Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Unerwünschte Verlinkung im Internet-Browser (=> i.trkjmp.com) - scheint

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 11.02.2013, 14:04   #1
rmi_1
 
Unerwünschte Verlinkung im Internet-Browser (=> i.trkjmp.com) - scheint - Beitrag

Unerwünschte Verlinkung im Internet-Browser (=> i.trkjmp.com) - scheint



Hallo Zusammen!

ich habe seit etwa 5 Tagen folgendes Problem:
Auf allen Seiten meiner Browsers (Chrome) werden bestimmte Begriffe als Verknüpfung (unterstrichen) dargestellt. (zB bereits , früherer ...). Bei Mouseover wird ein Fenster aufgemacht mit der Adresse " hxxp://i.trkjmp.com/click?v=QVQ6MzMyND... " . Die Links werden zusehends mehr. Virenschutzprogramm ist GDATA Internet security 2013 Version 23.1.0.2 (16.1.2013).

Virenscanner habe ich drüberlaufen lassen - keine Erkenntnisse/Veränderung.
Dasselbe bei Malwarebytes Anti-Malware.

Auf die Plattform www.trojaner-board.de bin ich gestern über ein Posting von [moodletrojan v. 20.1.2013 19:30] gestossen, das mir ähnlich erscheint

Ich habe versucht, die drei vorzubereitenden Schritte auszuführen - defrogger + otl hat funktioniert, bei GMER bin ich gescheitert: Im Rahmen der Durchführung hat sich der Rechner verabschiedet. Nach Neustart hat GMER den rechner blockiert - nach 30 Minuten mittel Strom-aus neu gestartet - im abgesicherten Modus durchgeführt, aber keine Meldungen erhalten. Anschlissend nochmals versucht GMER im normelan Modus zu starten - selbes Ergebnis: Notebook bleibt hängen (Taskboard läßt sich ebenfalls nicht mehr starten).

Akuteller Stand: Anbei die beiden Logfiles.

Bitte um Eure Hilfe - vielen Dank im voraus für Eure Vorschläge.
Michael

OTL:

OTL logfile created on: 2/11/2013 10:28:29 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Michael\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

7.98 Gb Total Physical Memory | 5.71 Gb Available Physical Memory | 71.51% Memory free
15.96 Gb Paging File | 13.01 Gb Available in Paging File | 81.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 348.61 Gb Total Space | 272.69 Gb Free Space | 78.22% Space Free | Partition Type: NTFS
Drive D: | 349.64 Gb Total Space | 319.80 Gb Free Space | 91.46% Space Free | Partition Type: NTFS
Drive M: | 1832.31 Gb Total Space | 1648.03 Gb Free Space | 89.94% Space Free | Partition Type: NTFS
Drive P: | 465.65 Gb Total Space | 180.21 Gb Free Space | 38.70% Space Free | Partition Type: FAT32
Drive S: | 465.65 Gb Total Space | 180.21 Gb Free Space | 38.70% Space Free | Partition Type: FAT32
Drive X: | 1832.31 Gb Total Space | 1648.03 Gb Free Space | 89.94% Space Free | Partition Type: NTFS
Drive Y: | 1832.31 Gb Total Space | 1648.03 Gb Free Space | 89.94% Space Free | Partition Type: NTFS

Computer Name: RUE-NB | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/11 10:26:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
PRC - [2013/02/06 15:57:50 | 002,040,224 | ---- | M] (Fabasoft R&D GmbH) -- C:\Users\Michael\AppData\Local\Fabasoft\x86\foliouipu.exe
PRC - [2013/01/09 13:01:22 | 001,035,216 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
PRC - [2012/12/18 15:28:12 | 001,431,256 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
PRC - [2012/12/18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/11/29 05:20:10 | 001,475,096 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
PRC - [2012/11/29 04:49:49 | 001,548,312 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
PRC - [2012/11/29 04:47:08 | 000,469,016 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
PRC - [2012/11/22 16:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) -- C:\Program Files (x86)\PDF Architect\HelperService.exe
PRC - [2012/11/22 16:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe
PRC - [2012/10/02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/03/29 03:42:27 | 000,470,008 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
PRC - [2012/01/19 12:30:04 | 000,114,992 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
PRC - [2011/05/11 17:49:32 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/03/29 14:33:08 | 000,598,312 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011/01/13 08:22:24 | 002,749,856 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2010/12/20 17:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 17:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/12/03 13:57:16 | 000,304,560 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2010/09/06 15:18:00 | 000,746,384 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2010/08/23 15:12:00 | 000,677,264 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2010/08/23 15:12:00 | 000,087,440 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2009/07/28 19:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/05/19 17:39:44 | 000,136,544 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2009/04/03 17:17:00 | 000,447,816 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosAVRC.exe
PRC - [2009/03/10 17:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/12 08:18:59 | 000,014,336 | ---- | M] () -- C:\Users\Michael\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_Updater.DEU
MOD - [2013/01/12 08:18:26 | 009,390,592 | ---- | M] () -- C:\Users\Michael\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_rdlang32.deu
MOD - [2012/12/18 15:28:12 | 000,305,880 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\sqlite.dll
MOD - [2012/11/28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/11/28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/03/15 10:42:25 | 008,498,608 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService)
SRV:64bit: - [2011/07/01 10:46:14 | 000,828,856 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2011/03/02 14:36:16 | 000,266,680 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/12/09 16:45:26 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/12/08 14:42:54 | 000,137,632 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2010/10/20 13:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/03/25 14:58:22 | 000,034,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2013/02/10 09:32:10 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/11/29 05:14:21 | 002,377,736 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe -- (GDFwSvc)
SRV - [2012/11/29 05:08:54 | 002,012,592 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe -- (AVKWCtl)
SRV - [2012/11/29 04:49:49 | 001,548,312 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2012/11/29 04:47:08 | 000,469,016 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService)
SRV - [2012/11/22 16:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\HelperService.exe -- (PDF Architect Helper Service)
SRV - [2012/11/22 16:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\ConversionService.exe -- (PDF Architect Service)
SRV - [2012/10/02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/29 03:42:27 | 000,470,008 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2011/05/11 17:49:32 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/03/29 14:33:08 | 000,598,312 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011/02/10 08:25:36 | 000,112,080 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService)
SRV - [2010/12/20 17:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/20 17:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/11/29 13:58:30 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/04/12 09:45:00 | 000,196,976 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/28 15:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 17:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2013/01/21 22:03:17 | 000,064,416 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre)
DRV:64bit: - [2013/01/21 22:03:15 | 000,065,008 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd)
DRV:64bit: - [2013/01/09 21:20:07 | 000,062,368 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt)
DRV:64bit: - [2013/01/09 20:30:11 | 000,126,880 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV:64bit: - [2013/01/09 20:30:11 | 000,054,176 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave)
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/05/19 07:12:36 | 000,106,648 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD)
DRV:64bit: - [2012/03/15 10:43:59 | 000,301,904 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dlkmd.sys -- (dlkmd)
DRV:64bit: - [2012/03/15 10:43:59 | 000,015,184 | ---- | M] (DisplayLink Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\dlkmdldr.sys -- (dlkmdldr)
DRV:64bit: - [2012/03/15 08:49:12 | 000,017,408 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DisplayLinkUsbPort_6.2.37054.0.sys -- (DisplayLinkUsbPort)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/15 21:18:19 | 000,031,448 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GdNetMon64.sys -- (GdNetMon)
DRV:64bit: - [2011/07/08 16:06:08 | 000,307,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2011/06/01 06:18:22 | 000,079,360 | ---- | M] (ASIX Electronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ax88772.sys -- (AX88772)
DRV:64bit: - [2011/05/20 08:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/05/10 16:41:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/08 18:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/02/03 18:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/01/27 14:27:04 | 000,067,384 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2011/01/27 11:34:12 | 001,577,088 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/01/20 09:26:46 | 000,291,120 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd)
DRV:64bit: - [2010/12/17 18:46:46 | 002,675,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/12/10 12:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/12/10 12:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/12/01 15:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/11/29 10:47:00 | 000,082,224 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tosrfcom.sys -- (Tosrfcom)
DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/11 09:27:00 | 000,050,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV:64bit: - [2010/11/08 12:44:40 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/10/19 15:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/18 13:14:02 | 000,042,096 | R--- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2010/08/30 09:48:00 | 000,094,528 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV:64bit: - [2010/06/18 15:45:00 | 000,018,872 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2010/04/26 10:48:00 | 000,063,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV:64bit: - [2010/04/21 15:40:20 | 000,124,416 | ---- | M] (Wireless Device) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tmnsusbser.sys -- (tmnsusbser)
DRV:64bit: - [2010/04/20 07:08:46 | 000,129,024 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tmusbnet.sys -- (tmusbnet)
DRV:64bit: - [2009/07/30 19:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/24 10:33:00 | 000,026,472 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfnds.sys -- (tosrfnds)
DRV:64bit: - [2009/07/14 15:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/19 18:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/17 11:01:00 | 000,054,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosporte.sys -- (tosporte)
DRV:64bit: - [2009/06/15 12:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2009/06/10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000&st=18&barid={36165BA9-7584-11E1-9AFD-E89A8FCE73F9}
IE - HKLM\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=18&q={searchTerms}&barid={36165BA9-7584-11E1-9AFD-E89A8FCE73F9}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2851647/
IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=111304&babsrc=SP_ss&mntrId=e24937880000000000000050b64da1ac
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TEUA_deAT453
IE - HKCU\..\SearchScopes\{8351DCCE-536F-47CF-8781-685DA37BBE9D}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647
IE - HKCU\..\SearchScopes\{8BE42563-DE14-4581-A40B-7A4D61863E58}: "URL" = hxxp://at.search.yahoo.com/search?ei=utf-8&fr=chr-greentree_ie&type=827316&ilc=12&p={searchTerms}
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=18&q={searchTerms}&barid={36165BA9-7584-11E1-9AFD-E89A8FCE73F9}
IE - HKCU\..\SearchScopes\{EFCFC88D-2AB8-4DD4-B46C-42E95800CE0A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&r=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\FabasoftPluginPU: C:\Users\Michael\AppData\Local\Fabasoft\x86\npfoliopluginpu32.dll (Fabasoft R&D GmbH)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2012/12/03 15:08:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{D5AA91D3-CA07-4379-B0F2-AEC652F5943F}: C:\Users\Michael\AppData\Local\Fabasoft\TB\ [2013/02/10 20:07:36 | 000,000,000 | ---D | M]

[2012/08/31 13:41:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions
[2012/08/31 13:41:56 | 000,000,000 | ---D | M] (uTorrentBar_DE) -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
[2012/10/05 11:47:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/28 20:39:06 | 000,031,872 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

========== Chrome ==========

CHR - homepage: hxxp://www.igoogle.at/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:se archFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://www.igoogle.at/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U33 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.330.3 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - Extension: Chuck Anderson = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegkoiakifeoejnjkbnnojkkdoegeofp\3_0\
CHR - Extension: uTorrentBar_DE = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\2.3.19.11_0\
CHR - Extension: SaveByclick = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\libinjpfkmhpjfcofinjhgbkfeebeiio\1\

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll File not found
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G Data\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll File not found
O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar_DE Toolbar) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TOSDOCKAPP] C:\Program Files\TOSHIBA\dynadock_II\TosDockApp.exe (TOSHIBA)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Communicator] C:\Program Files (x86)\Microsoft Lync\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NBAgent] c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" File not found
O4 - HKCU..\Run: [FolioSystrayPU] C:\Users\Michael\AppData\Local\Fabasoft\x86\foliouipu.exe (Fabasoft R&D GmbH)
O4 - HKCU..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKCU..\Run: [TOSDOCKAPP] C:\Program Files\TOSHIBA\dynadock_II\TosDockApp.exe (TOSHIBA)
O4 - HKCU..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED File not found
O4 - Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9 - Extra Button: Lync-Add-On - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync-Add-On - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fabasoft.com ([*.folio] http in Trusted sites)
O15 - HKCU\..Trusted Domains: fabasoft.com ([*.folio] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7FD5CE88-DAF5-4870-B0BD-D8D429B2ED66}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D705E8D2-6205-4F99-BC15-1C987D15E1B5}: DhcpNameServer = 192.168.123.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E5FD0D3F-C049-4A48-BA0A-C576C92281C0}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\progra~2\saveby~1\sprote~1.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/02/10 23:14:46 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{01895b74-55c7-11e2-b299-0050b64da1ac}\Shell - "" = AutoRun
O33 - MountPoints2\{01895b74-55c7-11e2-b299-0050b64da1ac}\Shell\AutoRun\command - "" = F:\setup.exe AUTORUN=1
O33 - MountPoints2\{01895b78-55c7-11e2-b299-0050b64da1ac}\Shell - "" = AutoRun
O33 - MountPoints2\{01895b78-55c7-11e2-b299-0050b64da1ac}\Shell\AutoRun\command - "" = F:\.\autorun.exe
O33 - MountPoints2\{d5bdb88c-5a99-11e2-bc42-0050b64da1ac}\Shell - "" = AutoRun
O33 - MountPoints2\{d5bdb88c-5a99-11e2-bc42-0050b64da1ac}\Shell\AutoRun\command - "" = F:\iLinker.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/11 10:26:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
[2013/02/11 09:32:40 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{CA0D8AE8-37DB-456B-A37F-A3D6C1F6B85E}
[2013/02/11 08:51:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/02/11 08:51:25 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/02/11 08:51:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/02/11 08:42:51 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\SpeedyPC Software
[2013/02/11 08:42:51 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\DriverCure
[2013/02/11 08:42:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software
[2013/02/11 08:42:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeedyPC Software
[2013/02/11 08:42:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2013/02/11 08:42:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedyPC Software
[2013/02/10 23:14:04 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/02/10 23:07:13 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2013/02/10 22:58:34 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/02/10 22:01:50 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Malwarebytes
[2013/02/10 22:01:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/02/10 21:32:14 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{183E8F79-2254-4E4A-A430-14D04C78066A}
[2013/02/10 20:07:35 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fabasoft Folio Cloud
[2013/02/10 20:07:35 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Fabasoft
[2013/02/10 09:31:49 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{BCB2D23A-00D6-4E92-B93B-B54BD0C69CE5}
[2013/02/09 14:02:24 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{F2690EA8-0DAE-4ADC-A609-8EE5B1C65423}
[2013/02/08 22:12:40 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{EDCF84F7-184C-413D-ABBB-72A0D0A491DE}
[2013/02/04 19:12:23 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{588F2DC6-B139-47E0-A424-37263405EFCA}
[2013/02/02 10:18:57 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{E19461DF-A630-4C9E-A201-CF404292DBEB}
[2013/01/29 18:05:14 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{BAA83309-3D5E-4012-84E9-BD60E6144EBF}
[2013/01/28 19:35:37 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{AED9DC08-C1DD-403A-8355-98E86C312FB9}
[2013/01/27 20:52:04 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{7723344A-67F3-47E7-B6FE-F2FC613422FC}
[2013/01/27 12:35:20 | 000,000,000 | ---D | C] -- C:\ProgramData\ClickIT
[2013/01/27 12:35:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SaveByClick
[2013/01/27 12:35:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaveByclick
[2013/01/27 12:35:00 | 000,000,000 | ---D | C] -- C:\ProgramData\SaveByclick
[2013/01/27 12:34:50 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2013/01/27 12:34:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2013/01/27 12:34:39 | 000,103,936 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll
[2013/01/27 11:04:46 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{905E6062-79FF-4746-AA43-659AFC27ED92}
[2013/01/25 20:14:12 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{E70C579D-230C-4B6F-974F-BCF4FE4732DB}
[2013/01/24 20:35:20 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{D151F9F1-DF53-4A4C-A98A-CFA010C982F6}
[2013/01/23 06:54:24 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{3FA70619-FC5C-432E-946B-875B38744114}
[2013/01/22 17:26:59 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{F6659662-F913-4CD5-80BF-C10C2B6DE64C}
[2013/01/21 22:40:35 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{7A858509-91CD-444E-8FF8-5D796CE57D43}
[2013/01/20 20:27:53 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{6DF1C1B1-34AC-4264-9436-9D260CE183C6}
[2013/01/20 08:28:06 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{BD2AA843-70DD-4704-92B4-CBC8F143B292}
[2013/01/19 09:29:01 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{5BA0B454-D0F2-4A81-9EC8-7F98C6BB467F}
[2013/01/18 14:57:46 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{F5BD3619-A1DC-42FB-8B21-298EBACE2B47}
[2013/01/17 21:35:48 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{2590C8D3-9E55-44E6-85AD-217D468B3B35}
[2013/01/16 19:00:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{D053E6E1-4D84-4A9F-A29F-5885BCF9A637}
[2013/01/15 18:30:28 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{586635A7-6C32-43A8-834F-A85CAD78F6D4}
[2013/01/14 21:04:17 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{A281ED48-D24E-4CC1-8D99-70DDA6BC534F}
[2013/01/13 18:37:24 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{9430A4A8-ABF4-4066-B3A4-4FBD76AE2CE0}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/11 10:26:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
[2013/02/11 10:25:09 | 000,000,000 | ---- | M] () -- C:\Users\Michael\defogger_reenable
[2013/02/11 10:15:27 | 000,025,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/11 10:15:27 | 000,025,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/11 10:07:34 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/11 10:07:31 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
[2013/02/11 10:07:12 | 000,000,496 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2013/02/11 10:07:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/11 10:06:50 | 2133,217,279 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/11 10:02:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/11 09:33:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/11 09:32:45 | 000,976,584 | ---- | M] () -- C:\Windows\SysWow64\sig.bin
[2013/02/11 09:32:45 | 000,051,968 | ---- | M] () -- C:\Windows\SysWow64\nmp.map
[2013/02/11 08:51:27 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013/02/10 23:14:46 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013/02/10 23:07:13 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2013/02/10 20:07:40 | 000,002,138 | ---- | M] () -- C:\Users\Michael\Desktop\Fabasoft Folio Cloud.lnk
[2013/02/02 10:22:28 | 000,002,150 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/01/29 18:07:05 | 001,681,684 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/29 18:07:05 | 000,719,712 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013/01/29 18:07:05 | 000,681,554 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/29 18:07:05 | 000,154,482 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013/01/29 18:07:05 | 000,130,864 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/27 12:34:48 | 000,001,002 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2013/01/21 22:03:17 | 000,064,416 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\HookCentre.sys
[2013/01/21 22:03:15 | 000,065,008 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/11 10:25:09 | 000,000,000 | ---- | C] () -- C:\Users\Michael\defogger_reenable
[2013/02/11 08:51:27 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013/02/11 08:42:54 | 000,000,496 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2013/02/10 23:14:46 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013/01/27 12:34:48 | 000,001,002 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2013/01/21 21:54:47 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
[2013/01/18 22:25:52 | 000,002,138 | ---- | C] () -- C:\Users\Michael\Desktop\Fabasoft Folio Cloud.lnk
[2012/12/11 14:22:20 | 000,001,199 | ---- | C] () -- C:\Users\Michael\AppData\Local\recently-used.xbel
[2012/10/21 17:12:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd9.dll
[2012/10/21 17:12:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd11.dll
[2012/10/21 17:12:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd10.dll
[2012/07/20 14:20:54 | 000,704,512 | ---- | C] () -- C:\Windows\is-NNKFJ.exe
[2012/07/06 09:52:36 | 000,782,336 | ---- | C] () -- C:\Windows\SysWow64\lxdxdrs.dll
[2012/07/06 09:52:36 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxdxcaps.dll
[2012/07/06 09:52:36 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxdxcnv4.dll
[2012/01/21 19:34:42 | 000,002,269 | ---- | C] () -- C:\Users\Michael\.powerupdate.user.properties
[2011/11/17 23:55:17 | 004,458,034 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/23 06:46:40 | 000,976,584 | ---- | C] () -- C:\Windows\SysWow64\sig.bin
[2011/09/08 22:47:02 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/08/02 17:35:01 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\AHR Software
[2012/05/01 19:37:45 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Amazon
[2012/04/22 19:12:41 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Analytic Technologies
[2012/12/03 15:09:20 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\APP_NAME_NON_STRING
[2012/04/29 10:23:42 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Babylon
[2012/04/22 11:18:49 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Canon
[2013/02/11 08:42:51 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DriverCure
[2012/01/21 17:49:42 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Greenshot
[2012/10/02 12:11:56 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\inkscape
[2012/10/02 12:48:44 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\MAGIX
[2012/07/31 13:31:00 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\OpenCandy
[2012/12/03 18:05:21 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\PDF Architect
[2012/07/20 14:20:53 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\pdfforge
[2013/02/11 08:42:51 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\SpeedyPC Software
[2012/12/28 08:50:33 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Toshiba
[2011/10/15 19:11:03 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\TOSHIBA Online Product Information
[2012/07/31 13:31:36 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\TuneUp Software
[2012/02/17 13:25:25 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\WinBatch
[2012/01/19 22:09:57 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



