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\start_mail.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\start_mail.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\start_mail_green.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\start_mail_green.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\start_manuals.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\start_manuals.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\start_manuals_green.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\start_manuals_green.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\start_wlan.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\start_wlan.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\start_wlan_green.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\start_wlan_green.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\start_zusatzsoftware.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\start_zusatzsoftware.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\start_zusatzsoftware_green.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\start_zusatzsoftware_green.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\includes\main.css -> C:\program files (x86)\A1\A1 Servicecenter\Content\includes\main.css
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\includes\main.js -> C:\program files (x86)\A1\A1 Servicecenter\Content\includes\main.js
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Update\M2Updater.exe -> C:\program files (x86)\A1\A1 Update\M2Updater.exe
101 Datei(en) kopiert
|
|
30.12.2012, 23:30
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Polizei Department Control Trojaner adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.12.2012, 23:40
| #13 |
| | Polizei Department Control Trojaner Suche bei adwCleaner: Code:
ATTFilter # AdwCleaner v2.104 - Datei am 30/12/2012 um 23:38:39 erstellt
# Aktualisiert am 29/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Admir - ADMIR-TOSHIBA
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Admir\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v18.0 (de)
Datei : C:\Users\Admir\AppData\Roaming\Mozilla\Firefox\Profiles\4uyw43bj.default\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Users\Admir\AppData\Roaming\Mozilla\Firefox\Profiles\w89gi4f3.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v23.0.1271.97
Datei : C:\Users\Admir\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [15120 octets] - [30/12/2012 17:49:18]
AdwCleaner[R2].txt - [1059 octets] - [30/12/2012 23:38:39]
AdwCleaner[S1].txt - [14835 octets] - [30/12/2012 17:50:26]
########## EOF - C:\AdwCleaner[R2].txt - [1180 octets] ##########
|
|
30.12.2012, 23:54
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Polizei Department Control Trojaner Eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.12.2012, 00:10
| #15 |
| | Polizei Department Control Trojaner OTL.txt: Code:
ATTFilter OTL logfile created on: 30.12.2012 23:56:22 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Admir\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,97 Gb Total Physical Memory | 2,50 Gb Available Physical Memory | 62,95% Memory free 7,93 Gb Paging File | 6,06 Gb Available in Paging File | 76,40% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 186,31 Gb Total Space | 80,87 Gb Free Space | 43,41% Space Free | Partition Type: NTFS Drive D: | 185,91 Gb Total Space | 58,62 Gb Free Space | 31,53% Space Free | Partition Type: NTFS Computer Name: ADMIR-TOSHIBA | User Name: Admir | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Admir\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\Admir\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (StarWind Software) PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) PRC - C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA) PRC - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosHdpProc.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (GameConsoleService) -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (StarWind Software) SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (TOSHIBA eco Utility Service) -- C:\Programme\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation) SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation) SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION) SRV - (TemproMonitoringService) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH) SRV - (TosCoSrv) -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV - (TPCHSrv) -- C:\Programme\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation) SRV - (TOSHIBA HDD SSD Alert Service) -- C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) SRV - (ConfigFree Gadget Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (nmwcdnsux64) -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys (Nokia) DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia) DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia) DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia) DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.) DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.) DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.) DRV:64bit: - (mfesmfk) -- C:\Windows\SysNative\drivers\mfesmfk.sys (McAfee, Inc.) DRV:64bit: - (mferkdk) -- C:\Windows\SysNative\drivers\mferkdk.sys (McAfee, Inc.) DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (rtl8192se) -- C:\Windows\SysNative\drivers\rtl8192se.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (Tosrfusb) -- C:\Windows\SysNative\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV:64bit: - (TosRfSnd) -- C:\Windows\SysNative\drivers\TosRfSnd.sys (TOSHIBA Corporation) DRV:64bit: - (LPCFilter) -- C:\Windows\SysNative\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.) DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (Tosrfcom) -- C:\Windows\SysNative\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\drivers\tos_sps64.sys (TOSHIBA Corporation) DRV:64bit: - (hwusbdev) -- C:\Windows\SysNative\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (tosrfnds) -- C:\Windows\SysNative\drivers\tosrfnds.sys (TOSHIBA Corporation.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (tosrfec) -- C:\Windows\SysNative\drivers\tosrfec.sys (TOSHIBA Corporation) DRV:64bit: - (tosrfbd) -- C:\Windows\SysNative\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation) DRV:64bit: - (Tosrfhid) -- C:\Windows\SysNative\drivers\Tosrfhid.sys (TOSHIBA Corporation.) DRV:64bit: - (tosrfbnp) -- C:\Windows\SysNative\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV:64bit: - (tosporte) -- C:\Windows\SysNative\drivers\tosporte.sys (TOSHIBA Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (netr7364) -- C:\Windows\SysNative\drivers\netr7364.sys (Ralink Technology, Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = : IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = : IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2063069217-60928023-77756203-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKU\S-1-5-21-2063069217-60928023-77756203-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT IE - HKU\S-1-5-21-2063069217-60928023-77756203-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C6 D7 23 54 64 A1 CD 01 [binary data] IE - HKU\S-1-5-21-2063069217-60928023-77756203-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2063069217-60928023-77756203-1001\..