< End of report >


EXTRAS
OTL Extras logfile created on: 2/11/2013 10:28:32 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Michael\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

7.98 Gb Total Physical Memory | 5.71 Gb Available Physical Memory | 71.51% Memory free
15.96 Gb Paging File | 13.01 Gb Available in Paging File | 81.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 348.61 Gb Total Space | 272.69 Gb Free Space | 78.22% Space Free | Partition Type: NTFS
Drive D: | 349.64 Gb Total Space | 319.80 Gb Free Space | 91.46% Space Free | Partition Type: NTFS
Drive M: | 1832.31 Gb Total Space | 1648.03 Gb Free Space | 89.94% Space Free | Partition Type: NTFS
Drive P: | 465.65 Gb Total Space | 180.21 Gb Free Space | 38.70% Space Free | Partition Type: FAT32
Drive S: | 465.65 Gb Total Space | 180.21 Gb Free Space | 38.70% Space Free | Partition Type: FAT32
Drive X: | 1832.31 Gb Total Space | 1648.03 Gb Free Space | 89.94% Space Free | Partition Type: NTFS
Drive Y: | 1832.31 Gb Total Space | 1648.03 Gb Free Space | 89.94% Space Free | Partition Type: NTFS

Computer Name: RUE-NB | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07F82A86-D5BE-4C74-ABBB-3E6C9C82B2B7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{173CECCC-FDDF-4F5A-AA17-C386E8049BAB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{17FC503D-0D71-4E98-997B-D8DF4C60F0C3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1C294717-176C-4F6C-9332-1A83E5E712FF}" = rport=139 | protocol=6 | dir=out | app=system |
"{28957D44-A4A1-4818-9158-AC1B2AA5B862}" = rport=445 | protocol=6 | dir=out | app=system |
"{2CB27F1D-D37A-47D2-B05C-E6F74D296999}" = lport=137 | protocol=17 | dir=in | app=system |
"{35CC1B71-E053-4DFC-AA32-9F4A469D8B3A}" = lport=138 | protocol=17 | dir=in | app=system |
"{3640D257-B293-4A84-9007-2A53F8C76046}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4A43C8C4-2115-49EF-B3B2-44154B64F16C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{4C223F37-92A2-4C5E-9C89-7FDFBE2C5663}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4F80E422-ED75-4940-BF89-AE1A24B22BB8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{573D86CB-14D0-46F1-AB28-0A5A2B9B1FBE}" = lport=139 | protocol=6 | dir=in | app=system |
"{6233F4B0-66B4-49AC-B8D1-84BE81BD4A77}" = lport=445 | protocol=6 | dir=in | app=system |
"{69299BC5-67DD-4A2D-AF9B-15A7B68269DB}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6F4A0B58-5447-4573-980F-B9BFBE0893CC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{738168DF-200B-478B-961C-C0438BE59DA7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8A989316-B153-4A78-AE01-D9733AE4555C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{913BBF36-3DC7-442A-A89B-5B8AE0E2D0E8}" = rport=138 | protocol=17 | dir=out | app=system |
"{AB443B6C-B3EC-4285-AD46-E7553E88539B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AC1A4745-A7FC-4A98-8301-8C64EB658A95}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B17F3024-2167-4E84-BE37-1A26EE1B452D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B2791544-7D9E-4B36-BAD6-7FF4154B9190}" = rport=137 | protocol=17 | dir=out | app=system |
"{B49066DC-43D1-499E-A439-BE76B73C6FBB}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{C9ABE2CB-91B9-4182-A617-F6143DDA6157}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{EE7C493C-D0BF-4344-B01F-4D9A07BB3678}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F322EB4A-CBF9-4D1B-95D7-4C7D59A1CC08}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02FBE5D5-7B06-4C58-8708-98ECE8CBECE1}" = protocol=6 | dir=out | app=system |
"{05D792D9-5A2E-485D-8F53-DA08C3E3B618}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{0F4E999A-7EE6-4A66-8EA1-B1878087C022}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{133B49D1-7960-4070-9FD9-EFCCF5F0E8B0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1B5B9BC0-50DD-47AF-A931-CAEC71E19174}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{2905BB4F-FAB1-42F3-94A6-1AEAB82A66CE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{296BABEF-A4A8-4061-BFE2-2169367EF3B5}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{29A004A2-E9C8-404D-A2D0-29C1E32C463E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2E02F64F-9907-44DC-9E7A-1DA5445C38B0}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{32799E7B-4257-4250-8FB3-DD577B29BD5B}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{45A44A51-B296-41D0-98CB-3CF3A956D886}" = dir=in | app=c:\program files\microsoft lync\ucmapi64.exe |
"{4BA82A32-1A41-4295-8DF3-DBCB04E3E105}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4C9DF8AC-330E-4B81-848C-9A3875945F72}" = dir=in | app=c:\program files (x86)\microsoft lync\communicator.exe |
"{4E3DF5CE-616E-45D1-BD18-90A48FB2F05E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{56ADBFAF-18C3-4FC5-BCC8-73A2907C87E2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6DBEFD12-8073-4DB0-B81E-D16567F378C3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{76D029C7-B9DA-45B1-BD87-A881352EEB91}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7B680332-7D29-4907-8EAE-85723C2D4F41}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8AFC65CC-9E4B-4DD4-A0D4-31A277705464}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8E7EE989-F623-479F-8F18-BAF66E2FC3D9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{924A25BE-E2D8-4BE1-A88F-654D6F290867}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9F234057-21C4-4CEF-BCEE-E1BC586E1C64}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A0EC4D5F-0A08-4D40-8442-DFFAF4594DD8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A1A92121-CB95-4A5B-8F05-C947D4E1F9F4}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{A2E6CEA9-C2FB-4593-A891-C0FEF0C7318C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{A5DBE9B3-1E91-41A1-9F08-8B3A03C25F65}" = dir=in | app=c:\program files (x86)\microsoft lync\ucmapi.exe |
"{A645C650-DD35-4D85-9EE3-29AC4C5D1017}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B00111F0-14B4-4AEA-A3EA-D1224B060BF7}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{BAED5414-BF68-44BF-B799-EC85353DA3B3}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{C6AB2422-BDD1-4FB9-8B5C-77ACBB7E1F24}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D21007FA-A12F-4FB2-AC9B-9C774E03B431}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D64C6FB4-D6CD-4BE9-A435-21632714D6C6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DA9A688D-0876-4910-8812-C12D72F2B727}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{DCD4603C-E8B8-4C52-BB99-F68391FE916E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{DF42E7EF-65D0-438E-92FB-CB1C66D9C272}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E783EE53-FD5B-424D-A7B2-873115AB26A9}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{F6A59F01-147D-4B4E-9389-463FEEECB1FD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FE03331C-8F0D-4000-8FCD-7FF073F18090}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"TCP Query User{DA408810-FD76-48B8-BC6B-198168E09FEC}C:\program files (x86)\freecom network storage assistant\fnsa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\freecom network storage assistant\fnsa.exe |
"UDP Query User{EC0A384F-8133-4B71-BC9E-10E7DB125F16}C:\program files (x86)\freecom network storage assistant\fnsa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\freecom network storage assistant\fnsa.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00120495-F25C-4F44-9DC7-2D812D025DBA}" = pdfforge Images2PDF 0.9.2.546
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0F5176B2-9AEF-490B-AEE6-C9B9367A733A}" = TOSHIBA dynadock
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series" = Canon MP640 series MP Drivers
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{22D8AE6F-3C6B-47E8-8F04-629F23DBE978}" = iTunes
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer
"{29F41953-2103-4EF2-8328-AD0EA7480D80}" = Business Contact Manager for Microsoft Outlook 2010
"{43DBC64B-3DD1-47E2-8788-D3C3B110C574}" = TOSHIBA Bulletin Board
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{58A013B1-1613-4978-881A-FCA43710C84A}" = Microsoft Lync 2010
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{65486209-5C54-439C-8383-8AC9BBE25932}" = Atheros Bluetooth Filter Driver Package
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{66D49E58-C219-48AB-9EF8-D38B5B0303FD}" = dynadock Utility_II
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7AAB51FE-5167-11DE-82D8-B27D56D89593}" = Microsoft® Office Language Pack 2010 – Deutsch (Business Contact Manager für Microsoft Outlook 2010)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8325FD0C-2FDB-46C3-921A-3A78385EA972}" = Microsoft SQL Server 2008 Native Client
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89019C7F-1F8C-4F95-90AD-45E5B5D783A3}" = DisplayLink Core Software
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUSR_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{94E73F8B-D22E-4241-8E85-542CE45965C6}" = DisplayLink Graphics
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 268.57
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 268.57
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 268.57
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0B1EF66-24AF-42B6-A05D-6C8D0B52CD90}" = SaveByClick
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Business Contact Manager" = Business Contact Manager für Microsoft Outlook 2010
"CNXT_AUDIO_HDA" = Conexant HD Audio
"IHMC CmapTools v5.04.02" = IHMC CmapTools v5.04.02
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{02FCAA8F-59D3-4198-822E-135C61EE4F0B}" = NeroKwikMedia Help (CHM)
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B4DB8FF-9112-4B51-9629-0E4EE3F73646}" = MAGIX Web Designer 7
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}" = Nero Kwik Media
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2063D199-D79F-471A-9019-9E647296394D}" = Nero Multimedia Suite 10 Essentials
"{2290A680-4083-410A-ADCC-7092C67FC052}" = TOSHIBA Online Product Information
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 39
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2C303EE0-A595-3543-A71A-931C7AC40EDE}" = Microsoft Primary Interoperability Assemblies 2005
"{2F603A45-D956-496B-81B5-50D782424976}" = SweetPacks Toolbar for Internet Explorer 4.4
"{30B41B7A-3C9D-44DE-A7A1-949011F33CC3}" = PDF Architect
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{44EDD50C-8366-4F9E-AF69-4AEA96C63604}" = NodeXL Excel Template
"{461F6F0D-7173-4902-9604-AB1A29108AF2}" = TOSHIBA Places Icon Utility
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58CB9A9A-1EFB-4EA8-B50C-3097E754AC21}" = High-Definition Video Playback
"{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services
"{604CD5A1-4520-4844-B064-A3D884B77E91}" = SpeedyPC Pro
"{620DA0EB-574D-45B5-B3E9-B85AECA41D59}" = AX88772A & AX88772 Windows 7 Drivers
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{64FB093C-05F6-4E35-81AE-18871BFDFD6B}" = MAGIX Web Designer 7 Update
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{742D41A9-B3BF-3A65-806E-F8372FB3E492}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5 Language Pack - deu
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{8019BE7F-EF83-4637-8DBF-26669B042662}" = Fabasoft Folio Cloud Plug-in
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{877B3198-1C6B-4A9A-8D28-BE4F6040987F}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A6D9D7A-D8CD-444E-869D-D08AB3A1222E}" = AHR Sudoku 4.1
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.5) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B85C4CB2-B352-4BD8-818C-BCE353599107}" = SweetIM for Messenger 3.6
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C670480D-10CE-4E2E-929E-EE453EDE6BE2}" = G Data InternetSecurity 2011
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CDADE9BC-612C-42B8-B929-5C6A823E7FF9}" = TOSHIBA Wireless LAN Indicator
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D5AEEAA2-184E-4A2A-BAA3-6225EA4B9516}" = TOSHIBA ConfigFree
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F082CB11-4794-4259-99A1-D91BA762AD15}" = TOSHIBA TEMPRO
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"BabylonToolbar" = Babylon toolbar on IE
"Canon MP640 series Benutzerregistrierung" = Canon MP640 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"FormatFactory" = FormatFactory 2.95
"Freecom Network Storage Assistant_is1" = Freecom Network Storage Assistant 1.65
"Google Chrome" = Google Chrome
"Greenshot_is1" = Greenshot
"Inkscape" = Inkscape 0.48.3.1
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{43DBC64B-3DD1-47E2-8788-D3C3B110C574}" = TOSHIBA Bulletin Board
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{620DA0EB-574D-45B5-B3E9-B85AECA41D59}" = AX88772A & AX88772 Windows 7 Drivers
"InstallShield_{66D49E58-C219-48AB-9EF8-D38B5B0303FD}" = dynadock Utility_II
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"MAGIX_MSI_Web_Designer_7" = MAGIX Web Designer 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"QNAP_FINDER" = QNAP Finder
"SP_661c9f97" =
"uTorrentBar_DE Toolbar" = uTorrentBar_DE Toolbar
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"WinLiveSuite" = Windows Live Essentials
"XSBoxGO 1.0.0.0" = XSBoxGO 1.0.0.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"A2A7126BA7857147B5479C468004F2803713BF1A" = Smrf.NodeXL.ExcelTemplate

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/20/2012 6:48:40 PM | Computer Name = rue-nb | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4010

Error - 12/21/2012 3:34:06 AM | Computer Name = rue-nb | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/21/2012 3:34:06 AM | Computer Name = rue-nb | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 998

Error - 12/21/2012 3:34:06 AM | Computer Name = rue-nb | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 998

Error - 12/21/2012 3:34:07 AM | Computer Name = rue-nb | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/21/2012 3:34:07 AM | Computer Name = rue-nb | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1997

Error - 12/21/2012 3:34:07 AM | Computer Name = rue-nb | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1997

Error - 12/21/2012 3:34:08 AM | Computer Name = rue-nb | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/21/2012 3:34:08 AM | Computer Name = rue-nb | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2995

Error - 12/21/2012 3:34:08 AM | Computer Name = rue-nb | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2995

Error - 12/27/2012 4:09:31 AM | Computer Name = rue-nb | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 11/16/2012 2:04:58 AM | Computer Name = rue-nb | Source = MCUpdate | ID = 0
Description = 07:04:57 - Fehler beim Herstellen der Internetverbindung. 07:04:57
- Serververbindung konnte nicht hergestellt werden..

Error - 11/16/2012 2:05:07 AM | Computer Name = rue-nb | Source = MCUpdate | ID = 0
Description = 07:05:03 - Fehler beim Herstellen der Internetverbindung. 07:05:03
- Serververbindung konnte nicht hergestellt werden..

Error - 11/18/2012 5:47:00 PM | Computer Name = rue-nb | Source = MCUpdate | ID = 0
Description = 22:47:00 - Fehler beim Herstellen der Internetverbindung. 22:47:00
- Serververbindung konnte nicht hergestellt werden..

Error - 11/18/2012 5:47:09 PM | Computer Name = rue-nb | Source = MCUpdate | ID = 0
Description = 22:47:05 - Fehler beim Herstellen der Internetverbindung. 22:47:05
- Serververbindung konnte nicht hergestellt werden..

Error - 11/19/2012 2:33:17 PM | Computer Name = rue-nb | Source = MCUpdate | ID = 0
Description = 19:33:17 - Fehler beim Herstellen der Internetverbindung. 19:33:17
- Serververbindung konnte nicht hergestellt werden..

Error - 11/19/2012 2:33:26 PM | Computer Name = rue-nb | Source = MCUpdate | ID = 0
Description = 19:33:22 - Fehler beim Herstellen der Internetverbindung. 19:33:22
- Serververbindung konnte nicht hergestellt werden..

Error - 12/3/2012 5:28:14 AM | Computer Name = rue-nb | Source = MCUpdate | ID = 0
Description = 10:28:13 - Fehler beim Herstellen der Internetverbindung. 10:28:14
- Serververbindung konnte nicht hergestellt werden..

Error - 12/3/2012 5:28:45 AM | Computer Name = rue-nb | Source = MCUpdate | ID = 0
Description = 10:28:39 - Fehler beim Herstellen der Internetverbindung. 10:28:39
- Serververbindung konnte nicht hergestellt werden..

Error - 12/16/2012 2:30:38 PM | Computer Name = rue-nb | Source = MCUpdate | ID = 0
Description = 19:30:38 - Fehler beim Herstellen der Internetverbindung. 19:30:38
- Serververbindung konnte nicht hergestellt werden..

Error - 12/16/2012 2:31:09 PM | Computer Name = rue-nb | Source = MCUpdate | ID = 0
Description = 19:31:03 - Fehler beim Herstellen der Internetverbindung. 19:31:03
- Serververbindung konnte nicht hergestellt werden..

[ System Events ]
Error - 11/15/2012 3:26:11 AM | Computer Name = rue-nb | Source = DCOM | ID = 10010
Description =

Error - 11/15/2012 3:41:17 AM | Computer Name = rue-nb | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
lxdxCATSCustConnectService erreicht.

Error - 11/15/2012 3:41:17 AM | Computer Name = rue-nb | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxdxCATSCustConnectService" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053

Error - 11/15/2012 3:54:10 AM | Computer Name = rue-nb | Source = AX88772 | ID = 17
Description =

Error - 11/19/2012 4:12:00 PM | Computer Name = rue-nb | Source = AX88772 | ID = 17
Description =

Error - 11/20/2012 8:48:53 AM | Computer Name = rue-nb | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.

Error - 11/20/2012 8:48:53 AM | Computer Name = rue-nb | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.

Error - 11/20/2012 8:48:54 AM | Computer Name = rue-nb | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.

Error - 11/20/2012 8:48:56 AM | Computer Name = rue-nb | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.

Error - 11/20/2012 8:48:57 AM | Computer Name = rue-nb | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.


< End of report >

Alt 12.02.2013, 10:37   #2
M-K-D-B
/// TB-Ausbilder
 
Unerwünschte Verlinkung im Internet-Browser (=> i.trkjmp.com) - scheint - Standard

Unerwünschte Verlinkung im Internet-Browser (=> i.trkjmp.com) - scheint






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden. Es können mehrere Analyse- und Bereinigungsschritte erforderlich sein.
    Abschließend entfernen wir wieder alle verwendeten Programme und ich gebe dir ein paar Tipps für die Zukunft mit auf den Weg.
  • Bei Anzeichen von illegaler Software wird der Support ohne Diskussion eingestellt.
  • Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
  • Solltest du mir nicht innerhalb von 5 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
    Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
    Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.





Wenn GMER nicht läuft, nehmen wir eben aswMBR.



Schritt 1
Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
  • Starte das Tool mit Doppelklick.
  • Klicke nun auf den Disable Button, um die Treiber gewisser Emulatoren zu deaktivieren.
  • Defogger wird dich fragen "Defogger will forcefully terminate and disable all CD Emulator related drivers and processes... Continue?" bestätige diese Sicherheitsabfrage mit Ja.
  • Wenn der Scan beendet wurde (Finished), klicke auf OK.
  • Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.
  • Defogger erstellt auf dem Desktop eine Logdatei mit dem Namen defogger_disable.txt. Poste deren Inhalt mit deiner nächsten Antwort.
Klicke den Re-enable Button nicht ohne Anweisung!





Schritt 2
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).







Bitte poste mit deiner nächsten Antwort
  • die Logdatei von DeFogger,
  • die Logdatei GMER.
__________________

__________________

Alt 12.02.2013, 13:44   #3
rmi_1
 
Unerwünschte Verlinkung im Internet-Browser (=> i.trkjmp.com) - scheint - Standard

Unerwünschte Verlinkung im Internet-Browser (=> i.trkjmp.com) - scheint



Hallo Matthias,
danke für Deine Hilfe. Gerne nehme ich mir die Zeit für die Behebung.

Was ich in der Zwischenzeit gemacht habe und du wissen solltest.
-Habe GData Antivirus deinstalliert -
-AVG 2013 installiert und mit den maximalen Möglichkeiten einen umfassenden Scan auf den Computer durchgeführt - ohne Erfolg

Falls ich eine andere Lösung anstrebe teile ich das umgehend mit.
Danke auch für die klaren und detaillierten Anleitungen.

Hier nun die 2 Dateien: + anschliessend das Log vom AVG Virenscan:

Defrogger_disable
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:25 on 12/02/2013 (Michael)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

aswMBR.txt
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-12 14:30:01
-----------------------------
14:30:01.980 OS Version: Windows x64 6.1.7601 Service Pack 1
14:30:01.980 Number of processors: 8 586 0x2A07
14:30:01.981 ComputerName: RUE-NB UserName:
14:30:03.594 Initialize success
14:30:38.045 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:30:38.051 Disk 0 Vendor: TOSHIBA_ GT00 Size: 715404MB BusType: 3
14:30:38.066 Disk 0 MBR read successfully
14:30:38.071 Disk 0 MBR scan
14:30:38.076 Disk 0 Windows 7 default MBR code
14:30:38.085 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 399 MB offset 2048
14:30:38.096 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 356974 MB offset 819200
14:30:38.119 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 358030 MB offset 731901952
14:30:38.140 Disk 0 scanning C:\Windows\system32\drivers
14:30:45.801 Service scanning
14:31:14.992 Modules scanning
14:31:15.001 Disk 0 trace - called modules:
14:31:15.043 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
14:31:15.049 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800a338790]
14:31:15.055 3 CLASSPNP.SYS[fffff88001a1743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007e7a050]
14:31:15.061 Scan finished successfully
14:32:37.758 Disk 0 MBR has been saved successfully to "C:\Users\Michael\Desktop\MBR.dat"
14:32:37.762 The log file has been saved successfully to "C:\Users\Michael\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-12 14:30:01
-----------------------------
14:30:01.980 OS Version: Windows x64 6.1.7601 Service Pack 1
14:30:01.980 Number of processors: 8 586 0x2A07
14:30:01.981 ComputerName: RUE-NB UserName:
14:30:03.594 Initialize success
14:30:38.045 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:30:38.051 Disk 0 Vendor: TOSHIBA_ GT00 Size: 715404MB BusType: 3
14:30:38.066 Disk 0 MBR read successfully
14:30:38.071 Disk 0 MBR scan
14:30:38.076 Disk 0 Windows 7 default MBR code
14:30:38.085 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 399 MB offset 2048
14:30:38.096 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 356974 MB offset 819200
14:30:38.119 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 358030 MB offset 731901952
14:30:38.140 Disk 0 scanning C:\Windows\system32\drivers
14:30:45.801 Service scanning
14:31:14.992 Modules scanning
14:31:15.001 Disk 0 trace - called modules:
14:31:15.043 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
14:31:15.049 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800a338790]
14:31:15.055 3 CLASSPNP.SYS[fffff88001a1743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007e7a050]
14:31:15.061 Scan finished successfully
14:32:37.758 Disk 0 MBR has been saved successfully to "C:\Users\Michael\Desktop\MBR.dat"
14:32:37.762 The log file has been saved successfully to "C:\Users\Michael\Desktop\aswMBR.txt"
14:32:58.694 Disk 0 MBR has been saved successfully to "C:\Users\Michael\Desktop\MBR.dat"
14:32:58.698 The log file has been saved successfully to "C:\Users\Michael\Desktop\aswMBR.txt"

AVG Virenscann
Gesamten Computer scannen
Mittlere Priorität;"9";"9";"0"
Nachrichten;"52";"0";"52"
Ausgewählte Ordner:;"Gesamten Computer scannen"
Gestartet/beendet:;"12.02.2013, 13:45:55 / 12.02.2013, 14:15:08"
Gescannter Objekte:;"2063947"
Benutzer:;"Michael"

Status;"Priorität";"Name";"Beschreibung";"Ergebnis"
Infiziert;"Nachricht";"Kennwortgeschützt";"D:\_WUEROSAVE\_WUEROSAVE\rue\D\Daten\Diplomarbeit_Vorlage_2011\Diplomarbeit_Vorlage_v07_gleiche_seitenraend er.dot";"Infiziert"
Infiziert;"Nachricht";"Enthält Makros";"C:\Users\Michael\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Importierte e95\Speicherordner\Michael\Michael - w fa4\3726426D-00000016.eml";"Infiziert"
Infiziert;"Nachricht";"Enthält Makros";"C:\Users\Michael\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Importierte e95\Speicherordner\Gesendete O d7c\31ED2034-00000278.eml";"Infiziert"
Infiziert;"Nachricht";"Enthält Makros";"D:\G\_ LIMAK\=AUSBILDUNG LIMAK Linz\S80 Master Thesis\Projektplan\90-2011xx-SCRUM-PHB.xlsm";"Infiziert"
Infiziert;"Nachricht";"Enthält Makros";"D:\~Ausbildung[LIMAK, ...]\=AUSBILDUNG LIMAK Linz\S04 Planung neuer Produkte_Produkt u Innovmgmt-Bornholdt 29.-30.4.2011\Hausarbeit\01-20M104 Postbox\01-20M104_Zeitplan.xls";"Infiziert"
Infiziert;"Nachricht";"Enthält Makros";"D:\G\_ LIMAK\7 Literatur\99 LD6\ChangeImpulsLD6.pptm";"Infiziert"
Geheilt;"Mittel";"Tracking cookie.Oewabox gefunden";"C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\Low\NBKUESEW.txt";"In Virenquarantäne verschoben"
Infiziert;"Nachricht";"Enthält Makros";"D:\~Ausbildung[LIMAK, ...]\=AUSBILDUNG LIMAK Linz\S96 Vorlagen\_tabelle vorlage#.xlt";"Infiziert"
Infiziert;"Nachricht";"Enthält Makros";"D:\G\_ LIMAK\=AUSBILDUNG LIMAK Linz\S04 Planung neuer Produkte_Produkt u Innovmgmt-Bornholdt 29.-30.4.2011\Hausarbeit\01-20M104 Postbox\Angebot\Projekt_Aufwandschätzung_v101.xls";"Infiziert"
Geheilt;"Mittel";"Tracking cookie.Ivwbox gefunden";"C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y2MZSWWI.txt";"In Virenquarantäne verschoben"
Infiziert;"Nachricht";"Enthält Makros";"D:\~Ausbildung[LIMAK, ...]\=AUSBILDUNG LIMAK Linz\S04 Planung neuer Produkte_Produkt u Innovmgmt-Bornholdt 29.-30.4.2011\Hausarbeit\01-20M104 Postbox\Angebot\Projekt_Aufwandschätzung_v102.xls";"Infiziert"
Infiziert;"Nachricht";"Enthält Makros";"C:\Program Files\Microsoft Office\Office14\1031\EXPTOOWS.XLA";"Infiziert"
Infiziert;"Nachricht";"Enthält Makros";"D:\$RECYCLE.BIN\S-1-5-21-1047493706-1735402114-1840407707-1001\$RHTXM4N\201112_BusinessValueInDerSoftwareentwicklung\Projektmanagement\90-201112phb.xlsm";"Infiziert"
Infiziert;"Nachricht";"Kennwortgeschützt";"D:\_WUEROSAVE\_WUEROSAVE\rue\D\Daten\Diplomarbeit_Vorlage_2011\Diplomarbeit_Vorlage_v07_mit_Marginalspalte. dot";"Infiziert"
Geheilt;"Mittel";"Tracking cookie.Webtrends gefunden";"C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\ZAJASQFH.txt";"In Virenquarantäne verschoben"
Infiziert;"Nachricht";"Enthält Makros";"D:\G\_ LIMAK\9 Fallstudie - Dokumentation\WÜRO-Fallstudie\201112_BusinessValueInDerSoftwareentwicklung\Projektmanagement\90-201112phb-SicherungVorStatusNeu(mitaktZahlen).xlsm";"Infiziert"
Infiziert;"Nachricht";"Enthält Makros";"D:\G\_ LIMAK\=AUSBILDUNG LIMAK Linz\S04 Planung neuer Produkte_Produkt u Innovmgmt-Bornholdt 29.-30.4.2011\Hausarbeit\01-20M104 Postbox\Angebot\Projekt_Aufwandschätzung_v103c.xls";"Infiziert"
Infiziert;"Nachricht";"Enthält Makros";"D:\~Ausbildung[LIMAK, ...]\=AUSBILDUNG LIMAK Linz\S04 Planung neuer Produkte_Produkt u Innovmgmt-Bornholdt 29.-30.4.2011\Hausarbeit\01-20M104 Postbox\Angebot\Projekt_Aufwandschätzung_v103c.xls";"Infiziert"
Infiziert;"Nachricht";"Enthält Makros";"C:\Users\Michael\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Importierte e95\Speicherordner\Posteingang\Office@RUE.at\31D43A1D-000000C6.eml";"Infiziert"
Infiziert;"Nachricht";"Enthält Makros";"C:\Program Files\Microsoft Office\Office14\Library\Analysis\PROCDB.XLAM";"Infiziert"
Infiziert;"Nachricht";"Enthält Makros";"D:\G\_ LIMAK\=AUSBILDUNG LIMAK Linz\S80 Master Thesis\MT PMMI @work\98 Projektdokumentation\90-201112phb.xlsm";"Infiziert"
Geheilt;"Mittel";"Tracking cookie.Atdmt gefunden";"C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\79HIIYIQ.txt";"In Virenquarantäne verschoben"
Infiziert;"Nachricht";"Enthält Makros";"C:\Users\Michael\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Importierte e95\Speicherordner\Michael\Michael - w fa4\3628422F-00000024.eml";"Infiziert"
Infiziert;"Nachricht";"Enthält Makros";"C:\Users\Michael\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Importierte e95\Speicherordner\Posteingang\MICHAEL@roe 901\0AEB5BB9-00000061.eml";"Infiziert"
Infiziert;"Nachricht";"Enthält Makros";"D:\G\_ LIMAK\=AUSBILDUNG LIMAK Linz\S04 Planung neuer Produkte_Produkt u Innovmgmt-Bornholdt 29.-30.4.2011\Hausarbeit\01-20M104 Postbox\Angebot\Projekt_Aufwandschätzung_v103.xls";"Infiziert"
Infiziert;"Nachricht";"Enthält Makros";"D:\~Ausbildung[LIMAK, ...]\=AUSBILDUNG LIMAK Linz\S80 Master Thesis\Projektplan\90-2011xx-SCRUM-PHB.xlsm";"Infiziert"
Infiziert;"Nachricht";"Enthält Makros";"D:\~Ausbildung[LIMAK, ...]\=AUSBILDUNG LIMAK Linz\S80 Master Thesis\SCRUM Master\Kundenorientierte Produktentwicklung.xls";"Infiziert"
Infiziert;"Nachricht";"Enthält Makros";"C:\Users\Michael\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Importierte e95\Speicherordner\Posteingang\MICHAEL@roe 901\4E2C4C6E-0000004C.eml";"Infiziert"
Infiziert;"Nachricht";"Enthält Makros";"C:\Program Files\Microsoft Office\Office14\Library\Analysis\ATPVBAEN.XLAM";"Infiziert"
Infiziert;"Nachricht";"Enthält Makros";"D:\G\_ LIMAK\7 Literatur\[5] Agile\SCRUM Master\Kundenorientierte Produktentwicklung.xls";"Infiziert"
Infiziert;"Nachricht";"Enthält Makros";"C:\Program Files\Microsoft Office\Office14\Library\Analysis\ATPVBADE.XLAM";"Infiziert"
Infiziert;"Nachricht";"Enthält Makros";"C:\Users\Michael\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Importierte e95\Speicherordner\Posteingang\MICHAEL@roe 901\78284799-00000251.eml";"Infiziert"
Geheilt;"Mittel";"Tracking cookie.Atdmt gefunden";"C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\3RBKUJN9.txt";"In Virenquarantäne verschoben"
Infiziert;"Nachricht";"Enthält Makros";"D:\~Ausbildung[LIMAK, ...]\=AUSBILDUNG LIMAK Linz\S04 Planung neuer Produkte_Produkt u Innovmgmt-Bornholdt 29.-30.4.2011\Hausarbeit\01-20M104 Postbox\Angebot\Projekt_Aufwandschätzung_v103b.xls";"Infiziert"
Geheilt;"Mittel";"Die Datei wurde von einem nicht vertrauenswürdigen Zertifikat signiert, das von Skodna.Bundle.DCA ausgestellt wurde.";"C:\$RECYCLE.BIN\S-1-5-21-1047493706-1735402114-1840407707-1001\$RFB0ED2.exe";"In Virenquarantäne verschoben"
Infiziert;"Nachricht";"Enthält Makros";"D:\G\_ LIMAK\=AUSBILDUNG LIMAK Linz\S04 Planung neuer Produkte_Produkt u Innovmgmt-Bornholdt 29.-30.4.2011\Hausarbeit\01-20M104 Postbox\01-20M104_Zeitplan.xls";"Infiziert"
Infiziert;"Nachricht";"Enthält Makros";"D:\G\_ LIMAK\=AUSBILDUNG LIMAK Linz\S96 Vorlagen\_tabelle vorlage#.xlt";"Infiziert"
Infiziert;"Nachricht";"Enthält Makros";"C:\Users\Michael\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Importierte e95\Speicherordner\Gesendete O d7c\09EE377B-0000030A.eml";"Infiziert"
Infiziert;"Nachricht";"Enthält Makros";"C:\Users\Michael\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Importierte e95\Speicherordner\Gesendete O d7c\19151BCF-000003AC.eml";"Infiziert"
Infiziert;"Nachricht";"Enthält Makros";"D:\G\_ LIMAK\9 Fallstudie - Dokumentation\WÜRO-Fallstudie\201112_BusinessValueInDerSoftwareentwicklung\Projektmanagement\90-201112phb.xlsm";"Infiziert"
Infiziert;"Nachricht";"Enthält Makros";"C:\Users\Michael\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Importierte e95\Speicherordner\Gesendete O d7c\38655028-000000A3.eml";"Infiziert"
Infiziert;"Nachricht";"Enthält Makros";"D:\G\_ LIMAK\=AUSBILDUNG LIMAK Linz\S04 Planung neuer Produkte_Produkt u Innovmgmt-Bornholdt 29.-30.4.2011\Hausarbeit\01-20M104 Postbox\Angebot\Projekt_Aufwandschätzung_v10.xlt";"Infiziert"
Infiziert;"Nachricht";"Enthält Makros";"C:\Users\Michael\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Importierte e95\Speicherordner\Posteingang\MICHAEL@roe 901\2CE51425-00000154.eml";"Infiziert"
Infiziert;"Nachricht";"Kennwortgeschützt";"D:\_WUEROSAVE\rue\D\Daten\Diplomarbeit_Vorlage_2011\Diplomarbeit_Vorlage_v07_gleiche_seitenraender.dot";"In fiziert"
Geheilt;"Mittel";"Tracking cookie.Yieldmanager gefunden";"C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\Low\MMFU00LB.txt";"In Virenquarantäne verschoben"
Geheilt;"Mittel";"Tracking cookie.Liveperson gefunden";"C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\Low\6M5WVH00.txt";"In Virenquarantäne verschoben"
Infiziert;"Nachricht";"Enthält Makros";"C:\Program Files\Microsoft Office\Office14\Library\Analysis\FUNCRES.XLAM";"Infiziert"
Geheilt;"Mittel";"Tracking cookie.Atdmt gefunden";"C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\Low\FNY57MNA.txt";"In Virenquarantäne verschoben"
Infiziert;"Nachricht";"Enthält Makros";"D:\~Ausbildung[LIMAK, ...]\=AUSBILDUNG LIMAK Linz\S04 Planung neuer Produkte_Produkt u Innovmgmt-Bornholdt 29.-30.4.2011\Hausarbeit\01-20M104 Postbox\Angebot\Projekt_Aufwandschätzung_v10.xlt";"Infiziert"
Infiziert;"Nachricht";"Kennwortgeschützt";"D:\_WUEROSAVE\rue\D\Daten\Diplomarbeit_Vorlage_2011\Diplomarbeit_Vorlage_v07_mit_Marginalspalte.dot";"Infiz iert"
Infiziert;"Nachricht";"Enthält Makros";"C:\Program Files\Microsoft Office\Office14\Library\EUROTOOL.XLAM";"Infiziert"
Infiziert;"Nachricht";"Enthält Makros";"C:\Program Files\Microsoft Office\Office14\Library\SOLVER\SOLVER.XLAM";"Infiziert"
Infiziert;"Nachricht";"Enthält Makros";"D:\G\_ LIMAK\=AUSBILDUNG LIMAK Linz\S04 Planung neuer Produkte_Produkt u Innovmgmt-Bornholdt 29.-30.4.2011\Hausarbeit\01-20M104 Postbox\Angebot\Projekt_Aufwandschätzung_v102.xls";"Infiziert"
Infiziert;"Nachricht";"Enthält Makros";"D:\~Ausbildung[LIMAK, ...]\=AUSBILDUNG LIMAK Linz\S04 Planung neuer Produkte_Produkt u Innovmgmt-Bornholdt 29.-30.4.2011\Hausarbeit\01-20M104 Postbox\Angebot\Projekt_Aufwandschätzung_v103.xls";"Infiziert"
Infiziert;"Nachricht";"Enthält Makros";"C:\Users\Michael\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Importierte e95\Speicherordner\Gesendete O d7c\0A0A5CC6-00000052.eml";"Infiziert"
Infiziert;"Nachricht";"Enthält Makros";"D:\$RECYCLE.BIN\S-1-5-21-1047493706-1735402114-1840407707-1001\$RHTXM4N\201112_BusinessValueInDerSoftwareentwicklung\Projektmanagement\90-201112phb-SicherungVorStatusNeu(mitaktZahlen).xlsm";"Infiziert"
Infiziert;"Nachricht";"Enthält Makros";"D:\G\_ LIMAK\=AUSBILDUNG LIMAK Linz\S04 Planung neuer Produkte_Produkt u Innovmgmt-Bornholdt 29.-30.4.2011\Hausarbeit\01-20M104 Postbox\Angebot\Projekt_Aufwandschätzung_v103b.xls";"Infiziert"
Infiziert;"Nachricht";"Enthält Makros";"D:\G\BH\JA2010\JA2010.xls";"Infiziert"
Infiziert;"Nachricht";"Enthält Makros";"D:\~Ausbildung[LIMAK, ...]\=AUSBILDUNG LIMAK Linz\S04 Planung neuer Produkte_Produkt u Innovmgmt-Bornholdt 29.-30.4.2011\Hausarbeit\01-20M104 Postbox\Angebot\Projekt_Aufwandschätzung_v101.xls";"Infiziert"
Infiziert;"Nachricht";"Enthält Makros";"D:\G\=Vorlagen\Priorisierung nach Eisenhower.XLT";"Infiziert"
Infiziert;"Nachricht";"Enthält Makros";"C:\Users\Michael\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Importierte e95\Speicherordner\Posteingang\MICHAEL@roe 901\47A51337-0000004D.eml";"Infiziert"