\SearchScopes\{1C143B6F-D94F-4DB1-BECE-72EE4C785825}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2 IE - HKU\S-1-5-21-2063069217-60928023-77756203-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSEH_deAT358AT358 IE - HKU\S-1-5-21-2063069217-60928023-77756203-1001\..\SearchScopes\{E9969677-A2EF-438A-8B3C-249F8E9676B8}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms} IE - HKU\S-1-5-21-2063069217-60928023-77756203-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2 FF - prefs.js..extensions.enabledAddons: %7BB0BBFC8E-6697-4D2B-8FC4-B5AD9B3B1F11%7D:0.6 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0 FF - prefs.js..network.proxy.backup.ftp: ":" FF - prefs.js..network.proxy.backup.ftp_port: 0 FF - prefs.js..network.proxy.backup.socks: ":" FF - prefs.js..network.proxy.backup.socks_port: 0 FF - prefs.js..network.proxy.backup.ssl: ":" FF - prefs.js..network.proxy.backup.ssl_port: 0 FF - prefs.js..network.proxy.gopher: "" FF - prefs.js..network.proxy.gopher_port: 0 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "hxxp://www2.wu.ac.at/bib/cgi-bin/proxy.pac" FF - prefs.js..network.proxy.ssl: "hxxp://www2.wu.ac.at/bib/cgi-bin/proxy.pac" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.9: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Admir\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.30 13:19:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.30 13:19:20 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.30 13:19:23 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.30 13:19:20 | 000,000,000 | ---D | M] [2012.12.07 12:53:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admir\AppData\Roaming\mozilla\Extensions [2012.12.07 12:43:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admir\AppData\Roaming\mozilla\Firefox\Profiles\4uyw43bj.default\extensions [2012.12.07 12:53:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admir\AppData\Roaming\mozilla\Firefox\Profiles\w89gi4f3.default\extensions [2012.09.12 19:34:28 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\Admir\AppData\Roaming\mozilla\firefox\profiles\4uyw43bj.default\extensions\testpilot@labs.mozilla.com.xpi [2012.12.07 12:53:07 | 000,615,655 | ---- | M] () (No name found) -- C:\Users\Admir\AppData\Roaming\mozilla\firefox\profiles\w89gi4f3.default\extensions\testpilot@labs.mozilla.com.xpi [2012.12.30 13:19:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.12.30 13:19:19 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2012.12.30 13:19:19 | 000,000,000 | ---D | M] (A1 Servicecenter) -- C:\Program Files (x86)\mozilla firefox\extensions\{B0BBFC8E-6697-4D2B-8FC4-B5AD9B3B1F11} [2012.12.30 13:19:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions [2012.12.30 13:19:23 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.11.13 20:36:03 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.13 20:36:03 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.11.13 20:36:03 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.11.13 20:36:03 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.11.13 20:36:03 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.11.13 20:36:03 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Admir\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.140.8 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll CHR - plugin: Java(TM) Platform SE 6 U14 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Admir\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - Extension: YouTube = C:\Users\Admir\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\Admir\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Google Mail = C:\Users\Admir\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2012.12.30 21:07:16 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (EndNote Web) - {82D2E569-25A7-4E4D-9FA3-C5025B4B7912} - C:\Program Files (x86)\EndNote Web\ENWIEPlug.dll (Thomson Reuters) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (EndNote Web) - {945C8270-A848-11D5-A805-00B0D092F45B} - C:\Program Files (x86)\EndNote Web\ENWIEPlug.dll (Thomson Reuters) O3 - HKU\S-1-5-21-2063069217-60928023-77756203-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [TosNC] C:\Programme\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Programme\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Programme\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.) O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA) O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) O4 - HKU\.DEFAULT..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA) O4 - HKU\S-1-5-18..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA) O4 - HKU\S-1-5-21-2063069217-60928023-77756203-1001..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA) O4 - Startup: C:\Users\Admir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Admir\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2063069217-60928023-77756203-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2063069217-60928023-77756203-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-2063069217-60928023-77756203-1001\..Trusted Domains: blank ([]about in Local intranet) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{490465FE-1230-4D68-93BA-0B2E32E641AE}: DhcpNameServer = 10.0.0.138 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-2063069217-60928023-77756203-1001 Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.30 23:22:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.12.30 23:16:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\A1 [2012.12.30 23:15:01 | 000,000,000 | --SD | C] -- C:\ComboFix [2012.12.30 21:09:40 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.12.30 20:57:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.12.30 20:57:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.12.30 20:57:40 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.12.30 20:57:22 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.12.30 20:55:55 | 005,015,826 | R--- | C] (Swearware) -- C:\Users\Admir\Desktop\ComboFix.exe [2012.12.30 20:23:19 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Admir\Desktop\tdsskiller.exe [2012.12.30 20:16:19 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Admir\Desktop\aswMBR.exe [2012.12.30 19:11:56 | 000,000,000 | ---D | C] -- C:\Users\Admir\Desktop\mbar [2012.12.30 16:14:39 | 000,000,000 | ---D | C] -- C:\_OTL [2012.12.30 15:05:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Admir\Desktop\OTL.exe [2012.12.30 13:53:01 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter [2012.12.30 13:53:00 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2012.12.30 13:19:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.12.30 12:07:16 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{7BDBB1C7-E847-446A-B165-4DAFEF139D4E} [2012.12.29 10:36:54 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{49C539E5-ADF2-481B-9A1B-3001F8F7487B} [2012.12.28 16:04:24 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{E6A39827-331B-4BDD-BB24-5FA66DCF0AA6} [2012.12.27 18:05:54 | 000,000,000 | ---D | C] -- C:\Users\Admir\Documents\Deluxe Ski Jump 4 [2012.12.27 18:05:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluxe Ski Jump 4 [2012.12.27 18:05:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Deluxe Ski Jump 4 [2012.12.27 18:05:32 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\Programs [2012.12.27 12:52:16 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{208D83C4-73C4-4B7B-A12F-2B24C722B768} [2012.12.27 00:51:52 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{DDB1C3A3-C527-4CA1-81CC-D35384402E85} [2012.12.26 11:51:43 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{E13C91EF-7E39-4C99-B9D9-AE3D581808F3} [2012.12.25 12:17:53 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{FA5E66E0-DF62-44A1-AB06-470F0FD56997} [2012.12.24 23:12:39 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{3F313C9B-06B4-439F-BEED-E4F6E8C5B689} [2012.12.24 15:47:48 | 000,000,000 | ---D | C] -- C:\Users\Admir\Documents\Deluxe Ski Jump 3 [2012.12.24 15:47:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluxe Ski Jump 3 [2012.12.24 15:47:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Deluxe Ski Jump 3 [2012.12.24 11:12:06 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{7ADD7824-8E85-48DB-999D-973659544294} [2012.12.23 13:52:34 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{EC67A73E-5EEA-4A25-84BC-1D461D79F0D2} [2012.12.22 12:06:56 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{B0BB9356-B161-468C-B79D-4E215B581BBD} [2012.12.22 02:12:29 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012.12.22 02:12:29 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012.12.22 02:12:29 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012.12.22 02:12:28 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012.12.21 23:10:18 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{61080790-FEEB-429F-84D9-EE34A08ACDCD} [2012.12.21 11:09:54 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{EA0B8376-761C-4FC0-AFAA-A0F808EA15DD} [2012.12.20 11:42:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.12.20 11:41:23 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.12.20 11:41:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012.12.20 11:41:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.12.20 11:41:23 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2012.12.20 10:26:20 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{7D6B14BF-68F2-4B8E-82C2-919345327FD5} [2012.12.19 13:52:39 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{7A914B22-5C1B-4657-BA1B-E683C616163B} [2012.12.19 12:06:49 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{3221DDE6-1EB2-4B6D-87D5-FBAE950B768F} [2012.12.19 09:50:58 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{9E3D4D77-E273-4A87-881F-2E72C5182223} [2012.12.18 16:32:18 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{56E01F32-DE16-473D-B814-97DD11C98D72} [2012.12.18 09:42:15 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{5F8195DD-847C-4527-BAEB-12D395ED33AD} [2012.12.17 19:46:18 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{264C8A50-9910-494B-A517-2E1FD013F6BE} [2012.12.17 07:44:40 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{D3E0682E-F7B3-4C8E-9DAE-9EDF7DD3EA49} [2012.12.16 15:45:40 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{E768AF08-1424-411B-98BD-6C8BF2A2ED2C} [2012.12.16 03:43:20 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{656F2C84-E8D9-4F5A-A62B-1D3F7A59FB42} [2012.12.15 10:39:48 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{B1705902-70DC-4EC9-98BA-987426AAD075} [2012.12.14 22:29:12 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{BA29D809-6C70-4A69-91CD-75766F9F2993} [2012.12.14 10:27:19 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{F3B4D7BA-BEA3-4E98-AB0F-EB5EA934D29D} [2012.12.13 22:27:02 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{908734CC-B149-40DA-A241-313A9A541C88} [2012.12.13 22:26:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012.12.13 22:26:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.12.13 22:26:32 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2012.12.13 22:26:32 | 000,746,984 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2012.12.13 22:26:32 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012.12.13 22:26:16 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012.12.13 10:26:12 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{58A9B2DC-7221-4CC7-8BE9-0470C1D97AFA} [2012.12.12 21:12:14 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.12.12 21:12:14 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.12.12 21:12:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.12.12 21:12:04 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.12.12 21:12:04 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.12.12 21:12:04 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.12.12 21:12:04 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.12.12 21:12:04 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.12.12 21:12:04 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.12.12 21:12:03 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.12.12 21:12:03 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.12.12 21:12:03 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.12.12 21:12:02 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.12.12 21:12:02 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.12.12 21:12:01 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.12.12 21:05:47 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012.12.12 21:05:47 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2012.12.12 21:05:46 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2012.12.12 21:05:46 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2012.12.12 21:05:46 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2012.12.12 21:05:46 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2012.12.12 