End of mail
__________________

Alt 12.02.2013, 16:15   #4
M-K-D-B
/// TB-Ausbilder
 
Unerwünschte Verlinkung im Internet-Browser (=> i.trkjmp.com) - scheint - Standard

Unerwünschte Verlinkung im Internet-Browser (=> i.trkjmp.com) - scheint



Servus,


AVG Echtzeitschutz bitte bei jedem Schritt zuvor deaktivieren, da es sonst nur Probleme gibt.



Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).






Schritt 2

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.







Schritt 3
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.







Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von JRT,
  • die Logdatei von ComboFix.

Alt 12.02.2013, 17:05   #5
rmi_1
 
Unerwünschte Verlinkung im Internet-Browser (=> i.trkjmp.com) - scheint - Standard

Unerwünschte Verlinkung im Internet-Browser (=> i.trkjmp.com) - scheint



Hallo Matthias,
hoffe ich klau dir nicht den karneval ;-)

Anbei die 3 Logfiles:
=> Meldung nach dem Neustart ist keine erfolgt.

ADWCleanerAdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.112 - Datei am 12/02/2013 um 17:24:49 erstellt
# Aktualisiert am 10/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Michael - RUE-NB
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Michael\Desktop\adwcleaner0.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk
Gelöscht mit Neustart : C:\Program Files (x86)\Common Files\AVG Secure Search
Ordner Gelöscht : C:\Program Files (x86)\AVG Secure Search
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\SaveByclick
Ordner Gelöscht : C:\Program Files (x86)\SweetIM
Ordner Gelöscht : C:\Program Files (x86)\uTorrentBar_DE
Ordner Gelöscht : C:\Program Files\pdfforge
Ordner Gelöscht : C:\ProgramData\AVG Secure Search
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\InstallMate
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pdfforge
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaveByclick
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\SaveByclick
Ordner Gelöscht : C:\ProgramData\SweetIM
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\Michael\AppData\Local\AVG Secure Search
Ordner Gelöscht : C:\Users\Michael\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\Michael\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc
Ordner Gelöscht : C:\Users\Michael\AppData\LocalLow\AVG Secure Search
Ordner Gelöscht : C:\Users\Michael\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Michael\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Michael\AppData\LocalLow\Softonic
Ordner Gelöscht : C:\Users\Michael\AppData\LocalLow\uTorrentBar_DE
Ordner Gelöscht : C:\Users\Michael\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Michael\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\Michael\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\uTorrentBar_DE
Schlüssel Gelöscht : HKCU\Software\AppDataLow\SProtector
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\AVG Secure Search
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2E61BEA4-D5C3-443E-92B7-672B0E36D5FE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\Software\AVG Secure Search
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\b
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sim-packages
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2851647
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SaveByClick_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SaveByClick_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2E61BEA4-D5C3-443E-92B7-672B0E36D5FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gelöscht : HKLM\Software\SP Global
Schlüssel Gelöscht : HKLM\Software\SProtector
Schlüssel Gelöscht : HKLM\Software\uTorrentBar_DE
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2E61BEA4-D5C3-443E-92B7-672B0E36D5FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A9714F8C-98E5-4D69-A3BB-8FC24D1CC8F6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BDE1D796-E80B-4BC1-8E2E-237CEAC4EDA1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar_DE Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Software
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2851647/ --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?crg=3.1010000&st=18&barid={36165BA9-7584-11E1-9AFD-E89A8FCE73F9} --> hxxp://www.google.com

-\\ Google Chrome v24.0.1312.57

Datei : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.19] : urls_to_restore_on_startup = [ "hxxps://isearch.avg.com/?cid={D18795FC-862A-4372-996F-425B[...]
Gelöscht [l.2088] : urls_to_restore_on_startup = [ "hxxps://isearch.avg.com/?cid={D18795FC-862A-4372-996F-425B28A[...]

*************************

AdwCleaner[S1].txt - [19692 octets] - [12/02/2013 17:24:49]

########## EOF - C:\AdwCleaner[S1].txt - [19753 octets] ##########
         
--- --- ---

JRT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.2 (02.02.2013:2)
OS: Windows 7 Home Premium x64
Ran by Michael on 12.02.2013 at 17:31:07,13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\windows nt\currentversion\windows\\AppInit_DLLs



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\sweetim
Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\speedypc software"
Successfully deleted: [Folder] "C:\Users\Michael\AppData\Roaming\drivercure"
Successfully deleted: [Folder] "C:\Users\Michael\AppData\Roaming\speedypc software"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.02.2013 at 17:37:24,20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Combofix1

Combofix Logfile:
Code:
ATTFilter
ComboFix 13-02-12.01 - Michael 12.02.2013  17:43:26.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.43.1031.18.8174.5891 [GMT 1:00]
ausgeführt von:: c:\users\Michael\Desktop\ComboFix.exe
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Michael\AppData\Local\assembly\tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-01-12 bis 2013-02-12  ))))))))))))))))))))))))))))))
.
.
2013-02-12 16:47 . 2013-02-12 16:47	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-02-12 16:31 . 2013-02-12 16:31	--------	d-----w-	c:\windows\ERUNT
2013-02-12 11:57 . 2013-02-12 12:03	--------	d-----w-	c:\users\Michael\AppData\Local\Avg2013
2013-02-12 11:57 . 2013-02-12 11:57	--------	d-----w-	c:\users\Michael\AppData\Local\MFAData
2013-02-10 22:14 . 2013-02-10 22:14	--------	d-----w-	c:\program files\Enigma Software Group
2013-02-10 22:13 . 2013-02-11 07:32	--------	d-----w-	c:\windows\6B6C4C461B7E4A419E70ACFBB22B1D81.TMP
2013-02-10 22:07 . 2013-02-10 22:07	12872	----a-w-	c:\windows\system32\bootdelete.exe
2013-02-10 21:58 . 2013-02-10 22:07	--------	d-----w-	c:\programdata\HitmanPro
2013-02-10 21:01 . 2013-02-10 21:01	--------	d-----w-	c:\users\Michael\AppData\Roaming\Malwarebytes
2013-02-10 21:01 . 2013-02-10 21:01	--------	d-----w-	c:\programdata\Malwarebytes
2013-02-10 19:07 . 2013-02-10 19:07	--------	d-----w-	c:\users\Michael\AppData\Local\Fabasoft
2013-02-08 21:24 . 2013-01-08 05:32	9161176	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{0A87F664-1329-4AA2-B371-73A630D8D472}\mpengine.dll
2013-01-27 11:35 . 2013-01-27 11:35	--------	d-----w-	c:\programdata\ClickIT
2013-01-27 11:34 . 2013-01-11 10:39	103936	----a-w-	c:\windows\system32\pdfcmon.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-10 08:32 . 2012-04-22 06:20	74096	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-10 08:32 . 2012-04-22 06:20	697712	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-17 00:28 . 2010-11-21 03:27	273840	------w-	c:\windows\system32\MpSigStub.exe
2013-01-15 15:56 . 2012-06-27 17:42	477616	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2013-01-15 15:56 . 2011-08-03 10:38	473520	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-01-10 13:35 . 2012-05-17 08:44	11240	----a-w-	c:\windows\SysWow64\GdScrSv.de.dll
2013-01-09 20:20 . 2011-10-15 19:12	62368	----a-w-	c:\windows\system32\drivers\PktIcpt.sys
2013-01-09 13:52 . 2012-07-20 13:20	1070152	----a-w-	c:\windows\SysWow64\MSCOMCTL.OCX
2013-01-08 21:36 . 2011-10-23 06:04	67599240	----a-w-	c:\windows\system32\MRT.exe
2012-12-16 19:31 . 2011-11-16 18:13	48648	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-12-16 17:11 . 2012-12-28 07:19	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-28 07:19	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-28 07:19	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-28 07:19	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-07 13:20 . 2013-01-08 21:34	441856	----a-w-	c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-08 21:34	2746368	----a-w-	c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-08 21:34	308736	----a-w-	c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-08 21:34	2576384	----a-w-	c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-08 21:34	30720	----a-w-	c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-08 21:34	43520	----a-w-	c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-08 21:34	23552	----a-w-	c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-08 21:34	45568	----a-w-	c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-08 21:34	44544	----a-w-	c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-08 21:34	20480	----a-w-	c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-08 21:34	20480	----a-w-	c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-08 21:34	20480	----a-w-	c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-08 21:34	46592	----a-w-	c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-08 21:34	40960	----a-w-	c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-08 21:34	21504	----a-w-	c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-08 21:34	15360	----a-w-	c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-08 21:34	55296	----a-w-	c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-08 21:34	51712	----a-w-	c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-08 21:34	43520	----a-w-	c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-08 21:34	30720	----a-w-	c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-08 21:34	45568	----a-w-	c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-08 21:34	44544	----a-w-	c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-08 21:34	20480	----a-w-	c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-08 21:34	23552	----a-w-	c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-08 21:34	20480	----a-w-	c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-08 21:34	46592	----a-w-	c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-08 21:34	20480	----a-w-	c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-08 21:34	21504	----a-w-	c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-08 21:34	40960	----a-w-	c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-08 21:34	15360	----a-w-	c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-08 21:34	55296	----a-w-	c:\windows\SysWow64\cero.rs
2012-12-07 10:46 . 2013-01-08 21:34	51712	----a-w-	c:\windows\SysWow64\esrb.rs
2012-12-03 10:29 . 2012-09-07 15:16	48648	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-12-03 10:29 . 2011-12-30 15:15	824144	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-11-30 05:45 . 2013-01-08 21:33	362496	----a-w-	c:\windows\system32\wow64win.dll
2012-11-30 05:45 . 2013-01-08 21:33	243200	----a-w-	c:\windows\system32\wow64.dll
2012-11-30 05:45 . 2013-01-08 21:33	13312	----a-w-	c:\windows\system32\wow64cpu.dll
2012-11-30 05:45 . 2013-01-08 21:33	215040	----a-w-	c:\windows\system32\winsrv.dll
2012-11-30 05:43 . 2013-01-08 21:33	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2012-11-30 05:41 . 2013-01-08 21:33	424448	----a-w-	c:\windows\system32\KernelBase.dll
2012-11-30 05:41 . 2013-01-08 21:33	1161216	----a-w-	c:\windows\system32\kernel32.dll
2012-11-30 05:38 . 2013-01-08 21:33	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 21:33	4608	---ha-w-	c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 21:33	4608	---ha-w-	c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 21:33	4096	---ha-w-	c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 21:33	4096	---ha-w-	c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 21:33	3584	---ha-w-	c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 21:33	3584	---ha-w-	c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 21:33	3584	---ha-w-	c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 21:33	3584	---ha-w-	c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 21:33	3072	---ha-w-	c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 21:33	3072	---ha-w-	c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 21:33	3072	---ha-w-	c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 21:33	3072	---ha-w-	c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 21:33	5120	---ha-w-	c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 21:33	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 21:33	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 21:33	3584	---ha-w-	c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 21:33	3584	---ha-w-	c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 21:33	3584	---ha-w-	c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 21:33	3072	---ha-w-	c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 21:33	3072	---ha-w-	c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 21:33	3072	---ha-w-	c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 21:33	3072	---ha-w-	c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 21:33	3072	---ha-w-	c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 21:33	3072	---ha-w-	c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 21:33	3072	---ha-w-	c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 21:33	3072	---ha-w-	c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 21:33	3072	---ha-w-	c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 04:54 . 2013-01-08 21:33	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2012-11-30 04:53 . 2013-01-08 21:33	274944	----a-w-	c:\windows\SysWow64\KernelBase.dll
2012-11-30 04:45 . 2013-01-08 21:33	4608	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 21:33	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 21:33	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 21:33	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 21:33	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 21:33	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 21:33	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 21:33	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 21:33	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 21:33	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 21:33	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 21:33	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 21:33	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 21:33	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 21:33	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-03 39408]
"TOSDOCKAPP"="c:\program files\TOSHIBA\dynadock_II\TosDockApp.exe" [2010-04-28 264568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2011-06-29 1409424]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-11-29 1294712]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-05-19 136544]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2011-1-13 2749856]
Toshiba Places Icon Utility.lnk - c:\program files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [2011-8-3 1492352]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"Communicator"="c:\program files (x86)\Microsoft Lync\communicator.exe" /fromrunkey
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 G Data RegisterServiceHelper;G Data RegisterServiceHelper;c:\program files (x86)\G Data\InternetSecurity\AVK\UpdatePGM\RegisterService.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-01 250984]
R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys [2011-07-08 307304]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 tmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCTTomato;c:\windows\system32\DRIVERS\tmnsusbser.sys [2010-04-21 124416]
R3 tmusbnet;Wireless Data Device driver for usb ethernet adapter;c:\windows\system32\DRIVERS\tmusbnet.sys [2010-04-20 129024]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-16 1255736]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 47128]
R4 SQLAgent$MSSMLBIZ;SQL Server-Agent (MSSMLBIZ);c:\program files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-11-15 111968]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [2012-03-15 15184]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-02-12 30568]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2012-03-15 8498608]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-03-29 598312]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe [2012-11-22 1522312]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe [2012-11-22 905864]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-11 378472]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-02-10 112080]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-03-02 266680]
S2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2012-08-23 2148216]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 14472]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S2 vToolbarUpdater13.3.2;vToolbarUpdater13.3.2;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe [2013-02-12 894920]
S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-18 42096]
S3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_6.2.37054.0.sys [2012-03-15 17408]
S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [2012-03-15 301904]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-11-08 76912]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-08 38096]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2009-06-15 12800]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-07-01 828856]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [2012-07-04 11880]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - AVGIDSHA
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-02 09:21	1607120	----a-w-	c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 08:32]
.
2013-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03 10:26]
.
2013-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03 10:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2011-02-10 1546720]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Toshiba Registration"="c:\program files\TOSHIBA\Registration\ToshibaReminder.exe" [2011-08-03 150992]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-17 767312]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"TOSDOCKAPP"="c:\program files\TOSHIBA\dynadock_II\TosDockApp.exe" [2010-04-28 264568]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Zu TOSHIBA Bulletin Board hinzufügen - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
Trusted Zone: fabasoft.com\*.folio
TCP: DhcpNameServer = 192.168.1.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
Wow6432Node-HKLM-Run-vProt - c:\program files (x86)\AVG Secure Search\vprot.exe
Toolbar-Locked - (no file)
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
AddRemove-SP_661c9f97 - c:\program files (x86)\SaveByClick\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-02-12  17:51:03
ComboFix-quarantined-files.txt  2013-02-12 16:51
.
Vor Suchlauf: 9 Verzeichnis(se), 295.491.129.344 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 305.925.787.648 Bytes frei
.
- - End Of File - - 120C39FF6A0319405B1D1101C33C1DB8
         
--- --- ---

herzlichen Gruß
Michael


Alt 12.02.2013, 18:23   #6
M-K-D-B
/// TB-Ausbilder
 
Unerwünschte Verlinkung im Internet-Browser (=> i.trkjmp.com) - scheint - Standard

Unerwünschte Verlinkung im Internet-Browser (=> i.trkjmp.com) - scheint



Servus Michael,



Zitat:
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
Hast du das absichtlich installiert?
Kann ich nicht empfehlen.