21:05:46 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2012.12.12 21:05:46 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2012.12.12 21:05:46 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2012.12.12 21:05:46 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2012.12.12 21:05:46 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2012.12.12 21:05:45 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2012.12.12 21:05:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012.12.12 21:05:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012.12.12 21:05:43 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012.12.12 21:05:43 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012.12.12 21:05:43 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012.12.12 21:05:43 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012.12.12 21:05:43 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012.12.12 21:05:43 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012.12.12 21:05:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012.12.12 21:05:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012.12.12 21:05:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012.12.12 21:05:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012.12.12 21:05:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012.12.12 21:05:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.12.12 21:05:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012.12.12 21:05:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012.12.12 21:05:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012.12.12 21:05:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012.12.12 21:05:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012.12.12 21:05:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012.12.12 21:05:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012.12.12 21:05:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012.12.12 21:05:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012.12.12 21:05:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012.12.12 21:05:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012.12.12 21:05:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012.12.12 21:05:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012.12.12 21:05:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012.12.12 21:05:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.12.12 21:05:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012.12.12 21:05:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012.12.12 21:05:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012.12.12 21:05:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012.12.12 21:05:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012.12.12 21:05:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012.12.12 21:05:42 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012.12.12 21:05:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012.12.12 21:05:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012.12.12 21:05:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012.12.12 21:05:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012.12.12 21:05:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012.12.12 21:05:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012.12.12 21:05:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012.12.12 21:05:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012.12.12 21:05:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012.12.12 21:05:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012.12.12 21:05:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012.12.12 21:05:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012.12.12 21:05:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012.12.12 21:05:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012.12.12 21:05:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012.12.12 21:05:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012.12.12 21:05:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012.12.12 21:05:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012.12.12 21:05:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012.12.12 21:05:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012.12.12 21:05:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2012.12.12 21:05:29 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll [2012.12.12 21:05:29 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll [2012.12.12 20:47:49 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{5675FF6B-9D58-4143-A069-95203084F4F0} [2012.12.11 21:48:56 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{541FF0F3-8C2E-430A-9255-E0D1ACD4565C} [2012.12.11 09:48:27 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{13824635-8209-49A6-9B77-CF6978898F68} [2012.12.10 14:26:50 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{9781312E-8284-44FC-A738-26599D3FD15F} [2012.12.09 23:17:40 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{95BDA647-E2C8-469C-90B0-C92651A9A405} [2012.12.09 11:16:10 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{51510419-3176-4E40-BD4A-977DFF35EBD3} [2012.12.08 23:17:06 | 000,000,000 | ---D | C] -- C:\Users\Admir\Desktop\Nedo U-Kurs [2012.12.08 22:47:28 | 000,000,000 | ---D | C] -- C:\Users\Admir\Documents\Neuer Ordner [2012.12.08 14:21:58 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{EF6CF001-063E-4D1C-8EEF-EF65534325FF} [2012.12.07 11:21:08 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{463CD27D-8623-4945-8611-5E2A19E2BD36} [2012.12.06 23:20:33 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{733E2568-803E-45F4-890E-6A329EF6C70E} [2012.12.06 11:20:09 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{CABACB64-4EFF-4CD6-A603-DCE4999FE38F} [2012.12.05 01:34:31 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{7D812F67-986B-448D-B71F-43E0BF68D66A} [2012.12.04 17:07:53 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{8AEEFCE0-73C7-4407-B16F-56024ED17F52} [2012.12.03 22:41:17 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{82D8C90B-5AD7-4A1E-87E3-6C380FA70F7F} [2012.12.03 10:40:50 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{82A03ED8-72E3-4D91-BBAF-943499AEB1CB} [2012.12.01 14:55:27 | 000,000,000 | ---D | C] -- C:\Users\Admir\AppData\Local\{1A40812A-60B0-4F1B-B2E2-CB28C1414145} [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.30 23:38:13 | 000,551,997 | ---- | M] () -- C:\Users\Admir\Desktop\adwcleaner.exe [2012.12.30 23:29:24 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.30 23:29:24 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.30 23:21:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.30 23:21:05 | 3193,602,048 | -HS- | M] () -- C:\hiberfil.sys [2012.12.30 