Wie läuft dein Rechner derzeit?
Erhälst du immer noch unerwünschte Verlinkungen? Wenn ja, in welchem Browser?





Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.
__________________
--> Unerwünschte Verlinkung im Internet-Browser (=> i.trkjmp.com) - scheint

Alt 13.02.2013, 06:05   #7
rmi_1
 
Unerwünschte Verlinkung im Internet-Browser (=> i.trkjmp.com) - scheint - Standard

Unerwünschte Verlinkung im Internet-Browser (=> i.trkjmp.com) - scheint



Hallo Matthias,

Rechner läuft wieder normal - keine unerwünschten Links oder Fenster die aufgehen. DANKE!

Spyhunter ist nicht absichtlich drauf. Als Programm finde ich es auch nicht. Wie kann ich die Registry entfernen?

Hier die Logfiles:

OTLOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 2/13/2013 6:57:22 AM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Michael\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
7.98 Gb Total Physical Memory | 5.49 Gb Available Physical Memory | 68.75% Memory free
15.96 Gb Paging File | 13.04 Gb Available in Paging File | 81.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 348.61 Gb Total Space | 284.47 Gb Free Space | 81.60% Space Free | Partition Type: NTFS
Drive D: | 349.64 Gb Total Space | 321.96 Gb Free Space | 92.08% Space Free | Partition Type: NTFS
Drive M: | 1832.31 Gb Total Space | 1648.03 Gb Free Space | 89.94% Space Free | Partition Type: NTFS
Drive P: | 465.65 Gb Total Space | 180.21 Gb Free Space | 38.70% Space Free | Partition Type: FAT32
Drive S: | 465.65 Gb Total Space | 180.21 Gb Free Space | 38.70% Space Free | Partition Type: FAT32
Drive X: | 1832.31 Gb Total Space | 1648.03 Gb Free Space | 89.94% Space Free | Partition Type: NTFS
Drive Y: | 1832.31 Gb Total Space | 1648.03 Gb Free Space | 89.94% Space Free | Partition Type: NTFS
 
Computer Name: RUE-NB | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Michael\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe ()
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GbR)
PRC - C:\Program Files (x86)\PDF Architect\ConversionService.exe (pdfforge GbR)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - c:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.139\pepflashplayer.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (DisplayLinkService) -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe (DisplayLink Corp.)
SRV:64bit: - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (vToolbarUpdater13.3.2) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (PDF Architect Helper Service) -- C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GbR)
SRV - (PDF Architect Service) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe (pdfforge GbR)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe (AVG)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (NAUpdate) -- c:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (TemproMonitoringService) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (dlkmd) -- C:\Windows\SysNative\drivers\dlkmd.sys (DisplayLink Corp.)
DRV:64bit: - (dlkmdldr) -- C:\Windows\SysNative\drivers\dlkmdldr.sys (DisplayLink Corp.)
DRV:64bit: - (DisplayLinkUsbPort) -- C:\Windows\SysNative\drivers\DisplayLinkUsbPort_6.2.37054.0.sys (hxxp://libusb-win32.sourceforge.net)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\rtsuvstor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (AX88772) -- C:\Windows\SysNative\drivers\ax88772.sys (ASIX Electronics Corp.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (Tosrfusb) -- C:\Windows\SysNative\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (tosrfbd) -- C:\Windows\SysNative\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (Tosrfcom) -- C:\Windows\SysNative\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (tosrfbnp) -- C:\Windows\SysNative\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (Tosrfhid) -- C:\Windows\SysNative\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV:64bit: - (tosrfec) -- C:\Windows\SysNative\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV:64bit: - (TosRfSnd) -- C:\Windows\SysNative\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV:64bit: - (tmnsusbser) -- C:\Windows\SysNative\drivers\tmnsusbser.sys (Wireless Device)
DRV:64bit: - (tmusbnet) -- C:\Windows\SysNative\drivers\tmusbnet.sys (QUALCOMM Incorporated)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (tosrfnds) -- C:\Windows\SysNative\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV:64bit: - (tosporte) -- C:\Windows\SysNative\drivers\tosporte.sys (TOSHIBA Corporation)
DRV:64bit: - (QIOMem) -- C:\Windows\SysNative\drivers\QIOMem.sys (TOSHIBA)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TEUA_deAT453
IE - HKCU\..\SearchScopes\{8351DCCE-536F-47CF-8781-685DA37BBE9D}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647
IE - HKCU\..\SearchScopes\{8BE42563-DE14-4581-A40B-7A4D61863E58}: "URL" = hxxp://at.search.yahoo.com/search?ei=utf-8&fr=chr-greentree_ie&type=827316&ilc=12&p={searchTerms}
IE - HKCU\..\SearchScopes\{EFCFC88D-2AB8-4DD4-B46C-42E95800CE0A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&r=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\FabasoftPluginPU: C:\Users\Michael\AppData\Local\Fabasoft\x86\npfoliopluginpu32.dll (Fabasoft R&D GmbH)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2012/12/03 15:08:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{D5AA91D3-CA07-4379-B0F2-AEC652F5943F}: C:\Users\Michael\AppData\Local\Fabasoft\TB\ [2013/02/10 20:07:36 | 000,000,000 | ---D | M]
 
[2012/08/31 13:41:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions
[2012/08/31 13:41:56 | 000,000,000 | ---D | M] (uTorrentBar_DE) -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
[2012/10/05 11:47:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/28 20:39:06 | 000,031,872 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
 
========== Chrome  ==========
 
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.139\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U39 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Fabasoft Folio Cloud (Enabled) = C:\Users\Michael\AppData\Local\Fabasoft\x86\npfoliopluginpu32.dll
CHR - plugin: Java Deployment Toolkit 6.0.390.4 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TOSDOCKAPP] C:\Program Files\TOSHIBA\dynadock_II\TosDockApp.exe (TOSHIBA)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NBAgent] c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKCU..\Run: [TOSDOCKAPP] C:\Program Files\TOSHIBA\dynadock_II\TosDockApp.exe (TOSHIBA)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9 - Extra Button: Lync-Add-On - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync-Add-On - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fabasoft.com ([*.folio] http in Trusted sites)
O15 - HKCU\..Trusted Domains: fabasoft.com ([*.folio] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7FD5CE88-DAF5-4870-B0BD-D8D429B2ED66}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D705E8D2-6205-4F99-BC15-1C987D15E1B5}: DhcpNameServer = 192.168.123.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E5FD0D3F-C049-4A48-BA0A-C576C92281C0}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/02/10 23:14:46 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/02/13 06:55:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
[2013/02/13 06:49:55 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{026C5C2A-3861-4C10-8743-63FCF9E833F8}
[2013/02/12 18:04:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/02/12 18:03:50 | 000,000,000 | ---D | C] -- C:\ProgramData\SaveByclick
[2013/02/12 17:55:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/02/12 17:51:05 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/02/12 17:42:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/02/12 17:42:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/02/12 17:42:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/02/12 17:42:40 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013/02/12 17:42:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/02/12 17:42:24 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/02/12 17:42:00 | 005,033,736 | R--- | C] (Swearware) -- C:\Users\Michael\Desktop\ComboFix.exe
[2013/02/12 17:31:02 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/02/12 17:30:58 | 000,000,000 | ---D | C] -- C:\JRT
[2013/02/12 17:20:11 | 000,547,275 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Michael\Desktop\JRT.exe
[2013/02/12 14:28:48 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Michael\Desktop\aswMBR.exe
[2013/02/12 13:12:43 | 000,035,192 | ---- | C] (AVG) -- C:\Windows\SysNative\TURegOpt.exe
[2013/02/12 13:12:43 | 000,026,488 | ---- | C] (AVG) -- C:\Windows\SysNative\authuitu.dll
[2013/02/12 13:12:42 | 000,021,880 | ---- | C] (AVG) -- C:\Windows\SysWow64\authuitu.dll
[2013/02/12 13:12:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp
[2013/02/12 13:11:56 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\AVG
[2013/02/12 13:11:29 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG
[2013/02/12 13:11:26 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
[2013/02/12 13:11:15 | 058,674,136 | ---- | C] (AVG) -- C:\Users\Michael\Desktop\avg_tuh_stf_all_2013_2_24c28.exe
[2013/02/12 13:02:07 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\AVG2013
[2013/02/12 13:01:00 | 000,030,568 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/02/12 13:00:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2013/02/12 13:00:13 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013/02/12 13:00:12 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2013/02/12 12:59:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2013/02/12 12:57:20 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\MFAData
[2013/02/12 12:57:20 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/02/12 12:57:20 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Avg2013
[2013/02/12 12:33:18 | 139,877,760 | ---- | C] (AVG Technologies) -- C:\Users\Michael\Desktop\avg_free_x64_all_2013_2897a6066.exe
[2013/02/12 11:20:57 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{3335FF7D-17B0-4DAF-8384-3D6BAAAFE2B1}
[2013/02/11 09:32:40 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{CA0D8AE8-37DB-456B-A37F-A3D6C1F6B85E}
[2013/02/10 23:14:04 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/02/10 23:07:13 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2013/02/10 22:58:34 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/02/10 22:01:50 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Malwarebytes
[2013/02/10 22:01:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/02/10 21:32:14 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{183E8F79-2254-4E4A-A430-14D04C78066A}
[2013/02/10 20:07:35 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fabasoft Folio Cloud
[2013/02/10 20:07:35 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Fabasoft
[2013/02/10 09:31:49 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{BCB2D23A-00D6-4E92-B93B-B54BD0C69CE5}
[2013/02/09 14:02:24 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{F2690EA8-0DAE-4ADC-A609-8EE5B1C65423}
[2013/02/08 22:12:40 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{EDCF84F7-184C-413D-ABBB-72A0D0A491DE}
[2013/02/04 19:14:36 | 000,158,128 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2013/02/04 19:14:36 | 000,149,936 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2013/02/04 19:14:36 | 000,149,936 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2013/02/04 19:12:23 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{588F2DC6-B139-47E0-A424-37263405EFCA}
[2013/02/02 10:18:57 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{E19461DF-A630-4C9E-A201-CF404292DBEB}
[2013/01/29 18:05:14 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{BAA83309-3D5E-4012-84E9-BD60E6144EBF}
[2013/01/28 19:35:37 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{AED9DC08-C1DD-403A-8355-98E86C312FB9}
[2013/01/27 20:52:04 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{7723344A-67F3-47E7-B6FE-F2FC613422FC}
[2013/01/27 12:35:20 | 000,000,000 | ---D | C] -- C:\ProgramData\ClickIT
[2013/01/27 12:34:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2013/01/27 12:34:39 | 000,103,936 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll
[2013/01/27 11:04:46 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{905E6062-79FF-4746-AA43-659AFC27ED92}
[2013/01/25 20:14:12 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{E70C579D-230C-4B6F-974F-BCF4FE4732DB}
[2013/01/24 20:35:20 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{D151F9F1-DF53-4A4C-A98A-CFA010C982F6}
[2013/01/23 06:54:24 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{3FA70619-FC5C-432E-946B-875B38744114}
[2013/01/22 17:26:59 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{F6659662-F913-4CD5-80BF-C10C2B6DE64C}
[2013/01/21 22:40:35 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{7A858509-91CD-444E-8FF8-5D796CE57D43}
[2013/01/20 20:27:53 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{6DF1C1B1-34AC-4264-9436-9D260CE183C6}
[2013/01/20 08:28:06 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{BD2AA843-70DD-4704-92B4-CBC8F143B292}
[2013/01/19 09:29:01 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{5BA0B454-D0F2-4A81-9EC8-7F98C6BB467F}
[2013/01/18 14:57:46 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{F5BD3619-A1DC-42FB-8B21-298EBACE2B47}
[2013/01/17 21:35:48 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{2590C8D3-9E55-44E6-85AD-217D468B3B35}
[2013/01/16 19:00:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{D053E6E1-4D84-4A9F-A29F-5885BCF9A637}
[2013/01/15 18:30:28 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{586635A7-6C32-43A8-834F-A85CAD78F6D4}
[2013/01/14 21:04:17 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{A281ED48-D24E-4CC1-8D99-70DDA6BC534F}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/02/13 06:55:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
[2013/02/13 06:53:12 | 000,025,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/13 06:53:12 | 000,025,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/13 06:46:21 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/13 06:45:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/13 06:45:36 | 2133,217,279 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/12 18:04:34 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/02/12 18:02:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/12 17:33:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/12 17:25:07 | 000,000,121 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/02/12 17:20:47 | 005,033,736 | R--- | M] (Swearware) -- C:\Users\Michael\Desktop\ComboFix.exe
[2013/02/12 17:20:07 | 000,547,275 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Michael\Desktop\JRT.exe
[2013/02/12 17:18:20 | 000,587,671 | ---- | M] () -- C:\Users\Michael\Desktop\adwcleaner0.exe
[2013/02/12 14:28:44 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Michael\Desktop\aswMBR.exe
[2013/02/12 14:24:43 | 000,050,477 | ---- | M] () -- C:\Users\Michael\Desktop\Defogger.exe
[2013/02/12 13:12:20 | 000,002,196 | ---- | M] () -- C:\Users\Public\Desktop\AVG 1-Klick-Wartung.lnk
[2013/02/12 13:12:20 | 000,002,154 | ---- | M] () -- C:\Users\Public\Desktop\AVG PC TuneUp.lnk
[2013/02/12 13:11:11 | 058,674,136 | ---- | M] (AVG) -- C:\Users\Michael\Desktop\avg_tuh_stf_all_2013_2_24c28.exe
[2013/02/12 13:00:55 | 000,030,568 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/02/12 12:33:10 | 139,877,760 | ---- | M] (AVG Technologies) -- C:\Users\Michael\Desktop\avg_free_x64_all_2013_2897a6066.exe
[2013/02/12 11:26:38 | 000,976,900 | ---- | M] () -- C:\Windows\SysWow64\sig.bin
[2013/02/12 11:26:38 | 000,051,982 | ---- | M] () -- C:\Windows\SysWow64\nmp.map
[2013/02/11 11:00:40 | 934,777,670 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/02/11 10:25:09 | 000,000,000 | ---- | M] () -- C:\Users\Michael\defogger_reenable
[2013/02/10 23:14:46 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013/02/10 23:07:13 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2013/02/10 20:07:40 | 000,002,138 | ---- | M] () -- C:\Users\Michael\Desktop\Fabasoft Folio Cloud.lnk
[2013/02/10 09:32:06 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/02/10 09:32:06 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/02/02 10:22:28 | 000,002,150 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/01/29 18:07:05 | 001,681,684 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/29 18:07:05 | 000,719,712 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013/01/29 18:07:05 | 000,681,554 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/29 18:07:05 | 000,154,482 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013/01/29 18:07:05 | 000,130,864 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/27 12:34:48 | 000,001,002 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2013/01/15 16:56:10 | 000,477,616 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll
[2013/01/15 16:56:07 | 000,473,520 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2013/01/15 16:53:05 | 000,158,128 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2013/01/15 16:53:01 | 000,149,936 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2013/01/15 16:52:55 | 000,149,936 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/02/12 17:42:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/02/12 17:42:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/02/12 17:42:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/02/12 17:42:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/02/12 17:42:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/02/12 17:25:02 | 000,000,121 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/02/12 17:19:00 | 000,587,671 | ---- | C] () -- C:\Users\Michael\Desktop\adwcleaner0.exe
[2013/02/12 14:24:56 | 000,050,477 | ---- | C] () -- C:\Users\Michael\Desktop\Defogger.exe
[2013/02/12 13:12:20 | 000,002,196 | ---- | C] () -- C:\Users\Public\Desktop\AVG 1-Klick-Wartung.lnk
[2013/02/12 13:12:20 | 000,002,154 | ---- | C] () -- C:\Users\Public\Desktop\AVG PC TuneUp.lnk
[2013/02/12 13:12:19 | 000,002,166 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk
[2013/02/12 13:01:11 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/02/11 11:00:40 | 934,777,670 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/02/11 10:25:09 | 000,000,000 | ---- | C] () -- C:\Users\Michael\defogger_reenable
[2013/02/10 23:14:46 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013/01/27 12:34:48 | 000,001,002 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2013/01/18 22:25:52 | 000,002,138 | ---- | C] () -- C:\Users\Michael\Desktop\Fabasoft Folio Cloud.lnk
[2012/12/11 14:22:20 | 000,001,199 | ---- | C] () -- C:\Users\Michael\AppData\Local\recently-used.xbel
[2012/10/21 17:12:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd9.dll
[2012/10/21 17:12:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd11.dll
[2012/10/21 17:12:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd10.dll
[2012/07/20 14:20:54 | 000,704,512 | ---- | C] () -- C:\Windows\is-NNKFJ.exe
[2012/07/06 09:52:36 | 000,782,336 | ---- | C] () -- C:\Windows\SysWow64\lxdxdrs.dll
[2012/07/06 09:52:36 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxdxcaps.dll
[2012/07/06 09:52:36 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxdxcnv4.dll
[2012/01/21 19:34:42 | 000,002,269 | ---- | C] () -- C:\Users\Michael\.powerupdate.user.properties
[2011/11/17 23:55:17 | 004,458,034 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/23 06:46:40 | 000,976,900 | ---- | C] () -- C:\Windows\SysWow64\sig.bin
[2011/09/08 22:47:02 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
--- --- ---


ExtrasOTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 2/13/2013 6:57:23 AM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Michael\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
7.98 Gb Total Physical Memory | 5.49 Gb Available Physical Memory | 68.75% Memory free
15.96 Gb Paging File | 13.04 Gb Available in Paging File | 81.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 348.61 Gb Total Space | 284.47 Gb Free Space | 81.60% Space Free | Partition Type: NTFS
Drive D: | 349.64 Gb Total Space | 321.96 Gb Free Space | 92.08% Space Free | Partition Type: NTFS
Drive M: | 1832.31 Gb Total Space | 1648.03 Gb Free Space | 89.94% Space Free | Partition Type: NTFS
Drive P: | 465.65 Gb Total Space | 180.21 Gb Free Space | 38.70% Space Free | Partition Type: FAT32
Drive S: | 465.65 Gb Total Space | 180.21 Gb Free Space | 38.70% Space Free | Partition Type: FAT32
Drive X: | 1832.31 Gb Total Space | 1648.03 Gb Free Space | 89.94% Space Free | Partition Type: NTFS
Drive Y: | 1832.31 Gb Total Space | 1648.03 Gb Free Space | 89.94% Space Free | Partition Type: NTFS
 
Computer Name: RUE-NB | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07F82A86-D5BE-4C74-ABBB-3E6C9C82B2B7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{173CECCC-FDDF-4F5A-AA17-C386E8049BAB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{17FC503D-0D71-4E98-997B-D8DF4C60F0C3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1C294717-176C-4F6C-9332-1A83E5E712FF}" = rport=139 | protocol=6 | dir=out | app=system | 
"{28957D44-A4A1-4818-9158-AC1B2AA5B862}" = rport=445 | protocol=6 | dir=out | app=system | 
"{2CB27F1D-D37A-47D2-B05C-E6F74D296999}" = lport=137 | protocol=17 | dir=in | app=system | 
"{35CC1B71-E053-4DFC-AA32-9F4A469D8B3A}" = lport=138 | protocol=17 | dir=in | app=system | 
"{3640D257-B293-4A84-9007-2A53F8C76046}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4A43C8C4-2115-49EF-B3B2-44154B64F16C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{4C223F37-92A2-4C5E-9C89-7FDFBE2C5663}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4F80E422-ED75-4940-BF89-AE1A24B22BB8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{573D86CB-14D0-46F1-AB28-0A5A2B9B1FBE}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6233F4B0-66B4-49AC-B8D1-84BE81BD4A77}" = lport=445 | protocol=6 | dir=in | app=system | 
"{69299BC5-67DD-4A2D-AF9B-15A7B68269DB}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{6F4A0B58-5447-4573-980F-B9BFBE0893CC}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{738168DF-200B-478B-961C-C0438BE59DA7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8A989316-B153-4A78-AE01-D9733AE4555C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{913BBF36-3DC7-442A-A89B-5B8AE0E2D0E8}" = rport=138 | protocol=17 | dir=out | app=system | 
"{AB443B6C-B3EC-4285-AD46-E7553E88539B}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{AC1A4745-A7FC-4A98-8301-8C64EB658A95}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{B17F3024-2167-4E84-BE37-1A26EE1B452D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B2791544-7D9E-4B36-BAD6-7FF4154B9190}" = rport=137 | protocol=17 | dir=out | app=system | 
"{B49066DC-43D1-499E-A439-BE76B73C6FBB}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{C9ABE2CB-91B9-4182-A617-F6143DDA6157}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{EE7C493C-D0BF-4344-B01F-4D9A07BB3678}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F322EB4A-CBF9-4D1B-95D7-4C7D59A1CC08}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02FBE5D5-7B06-4C58-8708-98ECE8CBECE1}" = protocol=6 | dir=out | app=system | 
"{05D792D9-5A2E-485D-8F53-DA08C3E3B618}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{0F4E999A-7EE6-4A66-8EA1-B1878087C022}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{133B49D1-7960-4070-9FD9-EFCCF5F0E8B0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{1B5B9BC0-50DD-47AF-A931-CAEC71E19174}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{2905BB4F-FAB1-42F3-94A6-1AEAB82A66CE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{296BABEF-A4A8-4061-BFE2-2169367EF3B5}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{29A004A2-E9C8-404D-A2D0-29C1E32C463E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2A287535-08A1-4D54-9BF1-85B6BD767819}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{2E02F64F-9907-44DC-9E7A-1DA5445C38B0}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{32799E7B-4257-4250-8FB3-DD577B29BD5B}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{355D5D7B-559A-420B-9411-F8F1963EA73F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{45919AF9-85CA-4F63-8BAB-A7FAFD68BF9D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"{45A44A51-B296-41D0-98CB-3CF3A956D886}" = dir=in | app=c:\program files\microsoft lync\ucmapi64.exe | 
"{4BA82A32-1A41-4295-8DF3-DBCB04E3E105}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{4C6956E5-2BB7-498B-9F10-1538B4BEB8DD}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{4C9DF8AC-330E-4B81-848C-9A3875945F72}" = dir=in | app=c:\program files (x86)\microsoft lync\communicator.exe | 
"{4E3DF5CE-616E-45D1-BD18-90A48FB2F05E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5497B918-0F0B-4D33-82F1-A6D07E0107D8}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"{56ADBFAF-18C3-4FC5-BCC8-73A2907C87E2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{6DBEFD12-8073-4DB0-B81E-D16567F378C3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{70FDBC7F-30A0-4B7C-803B-89CFA14EE32F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{76D029C7-B9DA-45B1-BD87-A881352EEB91}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7B680332-7D29-4907-8EAE-85723C2D4F41}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8AFC65CC-9E4B-4DD4-A0D4-31A277705464}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8E7EE989-F623-479F-8F18-BAF66E2FC3D9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{924A25BE-E2D8-4BE1-A88F-654D6F290867}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{9F234057-21C4-4CEF-BCEE-E1BC586E1C64}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A0449FEE-1C53-4232-8C0D-B849AB6FC176}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{A0EC4D5F-0A08-4D40-8442-DFFAF4594DD8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{A1A92121-CB95-4A5B-8F05-C947D4E1F9F4}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{A2E6CEA9-C2FB-4593-A891-C0FEF0C7318C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{A5DBE9B3-1E91-41A1-9F08-8B3A03C25F65}" = dir=in | app=c:\program files (x86)\microsoft lync\ucmapi.exe | 
"{A645C650-DD35-4D85-9EE3-29AC4C5D1017}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AD39B4C1-1574-4497-8D7B-0A2FADE234B6}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"{B00111F0-14B4-4AEA-A3EA-D1224B060BF7}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{B33F732F-3EA6-4FF6-AC15-FAB0560685E7}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{B49C1E1B-5F43-4D52-A3F7-247C64975009}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{BAED5414-BF68-44BF-B799-EC85353DA3B3}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{BD4548BD-737D-4AA8-AD62-C31A7E908971}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{C6AB2422-BDD1-4FB9-8B5C-77ACBB7E1F24}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D21007FA-A12F-4FB2-AC9B-9C774E03B431}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D64C6FB4-D6CD-4BE9-A435-21632714D6C6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{DA9A688D-0876-4910-8812-C12D72F2B727}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{DCD4603C-E8B8-4C52-BB99-F68391FE916E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{DF42E7EF-65D0-438E-92FB-CB1C66D9C272}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{E291E219-EE1A-4FF1-A377-328C39A656E1}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{E2973E74-FACB-4524-87BE-C848321BB87B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"{E70149E9-E3E6-4C60-84FE-C1374552E71D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{E783EE53-FD5B-424D-A7B2-873115AB26A9}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{F6A59F01-147D-4B4E-9389-463FEEECB1FD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FE03331C-8F0D-4000-8FCD-7FF073F18090}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"TCP Query User{DA408810-FD76-48B8-BC6B-198168E09FEC}C:\program files (x86)\freecom network storage assistant\fnsa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\freecom network storage assistant\fnsa.exe | 
"UDP Query User{EC0A384F-8133-4B71-BC9E-10E7DB125F16}C:\program files (x86)\freecom network storage assistant\fnsa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\freecom network storage assistant\fnsa.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00120495-F25C-4F44-9DC7-2D812D025DBA}" = pdfforge Images2PDF 0.9.2.546
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0F5176B2-9AEF-490B-AEE6-C9B9367A733A}" = TOSHIBA dynadock
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series" = Canon MP640 series MP Drivers
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{22D8AE6F-3C6B-47E8-8F04-629F23DBE978}" = iTunes
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer
"{29F41953-2103-4EF2-8328-AD0EA7480D80}" = Business Contact Manager for Microsoft Outlook 2010
"{43DBC64B-3DD1-47E2-8788-D3C3B110C574}" = TOSHIBA Bulletin Board
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{502275B0-3DA3-44D8-8702-066525CAAE98}" = AVG 2013
"{58A013B1-1613-4978-881A-FCA43710C84A}" = Microsoft Lync 2010
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{65486209-5C54-439C-8383-8AC9BBE25932}" = Atheros Bluetooth Filter Driver Package
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{66D49E58-C219-48AB-9EF8-D38B5B0303FD}" = dynadock Utility_II
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7AAB51FE-5167-11DE-82D8-B27D56D89593}" = Microsoft® Office Language Pack 2010 – Deutsch (Business Contact Manager für Microsoft Outlook 2010)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8325FD0C-2FDB-46C3-921A-3A78385EA972}" = Microsoft SQL Server 2008 Native Client
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89019C7F-1F8C-4F95-90AD-45E5B5D783A3}" = DisplayLink Core Software
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUSR_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{94E73F8B-D22E-4241-8E85-542CE45965C6}" = DisplayLink Graphics
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 268.57
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 268.57
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 268.57
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0B1EF66-24AF-42B6-A05D-6C8D0B52CD90}" = SaveByClick
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{D9B7744C-1C39-49B8-86B3-F930631B4FE2}" = AVG 2013
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"AVG" = AVG 2013
"Business Contact Manager" = Business Contact Manager für Microsoft Outlook 2010
"CNXT_AUDIO_HDA" = Conexant HD Audio
"IHMC CmapTools v5.04.02" = IHMC CmapTools v5.04.02
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.2
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{02FCAA8F-59D3-4198-822E-135C61EE4F0B}" = NeroKwikMedia Help (CHM)
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B4DB8FF-9112-4B51-9629-0E4EE3F73646}" = MAGIX Web Designer 7
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}" = Nero Kwik Media
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2063D199-D79F-471A-9019-9E647296394D}" = Nero Multimedia Suite 10 Essentials
"{2290A680-4083-410A-ADCC-7092C67FC052}" = TOSHIBA Online Product Information
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 39
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2C303EE0-A595-3543-A71A-931C7AC40EDE}" = Microsoft Primary Interoperability Assemblies 2005
"{30B41B7A-3C9D-44DE-A7A1-949011F33CC3}" = PDF Architect
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{44EDD50C-8366-4F9E-AF69-4AEA96C63604}" = NodeXL Excel Template
"{461F6F0D-7173-4902-9604-AB1A29108AF2}" = TOSHIBA Places Icon Utility
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58CB9A9A-1EFB-4EA8-B50C-3097E754AC21}" = High-Definition Video Playback
"{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services
"{620DA0EB-574D-45B5-B3E9-B85AECA41D59}" = AX88772A & AX88772 Windows 7 Drivers
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{64FB093C-05F6-4E35-81AE-18871BFDFD6B}" = MAGIX Web Designer 7 Update
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{742D41A9-B3BF-3A65-806E-F8372FB3E492}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5 Language Pack - deu
"{7451FD2D-1A23-4E67-92CD-8EDDD1846917}" = AVG PC TuneUp Language Pack (de-DE)
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{8019BE7F-EF83-4637-8DBF-26669B042662}" = Fabasoft Folio Cloud Plug-in
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{877B3198-1C6B-4A9A-8D28-BE4F6040987F}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup 
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A6D9D7A-D8CD-444E-869D-D08AB3A1222E}" = AHR Sudoku 4.1
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.5) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CDADE9BC-612C-42B8-B929-5C6A823E7FF9}" = TOSHIBA Wireless LAN Indicator
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}" = AVG PC TuneUp
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D5AEEAA2-184E-4A2A-BAA3-6225EA4B9516}" = TOSHIBA ConfigFree
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F082CB11-4794-4259-99A1-D91BA762AD15}" = TOSHIBA TEMPRO
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AVG PC TuneUp" = AVG PC TuneUp
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Canon MP640 series Benutzerregistrierung" = Canon MP640 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"FormatFactory" = FormatFactory 2.95
"Freecom Network Storage Assistant_is1" = Freecom Network Storage Assistant 1.65
"Google Chrome" = Google Chrome
"Greenshot_is1" = Greenshot
"Inkscape" = Inkscape 0.48.3.1
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{43DBC64B-3DD1-47E2-8788-D3C3B110C574}" = TOSHIBA Bulletin Board
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{620DA0EB-574D-45B5-B3E9-B85AECA41D59}" = AX88772A & AX88772 Windows 7 Drivers
"InstallShield_{66D49E58-C219-48AB-9EF8-D38B5B0303FD}" = dynadock Utility_II
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"MAGIX_MSI_Web_Designer_7" = MAGIX Web Designer 7
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"QNAP_FINDER" = QNAP Finder
"SP_661c9f97" = 
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"A2A7126BA7857147B5479C468004F2803713BF1A" = Smrf.NodeXL.ExcelTemplate
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 2/12/2013 12:56:45 PM | Computer Name = rue-nb | Source = WinMgmt | ID = 10
Description = 
 
Error - 2/13/2013 1:46:38 AM | Computer Name = rue-nb | Source = MsiInstaller | ID = 11609
Description = 
 
Error - 2/13/2013 1:47:01 AM | Computer Name = rue-nb | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 2/12/2013 12:45:31 PM | Computer Name = rue-nb | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 2/12/2013 12:49:34 PM | Computer Name = rue-nb | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 2/12/2013 12:54:19 PM | Computer Name = rue-nb | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 2/12/2013 12:55:34 PM | Computer Name = rue-nb | Source = Service Control Manager | ID = 7003
Description = Der Dienst "G Data RegisterServiceHelper" ist von folgendem Dienst
 abhängig: AVKService. Dieser Dienst ist eventuell nicht installiert.
 
Error - 2/12/2013 12:55:36 PM | Computer Name = rue-nb | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 2/12/2013 12:55:40 PM | Computer Name = rue-nb | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 2/12/2013 1:30:41 PM | Computer Name = rue-nb | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 2/13/2013 1:45:53 AM | Computer Name = rue-nb | Source = Service Control Manager | ID = 7003
Description = Der Dienst "G Data RegisterServiceHelper" ist von folgendem Dienst
 abhängig: AVKService. Dieser Dienst ist eventuell nicht installiert.
 
Error - 2/13/2013 1:45:56 AM | Computer Name = rue-nb | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 2/13/2013 1:45:59 AM | Computer Name = rue-nb | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
 
< End of report >
         
--- --- ---

Gruß
Michael

Alt 13.02.2013, 09:37   #8
M-K-D-B
/// TB-Ausbilder
 
Unerwünschte Verlinkung im Internet-Browser (=> i.trkjmp.com) - scheint - Standard

Unerwünschte Verlinkung im Internet-Browser (=> i.trkjmp.com) - scheint



Servus,



wir suchen jetzt noch nach Resten von SpyHunter und Adware.


AVG bitte vorher wieder deaktivieren.



Lade SystemLook von jpshortstuff vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop.
SystemLook (64 bit)
  • Doppelklicke auf die SystemLook_x64.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
    Code:
    ATTFilter
    :filefind
    *Conduit*
    *SaveByclick*
    *SweetIM*
    *uTorrentBar_DE*
    *Babylon*
    *PriceGong*
    *Softonic*
    *OpenCandy*
    *Enigma Software Group*
    *SpyHunter*
    *trkjmp.com*
    
    :folderfind
    *Conduit*
    *SaveByclick*
    *SweetIM*
    *uTorrentBar_DE*
    *Babylon*
    *PriceGong*
    *Softonic*
    *OpenCandy*
    *Enigma Software Group*
    *SpyHunter*
    *trkjmp.com*
    
    :regfind
    Conduit
    SaveByclick
    SweetIM
    uTorrentBar_DE
    Babylon
    PriceGong
    Softonic
    OpenCandy
    Enigma Software Group
    SpyHunter
    trkjmp.com
             
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.

Alt 13.02.2013, 20:49   #9
rmi_1
 
Unerwünschte Verlinkung im Internet-Browser (=> i.trkjmp.com) - scheint - Standard

Unerwünschte Verlinkung im Internet-Browser (=> i.trkjmp.com) - scheint



Hallo Matthias,
anbei der Logfile.
(Hinweis in eigener Sache: bin bis Freitag Abend auf aussendienst u. schau dann wieder rein.)