21:07:16 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.12.30 20:56:19 | 005,015,826 | R--- | M] (Swearware) -- C:\Users\Admir\Desktop\ComboFix.exe [2012.12.30 20:45:37 | 000,000,512 | ---- | M] () -- C:\Users\Admir\Desktop\MBR.dat [2012.12.30 20:23:20 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Admir\Desktop\tdsskiller.exe [2012.12.30 20:17:09 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Admir\Desktop\aswMBR.exe [2012.12.30 16:32:59 | 000,001,112 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.30 15:05:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admir\Desktop\OTL.exe [2012.12.30 13:38:15 | 000,002,890 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js [2012.12.30 12:08:22 | 000,001,062 | ---- | M] () -- C:\Users\Admir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.12.29 19:09:06 | 000,001,990 | ---- | M] () -- C:\Users\Admir\Desktop\DreamBoxEdit.lnk [2012.12.27 18:05:45 | 000,001,087 | ---- | M] () -- C:\Users\Admir\Desktop\DSJ4.lnk [2012.12.24 15:47:34 | 000,001,005 | ---- | M] () -- C:\Users\Admir\Desktop\DSJ3.lnk [2012.12.22 12:04:23 | 000,426,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.20 18:44:52 | 001,622,100 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.20 18:44:52 | 000,700,630 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.20 18:44:52 | 000,655,302 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.20 18:44:52 | 000,149,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.20 18:44:52 | 000,122,174 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.20 11:42:07 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.12.18 16:37:05 | 000,001,620 | ---- | M] () -- C:\Users\Admir\Desktop\K2 - Kollektivarbeitsrecht - Verknüpfung.lnk [2012.12.16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012.12.16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.12.13 22:26:05 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2012.12.13 22:26:05 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2012.12.13 22:26:05 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012.12.13 22:26:05 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012.12.13 22:26:05 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012.12.13 22:26:05 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012.12.12 21:08:36 | 000,002,415 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.12.11 15:54:41 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.12.11 15:54:40 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.30 23:38:13 | 000,551,997 | ---- | C] () -- C:\Users\Admir\Desktop\adwcleaner.exe [2012.12.30 20:57:46 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.12.30 20:57:46 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.12.30 20:57:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.12.30 20:57:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.12.30 20:57:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.12.30 20:45:37 | 000,000,512 | ---- | C] () -- C:\Users\Admir\Desktop\MBR.dat [2012.12.30 16:32:59 | 000,001,112 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.30 13:38:15 | 000,002,890 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js [2012.12.27 18:05:45 | 000,001,087 | ---- | C] () -- C:\Users\Admir\Desktop\DSJ4.lnk [2012.12.24 15:47:34 | 000,001,005 | ---- | C] () -- C:\Users\Admir\Desktop\DSJ3.lnk [2012.12.20 11:42:07 | 000,001,828 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.10.02 17:40:58 | 000,000,600 | ---- | C] () -- C:\Users\Admir\AppData\Roaming\winscp.rnd [2012.06.25 09:44:37 | 000,004,096 | -H-- | C] () -- C:\Users\Admir\AppData\Local\keyfile3.drm [2012.05.14 22:06:34 | 000,000,098 | ---- | C] () -- C:\Users\Admir\AppData\Roaming\CamStudio.Producer.command [2012.05.14 22:03:17 | 000,001,205 | ---- | C] () -- C:\Users\Admir\AppData\Roaming\CamStudio.Producer.ini [2012.05.14 22:03:17 | 000,000,000 | ---- | C] () -- C:\Users\Admir\AppData\Roaming\CamStudio.Producer.Data.ini [2012.05.14 21:28:20 | 000,005,120 | ---- | C] () -- C:\Users\Admir\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.05.14 21:26:47 | 000,000,408 | ---- | C] () -- C:\Users\Admir\AppData\Roaming\CamShapes.ini [2012.05.14 21:26:47 | 000,000,408 | ---- | C] () -- C:\Users\Admir\AppData\Roaming\CamLayout.ini [2012.05.14 21:26:47 | 000,000,103 | ---- | C] () -- C:\Users\Admir\AppData\Roaming\Camdata.ini [2012.05.14 21:13:33 | 000,004,425 | ---- | C] () -- C:\Users\Admir\AppData\Roaming\CamStudio.cfg [2011.12.22 15:09:49 | 000,074,248 | ---- | C] () -- C:\Windows\hpqins16.dat [2011.06.01 13:43:37 | 001,642,510 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Extras.txt: Code:
ATTFilter OTL Extras logfile created on: 30.12.2012 23:56:22 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Admir\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
3,97 Gb Total Physical Memory | 2,50 Gb Available Physical Memory | 62,95% Memory free
7,93 Gb Paging File | 6,06 Gb Available in Paging File | 76,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186,31 Gb Total Space | 80,87 Gb Free Space | 43,41% Space Free | Partition Type: NTFS
Drive D: | 185,91 Gb Total Space | 58,62 Gb Free Space | 31,53% Space Free | Partition Type: NTFS
Computer Name: ADMIR-TOSHIBA | User Name: Admir | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2063069217-60928023-77756203-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FD26CEF-0BD7-43C0-98C5-83FDD47758C4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{10F77B53-D464-463A-803F-62B3594B3D5D}" = rport=138 | protocol=17 | dir=out | app=system |
"{11D17610-9A94-48ED-92EF-8E4B2B816739}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{13DFFB39-A37F-4C55-BF91-9FF3BF169CDA}" = lport=10243 | protocol=6 | dir=in | app=system |
"{15E2E31A-E4D9-45EB-890A-5C82B7E9D8C0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{178EDD43-7F25-4A9F-B0B5-BADDBA6188E7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{182ADFCB-8E10-4545-A64D-19A01A78AD12}" = rport=10243 | protocol=6 | dir=out | app=system |
"{193DECFC-8C18-4863-A071-92889572F3FB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1ACEC75D-8AFB-4A23-BA07-57FE1B80D0F2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1CFFC563-E441-4D3A-8344-6FC022EB3034}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2377E4DB-A55E-4F63-ADB7-0DFB7D470169}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{27F0489E-46CC-4148-8D23-F2DE4E6AEF3B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{3D70903D-40EB-4566-8B0A-758267542776}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{403F384E-51B4-40E5-BE07-EA32DD58CEC5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4171CB4A-8B58-4A6B-A85C-B693B0A6831C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{422946D0-BB95-4A15-A2F2-73AB596EA87E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{46EC443E-5D67-43DE-A2BE-75572BF23B8E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{50F7D3D2-E1AB-4410-A7DF-E29E2B4FE4B2}" = lport=445 | protocol=6 | dir=in | app=system |