Systemlook

SystemLook 30.07.11 by jpshortstuff
Log created at 21:42 on 13/02/2013 by Michael
Administrator - Elevation successful

========== filefind ==========

Searching for "*Conduit*"
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll --a---- 1206160 bytes [22:32 09/08/2012] [22:32 09/08/2012] 309B2B1B22EE841E49F62C7A6FB55E46
C:\Users\Michael\AppData\Local\Microsoft\Internet Explorer\DOMStore\1HV49RJS\cap1.conduit-apps[1].xml --a---- 13 bytes [10:47 05/10/2012] [10:47 05/10/2012] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0IWDSFKU\appsmetadata_toolbar_conduit-services_com[1].txt --a---- 1240 bytes [19:27 10/02/2013] [19:27 10/02/2013] 1729A46863A49F4299324E308307A4B9
C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0IWDSFKU\conduit[1].jpg --a---- 1230 bytes [14:14 04/09/2012] [14:14 04/09/2012] 97E5266847EC4DB0B68D96696C036333
C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0IWDSFKU\contextmenu_toolbar_conduit-services_com[1].xml --a---- 6691 bytes [19:27 10/02/2013] [19:27 10/02/2013] 22C13F28D75B95B054B566E3EFD671B6
C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0IWDSFKU\contextmenu_toolbar_conduit-services_com[4].xml --a---- 7158 bytes [09:14 13/12/2012] [09:14 13/12/2012] 975C952D94CC90E3174437C36DD068BF
C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0IWDSFKU\translation_toolbar_conduit-services_com[2].txt --a---- 108655 bytes [19:27 10/02/2013] [19:27 10/02/2013] 8A098F5F3149364F0BAC3E55CFE580CE
C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O0778EUV\search_conduit_com[2].htm --a---- 7943 bytes [19:27 10/02/2013] [19:27 10/02/2013] CE72B1AB167B910018582111C8C4E485
C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RJQSW2JO\contextmenu_toolbar_conduit-services_com[1].xml --a---- 5623 bytes [19:49 20/12/2012] [19:49 20/12/2012] AE2FA3846DCCDD15EB1FAE1437F7076F
C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RJQSW2JO\contextmenu_toolbar_conduit-services_com[2].xml --a---- 5624 bytes [19:27 10/02/2013] [19:27 10/02/2013] 008A9ED67B706E1C56569441ADD9BB72
C:\Users\Michael\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\ZPYX25A3\cap1.conduit-apps[1].xml --a---- 13 bytes [14:14 04/09/2012] [14:14 04/09/2012] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\ConduitAbstractionLayer.js ------- 30362 bytes [12:41 31/08/2012] [19:09 27/08/2012] 3A48E45ABF3AA24C74640AFA9EDB7B14
C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\aboutBox\images\conduit-logo-OLD.png ------- 1305 bytes [12:41 31/08/2012] [19:09 27/08/2012] 5F8EF9A0B050532B90B2645E9627E3F9
C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\aboutBox\images\conduit-logo.png ------- 3926 bytes [12:41 31/08/2012] [19:09 27/08/2012] 04EC2FEFD3A417F86E983508778A00DD
C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\skin\conduitToolBarStyle.css ------- 3 bytes [12:41 31/08/2012] [19:09 27/08/2012] ECAA88F7FA0BF610A5A26CF545DCD3AA
C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\lib\log4conduit.jsm ------- 760 bytes [12:41 31/08/2012] [19:09 27/08/2012] 93898FE6A232C5FCD838D8168F65D802

Searching for "*SaveByclick*"
No files found.

Searching for "*SweetIM*"
C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RJQSW2JO\home_sweetim_com[1].htm --a---- 4863 bytes [09:52 22/04/2012] [09:52 22/04/2012] F05798B52A9A857AC5321D69C4F0158A

Searching for "*uTorrentBar_DE*"
No files found.

Searching for "*Babylon*"
C:\Program Files (x86)\~BabylonToolbar\~BabylonToolbar\~BabylonTB.xpi --a---- 48639 bytes [09:24 29/04/2012] [10:36 06/12/2011] 9C755237A70E9AE8047EA9D2A08D5B9B
C:\Program Files (x86)\~BabylonToolbar\~BabylonToolbar\~1.5.3.17\~BabylonToolbarApp.dll --a---- 330240 bytes [15:05 02/08/2011] [15:05 02/08/2011] 0D3C94D4405B18DD0F5FA45C2F1E6E47
C:\Program Files (x86)\~BabylonToolbar\~BabylonToolbar\~1.5.3.17\~BabylonToolbarEng.dll --a---- 539648 bytes [15:04 02/08/2011] [15:04 02/08/2011] 9E333A83F65F010BAE4B958E71775C15
C:\Program Files (x86)\~BabylonToolbar\~BabylonToolbar\~1.5.3.17\~BabylonToolbarsrv.exe --a---- 347648 bytes [15:06 02/08/2011] [15:06 02/08/2011] 1EABCD6054C6E728E8DA3F2321FC29D3
C:\Program Files (x86)\~BabylonToolbar\~BabylonToolbar\~1.5.3.17\~BabylonToolbarTlbr.dll --a---- 237680 bytes [12:23 14/08/2011] [12:23 14/08/2011] 034C197E79D7233BD04BFAC1710CB988
C:\Program Files (x86)\~BabylonToolbar\~BabylonToolbar\~1.5.3.17\~bh\~BabylonToolbar.dll --a---- 270960 bytes [12:24 14/08/2011] [12:24 14/08/2011] C471B1EEF9DF1C55B5261006CE04E11F
C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O0778EUV\search_babylon_com[1].htm --a---- 4752 bytes [19:27 08/07/2012] [19:27 08/07/2012] 23A7993A84A3FE6D54D609BA1582253F

Searching for "*PriceGong*"
No files found.

Searching for "*Softonic*"
C:\Users\Michael\AppData\Local\Microsoft\Internet Explorer\DOMStore\7KE1L4SE\search.softonic[1].xml --a---- 13 bytes [10:47 05/10/2012] [10:47 05/10/2012] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O0778EUV\softonic[1].gif --a---- 606 bytes [14:14 04/09/2012] [14:14 04/09/2012] 2A1D4FB45F62D3D260F2134228FAB05E
C:\Users\Michael\Downloads\SoftonicDownloader_fuer_microsoft-acrylic.exe --a---- 373456 bytes [10:45 05/10/2012] [10:45 05/10/2012] 94C58FDA59D2CA89C9140DA1BA005BBA

Searching for "*OpenCandy*"
No files found.

Searching for "*Enigma Software Group*"
No files found.

Searching for "*SpyHunter*"
C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130210_231423.log --a---- 177078 bytes [22:14 10/02/2013] [07:26 11/02/2013] 0AA4F0FC963BEB14E45D76EF7E6B040D
C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130211_082806.log --a---- 21572 bytes [07:28 11/02/2013] [09:06 11/02/2013] DF5C4A60253108A198CAF6FEBA81C18E

Searching for "*trkjmp.com*"
No files found.

========== folderfind ==========

Searching for "*Conduit*"
No folders found.

Searching for "*SaveByclick*"
C:\ProgramData\SaveByclick d------ [17:03 12/02/2013]
C:\Users\All Users\SaveByclick d------ [17:03 12/02/2013]

Searching for "*SweetIM*"
No folders found.

Searching for "*uTorrentBar_DE*"
No folders found.

Searching for "*Babylon*"
C:\Program Files (x86)\~BabylonToolbar d------ [09:23 29/04/2012]
C:\Program Files (x86)\~BabylonToolbar\~BabylonToolbar d------ [09:23 29/04/2012]

Searching for "*PriceGong*"
No folders found.

Searching for "*Softonic*"
C:\Users\Michael\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\HB9U64R7\static.softonic.de d------ [10:46 05/10/2012]
C:\Users\Michael\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.softonic.de d------ [10:46 05/10/2012]

Searching for "*OpenCandy*"
No folders found.

Searching for "*Enigma Software Group*"
C:\Program Files\Enigma Software Group d------ [22:14 10/02/2013]

Searching for "*SpyHunter*"
C:\Program Files\Enigma Software Group\SpyHunter d------ [22:14 10/02/2013]

Searching for "*trkjmp.com*"
No folders found.

========== regfind ==========

Searching for "Conduit"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8351DCCE-536F-47CF-8781-685DA37BBE9D}]
"URL"="hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8351DCCE-536F-47CF-8781-685DA37BBE9D}]
"FaviconURL"="hxxp://search.conduit.com/favicon.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
"AE48807DEC2E935419BD7466CCE1F5F5"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"
[HKEY_USERS\S-1-5-21-1047493706-1735402114-1840407707-1001\Software\Microsoft\Internet Explorer\SearchScopes\{8351DCCE-536F-47CF-8781-685DA37BBE9D}]
"URL"="hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647"
[HKEY_USERS\S-1-5-21-1047493706-1735402114-1840407707-1001\Software\Microsoft\Internet Explorer\SearchScopes\{8351DCCE-536F-47CF-8781-685DA37BBE9D}]
"FaviconURL"="hxxp://search.conduit.com/favicon.ico"

Searching for "SaveByclick"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D0B1EF66-24AF-42B6-A05D-6C8D0B52CD90}]
"DisplayName"="SaveByClick"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D0B1EF66-24AF-42B6-A05D-6C8D0B52CD90}]
"Publisher"="SaveByClick"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D0B1EF66-24AF-42B6-A05D-6C8D0B52CD90}]
"CategoryName"="SaveByClick"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SP_661c9f97]
"UninstallString"=""C:\Program Files (x86)\SaveByClick\uninstall.exe" /FULLPATH="C:\Program Files (x86)\SaveByClick""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SP_661c9f97]
"QuietUninstallString"=""C:\Program Files (x86)\SaveByClick\uninstall.exe" /S /FULLPATH="C:\Program Files (x86)\SaveByClick""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SP_661c9f97]
"CategoryName"="SaveByClick"

Searching for "SweetIM"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1047493706-1735402114-1840407707-1001\Software\SweetIM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2BC4C58B253B8DB418C8CB3E35951970]
"ProductName"="SweetIM for Messenger 3.6"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2BC4C58B253B8DB418C8CB3E35951970\SourceList]
"PackageName"="SweetIMSetup.msi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\data\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\data\Bars\Default\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\data\Bars\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\SweetIM\Messenger\resources\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\SweetIM\Messenger\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\SweetIM\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\logs\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\update\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\conf\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\conf\users\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\data\Bars\Default\400\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\data\Bars\Default\100\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\data\Bars\Default\200\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\data\contentdb\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\data\packages\FailDialog\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\data\packages\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\SweetIM\Messenger\resources\images\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\SweetIM\Messenger\resources\sqlite\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\SweetIM\Toolbars\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\conf\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D]
"54A306F2659DB694185B057D28249467"="C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501]
"2BC4C58B253B8DB418C8CB3E35951970"="C:\Program Files (x86)\SweetIM\Messenger\mgFlashPlayer.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E]
"54A306F2659DB694185B057D28249467"="C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636]
"2BC4C58B253B8DB418C8CB3E35951970"="C:\Program Files (x86)\SweetIM\Messenger\mgcommunication.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F]
"2BC4C58B253B8DB418C8CB3E35951970"="C:\Program Files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094]
"2BC4C58B253B8DB418C8CB3E35951970"="C:\Program Files (x86)\SweetIM\Messenger\msvcr71.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA]
"54A306F2659DB694185B057D28249467"="C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgconfig.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635]
"54A306F2659DB694185B057D28249467"="C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\ClearHist.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536]
"2BC4C58B253B8DB418C8CB3E35951970"="C:\Program Files (x86)\SweetIM\Messenger\msvcp71.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43]
"2BC4C58B253B8DB418C8CB3E35951970"="C:\Program Files (x86)\SweetIM\Messenger\mgsimcommon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81]
"54A306F2659DB694185B057D28249467"="C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED]
"54A306F2659DB694185B057D28249467"="C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432]
"2BC4C58B253B8DB418C8CB3E35951970"="C:\Program Files (x86)\SweetIM\Messenger\mgICQAuto.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C]
"2BC4C58B253B8DB418C8CB3E35951970"="C:\Program Files (x86)\SweetIM\Messenger\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0]
"2BC4C58B253B8DB418C8CB3E35951970"="C:\ProgramData\SweetIM\Messenger\update\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1]
"2BC4C58B253B8DB418C8CB3E35951970"="C:\Program Files (x86)\SweetIM\Messenger\mgMsnAuto.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7]
"2BC4C58B253B8DB418C8CB3E35951970"="C:\Program Files (x86)\SweetIM\Messenger\resources\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB]
"2BC4C58B253B8DB418C8CB3E35951970"="C:\Program Files (x86)\SweetIM\Messenger\mgUpdateSupport.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA]
"2BC4C58B253B8DB418C8CB3E35951970"="C:\Program Files (x86)\SweetIM\Messenger\mgYahooMessengerAdapter.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC]
"2BC4C58B253B8DB418C8CB3E35951970"="C:\Program Files (x86)\SweetIM\Messenger\mgYahooAuto.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0]
"2BC4C58B253B8DB418C8CB3E35951970"="C:\ProgramData\SweetIM\Messenger\logs\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF]
"2BC4C58B253B8DB418C8CB3E35951970"="C:\ProgramData\SweetIM\Messenger\data\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC]
"2BC4C58B253B8DB418C8CB3E35951970"="C:\Program Files (x86)\SweetIM\Messenger\mgSweetIM.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4]
"54A306F2659DB694185B057D28249467"="C?\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5]
"2BC4C58B253B8DB418C8CB3E35951970"="C:\Program Files (x86)\SweetIM\Messenger\mgMsnMessengerAdapter.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078]
"2BC4C58B253B8DB418C8CB3E35951970"="C:\ProgramData\SweetIM\Messenger\data\Bars\Default\200\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74]
"2BC4C58B253B8DB418C8CB3E35951970"="C:\Program Files (x86)\SweetIM\Messenger\mgMediaPlayer.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401]
"54A306F2659DB694185B057D28249467"="C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mghooking.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3]
"2BC4C58B253B8DB418C8CB3E35951970"="C:\Program Files (x86)\SweetIM\Messenger\mgcommon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2]
"54A306F2659DB694185B057D28249467"="C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26]
"2BC4C58B253B8DB418C8CB3E35951970"="C:\ProgramData\SweetIM\Messenger\data\packages\FailDialog\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E]
"2BC4C58B253B8DB418C8CB3E35951970"="C:\Program Files (x86)\SweetIM\Messenger\mghooking.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C]
"54A306F2659DB694185B057D28249467"="C?\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E]
"2BC4C58B253B8DB418C8CB3E35951970"="C:\ProgramData\SweetIM\Messenger\conf\users\main_user_config.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058]
"54A306F2659DB694185B057D28249467"="C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15]
"2BC4C58B253B8DB418C8CB3E35951970"="C:\ProgramData\SweetIM\Messenger\conf\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789]
"54A306F2659DB694185B057D28249467"="C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267]
"54A306F2659DB694185B057D28249467"="C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mglogger.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB]
"2BC4C58B253B8DB418C8CB3E35951970"="C:\Program Files (x86)\SweetIM\Messenger\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734]
"2BC4C58B253B8DB418C8CB3E35951970"="C:\ProgramData\SweetIM\Messenger\data\Bars\Default\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81]
"2BC4C58B253B8DB418C8CB3E35951970"="C:\Program Files (x86)\SweetIM\Messenger\resources\sqlite\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806]
"2BC4C58B253B8DB418C8CB3E35951970"="C:\Program Files (x86)\SweetIM\Messenger\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0]
"2BC4C58B253B8DB418C8CB3E35951970"="C:\Program Files (x86)\SweetIM\Messenger\mgconfig.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75]
"2BC4C58B253B8DB418C8CB3E35951970"="C:\ProgramData\SweetIM\Messenger\data\Bars\Default\100\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F]
"2BC4C58B253B8DB418C8CB3E35951970"="C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399]
"54A306F2659DB694185B057D28249467"="C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9]
"2BC4C58B253B8DB418C8CB3E35951970"="C:\Program Files (x86)\SweetIM\Messenger\mgArchive.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156]
"54A306F2659DB694185B057D28249467"="C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A]
"2BC4C58B253B8DB418C8CB3E35951970"="C:\Program Files (x86)\SweetIM\Messenger\mgxml_wrapper.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7]
"54A306F2659DB694185B057D28249467"="C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\conf\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6]
"54A306F2659DB694185B057D28249467"="C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgcommon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D]
"54A306F2659DB694185B057D28249467"="C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC]
"2BC4C58B253B8DB418C8CB3E35951970"="C:\ProgramData\SweetIM\Messenger\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5]
"2BC4C58B253B8DB418C8CB3E35951970"="C:\Program Files (x86)\SweetIM\Messenger\mglogger.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804]
"2BC4C58B253B8DB418C8CB3E35951970"="C:\Program Files (x86)\SweetIM\Messenger\mgICQMessengerAdapter.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420]
"54A306F2659DB694185B057D28249467"="C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0]
"2BC4C58B253B8DB418C8CB3E35951970"="C:\ProgramData\SweetIM\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0]
"2BC4C58B253B8DB418C8CB3E35951970"="C:\Program Files (x86)\SweetIM\Messenger\resources\images\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9]
"2BC4C58B253B8DB418C8CB3E35951970"="C:\ProgramData\SweetIM\Messenger\data\contentdb\cache_indx.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D]
"2BC4C58B253B8DB418C8CB3E35951970"="C:\ProgramData\SweetIM\Messenger\data\Bars\Default\400\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2BC4C58B253B8DB418C8CB3E35951970\InstallProperties]
"Contact"="SweetIM Technical Support Department"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2BC4C58B253B8DB418C8CB3E35951970\InstallProperties]
"HelpLink"="hxxp://www.sweetim.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2BC4C58B253B8DB418C8CB3E35951970\InstallProperties]
"InstallLocation"="C:\Program Files (x86)\SweetIM\Messenger\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2BC4C58B253B8DB418C8CB3E35951970\InstallProperties]
"Publisher"="SweetIM Technologies Ltd."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2BC4C58B253B8DB418C8CB3E35951970\InstallProperties]
"URLInfoAbout"="hxxp://www.sweetim.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2BC4C58B253B8DB418C8CB3E35951970\InstallProperties]
"URLUpdateInfo"="hxxp://www.sweetim.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2BC4C58B253B8DB418C8CB3E35951970\InstallProperties]
"DisplayName"="SweetIM for Messenger 3.6"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\54A306F2659DB694185B057D28249467\InstallProperties]
"Contact"="SweetIM Technical Support Department"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\54A306F2659DB694185B057D28249467\InstallProperties]
"HelpLink"="hxxp://www.sweetim.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\54A306F2659DB694185B057D28249467\InstallProperties]
"InstallLocation"="C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\54A306F2659DB694185B057D28249467\InstallProperties]
"Publisher"="SweetIM Technologies Ltd."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\54A306F2659DB694185B057D28249467\InstallProperties]
"URLInfoAbout"="hxxp://www.sweetim.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\54A306F2659DB694185B057D28249467\InstallProperties]
"URLUpdateInfo"="hxxp://www.sweetim.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS]
[HKEY_USERS\S-1-5-21-1047493706-1735402114-1840407707-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1047493706-1735402114-1840407707-1001\Software\SweetIM]

Searching for "uTorrentBar_DE"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8351DCCE-536F-47CF-8781-685DA37BBE9D}]
"DisplayName"="uTorrentBar_DE Customized Web Search"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrentBar_DEAutoUpdateHelper_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrentBar_DEAutoUpdateHelper_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrentBar_DEToolbarHelper_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrentBar_DEToolbarHelper_RASMANCS]
[HKEY_USERS\S-1-5-21-1047493706-1735402114-1840407707-1001\Software\Microsoft\Internet Explorer\SearchScopes\{8351DCCE-536F-47CF-8781-685DA37BBE9D}]
"DisplayName"="uTorrentBar_DE Customized Web Search"

Searching for "Babylon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"

Searching for "PriceGong"
No data found.