"{54320807-506D-4470-B43B-C85B48887B08}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{68A6D588-5E8A-4EA7-8E1F-C34BE5DAEA70}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6FE47D50-3FFA-414C-BA51-71F097BFBC06}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7EEAE173-9DB3-4473-8540-E76D57A28EA9}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8C97F4DF-65DC-4A67-99AB-2B3F6C0B8530}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{9F1054F0-08E3-4079-8C28-E1E5D03B8C29}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A12C9BFD-5995-46A2-86FE-6FE3AFDF50DF}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A73EE96F-F1FB-4E18-B2ED-2C2E45943239}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{A99D601C-995F-44D4-8CD0-A2936ECF6993}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B3000A39-C240-478A-AD17-60C9F6275B11}" = lport=137 | protocol=17 | dir=in | app=system |
"{BECC23F6-8837-4389-BF62-56E02D49888E}" = lport=138 | protocol=17 | dir=in | app=system |
"{C4FE66E1-A0EC-4B6C-82A1-B78F46EF1BB0}" = rport=139 | protocol=6 | dir=out | app=system |
"{D77FA2EE-312B-4231-837E-656920428620}" = rport=445 | protocol=6 | dir=out | app=system |
"{D9022647-3225-4EDB-87E5-4331F6DB5965}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{DA5CF4D5-91B6-4ABE-9552-1F128016017B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E8F73315-8D6B-402C-B141-FC28DF003369}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F18A8BAE-CEB9-4E03-8178-0C0C421DE9BB}" = rport=137 | protocol=17 | dir=out | app=system |
"{F6B97F04-DC5C-4C0B-801B-4EB8CC4EBC89}" = lport=139 | protocol=6 | dir=in | app=system |
"{F8253C8F-1AEC-401B-ACFB-32433C913D0E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00042D2B-E5E7-421F-B2DE-3B483F3DAE7E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0180A0E0-519D-40C2-BE56-27679754AF4D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{05378852-3C85-4764-9D95-41170AFA5FBA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{053D950E-9FF7-41C7-80A6-C6965BAFFC0A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{09B85434-0679-4B71-927B-2EA2C070E480}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1402FE1C-2260-4FFD-9907-66288933DEBD}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{1B38C172-1D33-4729-B171-E71A7C807573}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{1C37CA33-2927-4F1B-88A0-FBEBF03FDC78}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{20225BB9-5636-4011-A83F-8921589E4A4D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2E9DE717-CD23-4941-8686-133991C5C4FF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{32053EC5-E5EC-4D48-B13C-D24B9B7BDAF0}" = protocol=6 | dir=in | app=c:\program files (x86)\a1\a1 breitband\a1breitband.exe |
"{35CFD96A-73CE-4BA2-A147-2C847E88C23B}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{4373440C-9616-4922-B5AE-5057AC40BB53}" = protocol=6 | dir=in | app=c:\program files (x86)\a1\a1 diagnose\a1wlanassistent.exe |
"{44C5017D-50C2-47BF-A5D1-87E215CBBB74}" = protocol=17 | dir=in | app=c:\program files (x86)\a1\a1 breitband\a1breitband.exe |
"{44E9C97A-15EC-4843-A755-1851A88969FE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{4505638D-C256-4B70-AECC-8A8166047B10}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{49EC7198-FDE7-41E4-A9FC-F84DEDF5699B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4F963B9A-AC62-4B81-88D3-B08104C7A8F4}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{5A4DC6CE-242D-44CD-8C20-0F18B4C2A079}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5A994F3A-0B5E-4405-B31E-72CD95C8E291}" = protocol=6 | dir=in | app=c:\program files (x86)\a1\a1 breitband\a1breitband.exe |
"{6001F8CE-BB54-49FF-9CAD-7751BD82F960}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |
"{62D86642-4161-4E3D-919A-FC386DE8DB55}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer_service.exe |
"{639B05C6-6C65-40A3-8959-67092304CC4D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6889073D-F213-4798-874D-89C97D699994}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{69C81A4B-E7B1-47A2-9B96-23C3AC074CC5}" = protocol=6 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2011\pes2011.exe |
"{69E7D859-F12E-4AC5-A456-FCE9DC4CE8E3}" = protocol=17 | dir=in | app=c:\program files (x86)\a1\a1 diagnose\a1modemkonfigurator.exe |
"{7CF8B8A6-1664-4D4C-92B4-1953E7281B7B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{7DC859F3-DB79-4DC7-9B4B-BF80C23955BA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{81F063D7-E3B6-4A05-BF94-0A4EC1F939A8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8437F741-29C5-4DD2-8859-3AC5206D1A22}" = protocol=6 | dir=in | app=c:\program files (x86)\a1\a1 servicecenter\a1servicecenter.exe |
"{851FE9E5-D908-4361-A8BD-5273D14A008C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{91921E20-5D47-4DF4-9DB1-9B0ECE88D7B8}" = protocol=17 | dir=in | app=c:\program files (x86)\a1\a1 bandbreiten-optimierer\a1_bandbreiten_optimierer.exe |
"{93C72620-7983-4DEE-B600-4AB97EB40A5C}" = protocol=6 | dir=in | app=c:\program files (x86)\a1\a1 bandbreiten-optimierer\a1_bandbreiten_optimierer.exe |
"{95E79C03-9A9F-43C7-B148-21621EE49498}" = protocol=6 | dir=out | app=system |
"{9995150B-8A33-4F43-9A7B-A6C6BDC998B2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A12EF311-0D53-4E3C-9463-9C0A8AD12C71}" = protocol=6 | dir=in | app=c:\program files (x86)\a1\a1 diagnose\a1diagnose.exe |
"{A3954445-A147-4AD3-AF65-40287F439EB0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{ABE171B7-1095-41B9-AD32-24F571F85086}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer_service.exe |
"{B1B0F284-2FD2-45F7-85B5-6E00CA8035E2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B1FE3D76-4671-493A-95BD-6A9867035021}" = protocol=17 | dir=in | app=c:\program files (x86)\a1\a1 diagnose\a1diagnose.exe |
"{BA51897D-1179-4B3F-9E76-8FCA53E9805E}" = protocol=6 | dir=in | app=c:\program files (x86)\a1\a1 diagnose\a1modemkonfigurator.exe |
"{BC113929-166B-452C-BE39-B8B3502897A2}" = protocol=6 | dir=in | app=c:\program files (x86)\a1\a1 modemwechsel\a1modemwechsel.exe |
"{BD729CFD-3431-4072-917F-AA00BE0A51CA}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{C3AFC690-4EF9-457D-8A1E-F7D94F13F5E3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C4D85A53-120B-497A-848B-5D4C7E60DE1A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C9904A39-65BF-4064-BD8B-88E13855C900}" = protocol=17 | dir=in | app=c:\program files (x86)\a1\a1 servicecenter\a1servicecenter.exe |
"{CB77C5E4-7F36-4580-8168-F6601F6C9CAE}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |
"{D8E40D3B-3BE3-468A-939D-700A622B6844}" = protocol=17 | dir=in | app=c:\program files (x86)\a1\a1 diagnose\a1wlanassistent.exe |
"{D99B38D1-AFA4-43DD-895C-0B856B2AD7F8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E0379BDD-8525-4DAF-865F-829F3C966F73}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E075CDCD-F91A-4AF5-B1BD-148ED1C05153}" = protocol=17 | dir=in | app=c:\program files (x86)\a1\a1 breitband\a1breitband.exe |
"{E6819E51-2DF1-4332-B43B-C0A9E28CBA14}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{E8505959-3D10-49E4-BEFE-DC024ABF3820}" = protocol=17 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2011\pes2011.exe |
"{EBE86ED7-93C8-46C3-8E63-7B04B55B9270}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{EEB0C9C2-DCE7-4506-8B21-C9F806FBD83D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F19E8320-3DEF-4E51-91E2-314C6BAAA1F7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F5B6759B-F028-40FD-9B37-4AFC327C705C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FBCCF8EA-5B8D-4F00-AC99-F3A9C0518B91}" = protocol=17 | dir=in | app=c:\program files (x86)\a1\a1 modemwechsel\a1modemwechsel.exe |
"{FE592F15-00FD-4CF3-A8F4-BDC4340F10AA}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{052E9B9B-10EC-4A00-A013-D2DC836BE09C}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{40F5BE8C-B279-4148-B8C5-C21D2FA07C3D}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe |
"TCP Query User{45C42F77-54B8-4F12-9CA9-2162FB6E4076}C:\program files (x86)\thq\motogp urt 3\motogp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\motogp urt 3\motogp.exe |
"TCP Query User{70FA950D-00C1-416C-8ACD-3664A86A162F}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{897F9E17-D510-4F44-B539-541772984503}C:\program files (x86)\connectify\connectify.exe" = protocol=6 | dir=in | app=c:\program files (x86)\connectify\connectify.exe |
"TCP Query User{94DF53CE-1A63-4FB9-846A-0ACBC65FB471}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{996E0DE4-FD47-47E6-9724-286D3EF48197}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"TCP Query User{A956EB98-00A9-46DD-9712-07FAD7A662B8}C:\program files (x86)\thq\motogp urt 3\motogp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\motogp urt 3\motogp.exe |
"TCP Query User{EA90987C-7261-4428-A694-C2FB92158DC7}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{F89D03F2-B61C-4DD0-AE6B-D6553E86A9A9}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"UDP Query User{16787419-C709-4D78-B945-AD1392DAE29A}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{25B5B5A4-AB11-4239-8ECB-6A0692820D02}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"UDP Query User{28805D98-DE01-4168-8B36-B6465E0E2522}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{36ECB028-72DD-4826-8EF8-C92B08A83162}C:\program files (x86)\thq\motogp urt 3\motogp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\motogp urt 3\motogp.exe |
"UDP Query User{43FB6EFC-C400-4A7D-85D8-FD191A4B6455}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe |
"UDP Query User{878ADB0F-B6C5-4B06-9111-2BDECF11E8B2}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{CC0809C4-103E-4A81-B77D-17068130D52F}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"UDP Query User{D3819389-D40F-4234-99ED-7B11702C28A6}C:\program files (x86)\connectify\connectify.exe" = protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectify.exe |
"UDP Query User{F0CA3F9F-04E1-4191-9F06-4798D8329752}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{F11F2BFC-962D-407B-96A7-8F3E32C1435A}C:\program files (x86)\thq\motogp urt 3\motogp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\motogp urt 3\motogp.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{0FB2E75A-1024-331F-77EF-D45F71505D58}" = ATI Catalyst Install Manager
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}" = TOSHIBA Bulletin Board
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{9EE58CAC-21D5-1412-F0F2-CB9CD8834B59}" = ccc-utility64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C2DDF845-7107-40E8-8D2A-8719F1799570}" = TOSHIBA ReelTime
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0163E195-D5EF-BF70-CBEE-73AA7CBBBEEE}" = CCC Help Thai
"{03883959-80DA-6151-CEAE-46A058CF774F}" = CCC Help Danish
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0823A2E3-69DD-A37A-7CD9-1CBEB037545C}" = Toshiba Photo Service - powered by myphotobook
"{096D1CCF-0F1E-08FB-094F-C40A633D5AEB}" = ccc-core-static
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{1148E85C-E1AF-48E0-A29C-68DACE07E054}" = Pro Evolution Soccer 2011
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{13D0EB07-FCA0-C005-A6C5-B1A4B7E5BB48}" = Catalyst Control Center Core Implementation
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D4A3E7D-A580-5BB7-DED3-48508A53D2B2}" = CCC Help Chinese Standard
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1DFE388B-6FD3-4230-A47B-393AEA68C01D}" = EndNote Web
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22354A21-BE84-0D40-191D-6E530B715CCF}" = CCC Help Polish
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver
"{2F36BA32-7986-9E40-B3F6-908B214EC898}" = CCC Help Japanese
"{2F4A39B2-5A2D-3E9F-E8EA-6F891A097ACF}" = CCC Help English
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3DBE8669-1F7D-E1C9-2BC8-CC4BAE0A5136}" = CCC Help Turkish
"{3FF5FF03-DB97-2ACE-BAE7-61D6D4A39F9B}" = Catalyst Control Center Graphics Full Existing
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CEE0E9F-2116-BE92-CD54-8D1834935B54}" = Catalyst Control Center Localization All
"{511D88E4-9922-4DB0-BA3A-F51D24172239}" = bob internet
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{5DD59391-FED6-576D-B6BD-71111EF96522}" = CCC Help Russian
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6168260A-6D56-50BB-193C-BF6F471394AA}" = CCC Help Greek
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A150790-FC79-D323-92D4-E773E3A03789}" = CCC Help Portuguese
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6CB88B54-4C1C-E6AB-49C6-476DE56327BC}" = CCC Help Spanish
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DE880FE-F0C9-BC57-B7C5-2ABEAE1E501E}" = CCC Help German
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79660B73-3DD0-9C3D-3F29-0E266F3AE5EA}" = CCC Help Norwegian
"{7E4FBD52-148F-49EE-AFCC-96FB498F4D7D}" = A1 Servicecenter
"{81E5E076-F2C1-AE09-A360-0CAC2967FD5F}" = CCC Help Swedish
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{92083A9A-549D-4057-88E8-223EA08563FA}" = Cisco AnyConnect VPN Client
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{986CAA52-3249-B34F-DC64-07347926CF57}" = CCC Help Korean
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E4FF410-471F-49E3-9358-74FF0D5E9901}" = Toshiba TEMPRO
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B06D7A82-E7C6-47D1-97FB-54CA5CA21743}" = ARIS Platform
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B5B8BA5D-55CA-9351-984B-048FEF97A544}" = Catalyst Control Center Graphics Previews Vista
"{B6DECBD2-EC09-17C3-35AE-8C72B08062C9}" = CCC Help Czech
"{BF29BDFC-4DF0-4C00-BE14-B326D0BA84B6}_is1" = GermaniX Transcoder
"{BF3AB290-563B-2F6F-9AF0-189B5CCF2C01}" = Catalyst Control Center Graphics Light
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C644BA4B-07D6-A67E-9EB4-157F6DEB68BE}" = CCC Help Chinese Traditional
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0831990-FF97-1F08-668D-4743CC32EFBC}" = CCC Help Finnish
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D9835CE0-E294-83FE-AF9F-BC113A0D2EA9}" = CCC Help Hungarian
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E25FA4E1-678F-414F-9777-1E3FDBBDA4D1}" = Catalyst Control Center InstallProxy
"{E3D63B95-4B21-414A-A2C7-D6D6A6AC6D79}" = Catalyst Control Center - Branding
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E8B28EF5-2A73-03A7-4F02-2DFF1D182940}" = Catalyst Control Center Graphics Full New
"{E94F833D-6435-40A2-112C-4BC18100B91D}" = CCC Help Italian
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEA02668-D5D9-AEFF-6FFB-1EB5BC765A52}" = CCC Help French
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCD674E3-F281-46D6-7717-6EAFDD16D8FC}" = CCC Help Dutch
"A1 Servicecenter" = A1 Servicecenter
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"bob internet" = bob internet
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Deluxe Ski Jump 3_is1" = Deluxe Ski Jump 3 v1.7.0
"Deluxe Ski Jump 4_is1" = Deluxe Ski Jump 4
"DreamBoxEdit" = dreamboxEDIT -- The one and only settings editor for your Dreambox
"ENTERPRISE" = Microsoft Office Enterprise 2007
"eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Toshiba Photo Service - powered by myphotobook
"Google Chrome" = Google Chrome
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}" = TOSHIBA Bulletin Board
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{C2DDF845-7107-40E8-8D2A-8719F1799570}" = TOSHIBA ReelTime
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MotoGP 2007_is1" = MotoGP 2007
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"SopCast" = SopCast 3.2.8
"TeamViewer 5" = TeamViewer 5
"TVUPlayer" = TVUPlayer 2.5.3.1
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.9
"WildTangent toshiba Master Uninstall" = WildTangent-Spiele
"WinLiveSuite" = Windows Live Essentials
"winscp3_is1" = WinSCP 5.1
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2063069217-60928023-77756203-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 29.12.2012 13:59:31 | Computer Name = Admir-Toshiba | Source = Application Hang | ID = 1002
Description = Programm dreamboxedit.exe, Version 3.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: dcc Startzeit:
01cde5edd20b38eb Endzeit: 10 Anwendungspfad: C:\Program Files (x86)\DreamBoxEdit\dreamboxedit.exe
Berichts-ID:
74378dcd-51e1-11e2-96bc-002622eb2d40
Error - 29.12.2012 14:04:51 | Computer Name = Admir-Toshiba | Source = Application Hang | ID = 1002
Description = Programm dreamboxedit.exe, Version 3.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 164c Startzeit:
01cde5ee6542a752 Endzeit: 10 Anwendungspfad: C:\Program Files (x86)\DreamBoxEdit\dreamboxedit.exe
Berichts-ID:
32fa4794-51e2-11e2-96bc-002622eb2d40
Error - 29.12.2012 14:11:32 | Computer Name = Admir-Toshiba | Source = Application Hang | ID = 1002
Description = Programm dreamboxEDIT.exe, Version 5.0.1.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1648 Startzeit:
01cde5ef987fd921 Endzeit: 15 Anwendungspfad: C:\Program Files (x86)\DreamBoxEdit\dreamboxEDIT.exe
Berichts-ID:
20f9fc04-51e3-11e2-96bc-002622eb2d40
Error - 29.12.2012 14:12:55 | Computer Name = Admir-Toshiba | Source = Application Hang | ID = 1002
Description = Programm dreamboxedit.exe, Version 5.0.1.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1428 Startzeit:
01cde5eff0a7f6fe Endzeit: 20 Anwendungspfad: C:\Program Files (x86)\DreamBoxEdit\dreamboxedit.exe
Berichts-ID:
538b8762-51e3-11e2-96bc-002622eb2d40
Error - 30.12.2012 07:29:03 | Computer Name = Admir-Toshiba | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBt1st.exe". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:.
Komponente
1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 30.12.2012 07:29:36 | Computer Name = Admir-Toshiba | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\TOSHIBA\Bluetooth Toshiba Stack\Tools\AVRCPTestTool.exe". Fehler in Manifest-
oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 30.12.2012 07:30:44 | Computer Name = Admir-Toshiba | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 30.12.2012 08:52:51 | Computer Name = Admir-Toshiba | Source = System Restore | ID = 8193
Description =
Error - 30.12.2012 08:52:59 | Computer Name = Admir-Toshiba | Source = System Restore | ID = 8193
Description =
Error - 30.12.2012 13:13:48 | Computer Name = Admir-Toshiba | Source = Application Hang | ID = 1002
Description = Programm dreamboxedit.exe, Version 5.0.1.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 11e8 Startzeit:
01cde6b04d8af524 Endzeit: 10 Anwendungspfad: C:\Program Files (x86)\DreamBoxEdit\dreamboxedit.exe
Berichts-ID:
3bb7f402-52a4-11e2-a5ea-002622eb2d40
[ System Events ]
Error - 30.12.2012 16:52:30 | Computer Name = Admir-Toshiba | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 30.12.2012 16:55:11 | Computer Name = Admir-Toshiba | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 30.12.2012 16:55:12 | Computer Name = Admir-Toshiba | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 30.12.2012 16:55:39 | Computer Name = Admir-Toshiba | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 30.12.2012 16:58:08 | Computer Name = Admir-Toshiba | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 30.12.2012 17:07:31 | Computer Name = Admir-Toshiba | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 30.12.2012 17:12:09 | Computer Name = Admir-Toshiba | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 30.12.2012 17:21:00 | Computer Name = Admir-Toshiba | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 30.12.2012 18:21:10 | Computer Name = Admir-Toshiba | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 30.12.2012 18:21:10 | Computer Name = Admir-Toshiba | Source = atikmdag | ID = 43029
Description = Display is not active
< End of report >
|
|
| Themen zu Polizei Department Control Trojaner |
| autorun, avira, bho, bonjour, enigma, error, esgscanner.sys, excel, fehler, flash player, google, home, index, install.exe, intranet, logfile, mozilla, object, office 2007, plug-in, programm, realtek, registry, richtlinie, rundll, search the web, security, senden, server, software, svchost.exe, thomson, trojaner, usb, version., windows |
Linear-Darstellung