Searching for "Softonic"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\softonic.com]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\2dc59855_0]
@="{0.0.0.00000000}.{addcfc97-975c-479d-8305-042dedc2256f}|\Device\HarddiskVolume2\Users\Michael\Downloads\SoftonicDownloader_fuer_microsoft-acrylic.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EFCFC88D-2AB8-4DD4-B46C-42E95800CE0A}]
"OSDFileURL"="file:///C:/Program%20Files%20(x86)/Softonic/Softonic/1.6.7.4/Softonic.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_microsoft-acrylic_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_microsoft-acrylic_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\softonic_ggl_1_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\softonic_ggl_1_RASMANCS]
[HKEY_USERS\S-1-5-21-1047493706-1735402114-1840407707-1001\Software\Microsoft\Internet Explorer\DOMStorage\softonic.com]
[HKEY_USERS\S-1-5-21-1047493706-1735402114-1840407707-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\2dc59855_0]
@="{0.0.0.00000000}.{addcfc97-975c-479d-8305-042dedc2256f}|\Device\HarddiskVolume2\Users\Michael\Downloads\SoftonicDownloader_fuer_microsoft-acrylic.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-1047493706-1735402114-1840407707-1001\Software\Microsoft\Internet Explorer\SearchScopes\{EFCFC88D-2AB8-4DD4-B46C-42E95800CE0A}]
"OSDFileURL"="file:///C:/Program%20Files%20(x86)/Softonic/Softonic/1.6.7.4/Softonic.xml"

Searching for "OpenCandy"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnce]

Searching for "Enigma Software Group"
[HKEY_LOCAL_MACHINE\SOFTWARE\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig]
"InstallLoc"="C:\Program Files\Enigma Software Group\SpyHunter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Enigma Software Group\SpyHunter\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Enigma Software Group\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Enigma Software Group\SpyHunter\Defs\"="1"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\esgiguard]
"ImagePath"="\??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\esgiguard]
"ImagePath"="\??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\esgiguard]
"ImagePath"="\??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys"

Searching for "SpyHunter"
[HKEY_LOCAL_MACHINE\SOFTWARE\EnigmaSoftwareGroup\SpyHunter]
[HKEY_LOCAL_MACHINE\SOFTWARE\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig]
[HKEY_LOCAL_MACHINE\SOFTWARE\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig]
"InstallLoc"="C:\Program Files\Enigma Software Group\SpyHunter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Enigma Software Group\SpyHunter\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Enigma Software Group\SpyHunter\Defs\"="1"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\esgiguard]
"ImagePath"="\??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\esgiguard]
"ImagePath"="\??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\esgiguard]
"ImagePath"="\??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys"

Searching for "trkjmp.com"
No data found.

Searching for " "
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon\WIA\Devices\MP640 series]
"ProductId"="MP640 "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"=" <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" > <InitializationParameters> <Param Name="PSVersion" Value="2.0"/> </InitializationParameters> <Resources> <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true"> <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/> <Capability Type="Shell"/> </Resource> </Res
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell32]
"ConfigXML"="<PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell32" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" Architecture="32" > <InitializationParameters> <Param Name="PSVersion" Value="2.0"/> </InitializationParameters> <Resources> <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" SupportsOptions="true" ExactMatch="true"> <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_#11072503000531&0#]
"DeviceDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SANDISK&PROD_CRUZER&REV_4.05#0000169DD 773DEEB&0#]
"DeviceDesc"="Cruzer "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SMI&PROD_&REV_1100#AA201001193580&0#]
"DeviceDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_#11072503000531&0#]
"DeviceDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SANDISK&PROD_CRUZER&REV_4.05#0000169DD 773DEEB&0#]
"DeviceDesc"="Cruzer "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SMI&PROD_&REV_1100#AA201001193580&0#]
"DeviceDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_#11072503000531&0#]
"DeviceDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SANDISK&PROD_CRUZER&REV_4.05#00001 69DD773DEEB&0#]
"DeviceDesc"="Cruzer "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SMI&PROD_&REV_1100#AA201001193580& 0#]
"DeviceDesc"=" "

-= EOF =-

schönen Gruß
Michael

Alt 14.02.2013, 16:22   #10
M-K-D-B
/// TB-Ausbilder
 
Unerwünschte Verlinkung im Internet-Browser (=> i.trkjmp.com) - scheint - Standard

Unerwünschte Verlinkung im Internet-Browser (=> i.trkjmp.com) - scheint



Servus,





Schritt 1

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:OTL
DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
IE - HKCU\..\SearchScopes\{8351DCCE-536F-47CF-8781-685DA37BBE9D}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647
[2012/08/31 13:41:56 | 000,000,000 | ---D | M] (uTorrentBar_DE) -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
[2013/02/12 18:03:50 | 000,000,000 | ---D | C] -- C:\ProgramData\SaveByclick
[2013/02/10 23:14:04 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/01/27 12:35:20 | 000,000,000 | ---D | C] -- C:\ProgramData\ClickIT
[2013/02/12 17:25:07 | 000,000,121 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat

:files
C:\Program Files (x86)\~BabylonToolbar
C:\Users\Michael\Downloads\SoftonicDownloader_fuer_microsoft-acrylic.exe
C:\Users\All Users\SaveByclick

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D0B1EF66-24AF-42B6-A05D-6C8D0B52CD90}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SP_661c9f97]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1047493706-1735402114-1840407707-1001\Software\SweetIM]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2BC4C58B253B8DB418C8CB3E35951970]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2BC4C58B253B8DB418C8CB3E35951970]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\54A306F2659DB694185B057D28249467]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8351DCCE-536F-47CF-8781-685DA37BBE9D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrentBar_DEAutoUpdateHelper_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrentBar_DEAutoUpdateHelper_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrentBar_DEToolbarHelper_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrentBar_DEToolbarHelper_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\softonic.com]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EFCFC88D-2AB8-4DD4-B46C-42E95800CE0A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_microsoft-acrylic_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_microsoft-acrylic_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\softonic_ggl_1_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\softonic_ggl_1_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\EnigmaSoftwareGroup]

:commands
[Emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread






Schritt 2
  • Starte Malwarebytes' Anti-Malware, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.





Schritt 3

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset






Schritt 4
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von OTL,
  • die Logdatei von MBAM,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck.

Alt 15.02.2013, 23:12   #11
rmi_1
 
Unerwünschte Verlinkung im Internet-Browser (=> i.trkjmp.com) - scheint - Standard

Unerwünschte Verlinkung im Internet-Browser (=> i.trkjmp.com) - scheint



Hallo Matthias,

hier die 4 Logfiles:

OTL
All processes killed
========== OTL ==========
Service esgiguard stopped successfully!
Service esgiguard deleted successfully!
File C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8351DCCE-536F-47CF-8781-685DA37BBE9D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8351DCCE-536F-47CF-8781-685DA37BBE9D}\ not found.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\Plugins folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\modules folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\META-INF folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\lib folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\defaults\preferences folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\defaults folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\skin folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\sl folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\lib folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\core folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\WEATHER\js folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\WEATHER\css folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\WEATHER folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\TWITTER\resources folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\TWITTER\js folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\TWITTER\img folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\TWITTER folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\TESTER_POPUP\js folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\TESTER_POPUP folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\TESTER_EMBEDDED\js folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\TESTER_EMBEDDED folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\TESTER_BCAPI\js folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\TESTER_BCAPI\autoTest\spec folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\TESTER_BCAPI\autoTest\lib\jasmine-1.1.0 folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\TESTER_BCAPI\autoTest\lib folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\TESTER_BCAPI\autoTest folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\TESTER_BCAPI folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\SEARCH_IN_NEW_TAB folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\SEARCH\view\style\rsx folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\SEARCH\view\style folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\SEARCH\view\script folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\SEARCH\view folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\SEARCH\resources folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\SEARCH\js folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\SEARCH\Css folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\SEARCH\buildSettings folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\SEARCH folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\RADIO_PLAYER\js\resources folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\RADIO_PLAYER\js folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\RADIO_PLAYER\css\custom-theme folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\RADIO_PLAYER\css folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\RADIO_PLAYER folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\PRICE_GONG\menu_dlg folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\PRICE_GONG\images folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\PRICE_GONG\css\custom-theme folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\PRICE_GONG\css folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\PRICE_GONG\agreement folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\PRICE_GONG folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\Optimizer\js folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\Optimizer folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\NOTIFICATION\js folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\NOTIFICATION\images\light folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\NOTIFICATION\images\dark folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\NOTIFICATION\images folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\NOTIFICATION\css folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\NOTIFICATION folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\MULTI_RSS\js\resources folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\MULTI_RSS\js folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\MULTI_RSS\img folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\MULTI_RSS\css folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\MULTI_RSS folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\HIGHLIGHTER\js folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\HIGHLIGHTER\css folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\HIGHLIGHTER folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\EMAIL_NOTIFIER\js\plugins folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\EMAIL_NOTIFIER\js folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\EMAIL_NOTIFIER\css folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\EMAIL_NOTIFIER folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\APPLICATION_BUTTON\resources folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\APPLICATION_BUTTON\Js folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\APPLICATION_BUTTON folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\404 folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\ui\menu\js folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\ui\menu\img folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\ui\menu\css folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\ui\menu folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\ui\gf\img folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\ui\gf\css folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\ui\gf folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\ui\gadgetFrame folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\ui\dlg\ftd\images folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\ui\dlg\ftd folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\ui\dlg folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\ui folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\searchProtector\searchProtectorSettingsDialog\images folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\searchProtector\searchProtectorSettingsDialog folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\searchProtector\SearchProtectorBubbleDialog\images folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\searchProtector\SearchProtectorBubbleDialog folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\searchProtector\js folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\searchProtector folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\options\js\resources folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\options\js folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\options\images folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\options\css folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\options folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\myStuffDialogs folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\features\js\resources folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\features\js folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\features folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\api folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\ac\res folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\ac\img folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\ac\css folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\ac folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\aboutBox\js folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\aboutBox\images folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\aboutBox folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647 folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
C:\ProgramData\SaveByclick folder moved successfully.
C:\Program Files\Enigma Software Group\SpyHunter\Log folder moved successfully.
C:\Program Files\Enigma Software Group\SpyHunter\Data folder moved successfully.
C:\Program Files\Enigma Software Group\SpyHunter folder moved successfully.
C:\Program Files\Enigma Software Group folder moved successfully.
C:\ProgramData\ClickIT\Setup folder moved successfully.
C:\ProgramData\ClickIT folder moved successfully.
C:\Windows\DeleteOnReboot.bat moved successfully.
========== FILES ==========
C:\Program Files (x86)\~BabylonToolbar\~BabylonToolbar\~1.5.3.17\~bh folder moved successfully.
C:\Program Files (x86)\~BabylonToolbar\~BabylonToolbar\~1.5.3.17 folder moved successfully.
C:\Program Files (x86)\~BabylonToolbar\~BabylonToolbar folder moved successfully.
C:\Program Files (x86)\~BabylonToolbar folder moved successfully.
C:\Users\Michael\Downloads\SoftonicDownloader_fuer_microsoft-acrylic.exe moved successfully.
File\Folder C:\Users\All Users\SaveByclick not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D0B1EF66-24AF-42B6-A05D-6C8D0B52CD90}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0B1EF66-24AF-42B6-A05D-6C8D0B52CD90}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SP_661c9f97\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1047493706-1735402114-1840407707-1001\Software\SweetIM\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2BC4C58B253B8DB418C8CB3E35951970\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2BC4C58B253B8DB418C8CB3E35951970\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\54A306F2659DB694185B057D28249467\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8351DCCE-536F-47CF-8781-685DA37BBE9D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8351DCCE-536F-47CF-8781-685DA37BBE9D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrentBar_DEAutoUpdateHelper_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrentBar_DEAutoUpdateHelper_RASMANCS\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrentBar_DEToolbarHelper_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrentBar_DEToolbarHelper_RASMANCS\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\softonic.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EFCFC88D-2AB8-4DD4-B46C-42E95800CE0A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EFCFC88D-2AB8-4DD4-B46C-42E95800CE0A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_microsoft-acrylic_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_microsoft-acrylic_RASMANCS\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\softonic_ggl_1_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\softonic_ggl_1_RASMANCS\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\EnigmaSoftwareGroup\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Michael
->Temp folder emptied: 239388 bytes
->Temporary Internet Files folder emptied: 118945252 bytes
->Java cache emptied: 1044561 bytes
->Google Chrome cache emptied: 103583599 bytes
->Flash cache emptied: 16219 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1715942 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 128634337 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 1328576 bytes

Total Files Cleaned = 339.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02152013_215617

Files\Folders moved on Reboot...
C:\Users\Michael\AppData\Local\Temp\dynadock\2013-02.log moved successfully.
C:\Users\Michael\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


Malwarebytes
Malwarebytes Anti-Malware (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.15.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Michael :: RUE-NB [Administrator]

Schutz: Deaktiviert

15.02.2013 22:11:28
mbam-log-2013-02-15 (22-11-28).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 222497
Laufzeit: 2 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


ESET
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=410beea80aac7a4fb93452ed29d04901
# engine=13167
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-02-15 11:02:11
# local_time=2013-02-16 12:02:11 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1045 16777213 100 94 11919 48103315 0 0
# compatibility_mode=5893 16776574 100 94 367330 112599181 0 0
# scanned=176034
# found=1
# cleaned=0
# scan_time=5394
sh=A696C5A0D50145AFDE3D3A71F70B1C3006AC2199 ft=1 fh=da0003b6601dbc17 vn="a variant of Win32/Adware.MultiPlug.I application" ac=I fn="C:\_OTL\MovedFiles\02152013_215617\C_ProgramData\SaveByclick\510510289cb23.dll"


Security Check
Results of screen317's Security Check version 0.99.57
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
AVG Internet Security 2013
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware Version 1.70.0.1100
AVG PC TuneUp
AVG PC TuneUp Language Pack (de-DE)
AVG PC TuneUp
Java(TM) 6 Update 39
Java version out of Date!
Adobe Reader 10.1.5 Adobe Reader out of Date!
Google Chrome 24.0.1312.56
Google Chrome 24.0.1312.57
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
TOSHIBA TOSHIBA Online Product Information TOPI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

Danke und Gruß
Michael

Alt 16.02.2013, 10:34   #12
M-K-D-B
/// TB-Ausbilder
 
Unerwünschte Verlinkung im Internet-Browser (=> i.trkjmp.com) - scheint - Standard

Unerwünschte Verlinkung im Internet-Browser (=> i.trkjmp.com) - scheint



Servus,



der Fund von ESET befindet sich bereits in der Quarantäne von OTL und kann keinen Schaden mehr anrichten.
Wenn du die abschließenden Schritte durchführst, wird OTL und dieser Schädling entgültig entfernt.


Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber.
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.



Schritt 1
Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier:
    Java Download (32 bit)
  • Speichere die Datei auf deinem Desktop.
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die Datei. Diese wird die neueste Java Version ( Java 7 Update 13 ) installieren.
  • Entferne den Haken bei "Installieren Sie die Ask-Toolbar ..." während der Installation.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Haken gesetzt ist und klicke OK.
  • Klicke erneut OK.
schneller Plugin-Test: PluginCheck





Schritt 2
Deinstalliere bitte deine aktuelle Version von Adobe Reader
Start--> Systemsteuerung--> Software / Programme deinstallieren--> Adobe Reader
und lade dir die neue Version von Hier herunter-
Entferne den Hacken für den McAfee SecurityScan bzw. Google Chrome.





Schritt 3
Starte DeFogger und klicke auf Re-enable.
Gegebenenfalls muss dein Rechner neu gestartet werden.





Schritt 4
Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.

Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK.
Code:
ATTFilter
Combofix /Uninstall
         


Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden.

Nun die eben deaktivierten Programme wieder aktivieren.





Schritt 5
Downloade dir bitte delfix auf deinen Desktop.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.
  • DelFix entfernt u. a. alle verwendeten Programme und löscht sich abschließend selbst.
  • Sollten noch Programme, die wir verwendet haben, vorhanden sein, so lösche diese bitte per Hand.





Schritt 6
Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles, nur weil es Dich dazu auffordert und schön bunt ist.
  • Verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe.
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.



Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

Alt 16.02.2013, 19:56   #13
rmi_1
 
Unerwünschte Verlinkung im Internet-Browser (=> i.trkjmp.com) - scheint - Standard

Unerwünschte Verlinkung im Internet-Browser (=> i.trkjmp.com) - scheint



Hallo Matthias,

habe die Java RT 64 bit Version 1.7.0_13 heruntergeladen und installiert.

Plug In Test liefert: Chrome / Flash ist installiert und aktuell - Java ist nicht Installiert oder nicht aktiviert.

Habe die empfohlenen Programme installiert und aktiviert.

Aus meiner Sicht läuft alles problemlos - Fertig!

Eine letzte Frage habe ich: Gibt es eine Vermutung, wie/wo ich mir den Trojaner "eingetreten" habe?

Zum Schluss bleibt mir nur zu sagen, dass ich dir recht herzlich für deine Hilfe danke. Es ist nicht selbstverständlich, so eine kompetente und zuverlässige Unterstützung zu erhalten - Respekt und Anerkennung !!

Als kleines Dankeschön habe ich eine Spende einbezahlt - ich hoffe du hast was davon ;-) http://www.trojaner-board.de/images/smilies/party.gif

Alles gute!
Gruß/Michael

Alt 16.02.2013, 20:31   #14
M-K-D-B
/// TB-Ausbilder
 
Unerwünschte Verlinkung im Internet-Browser (=> i.trkjmp.com) - scheint - Standard

Unerwünschte Verlinkung im Internet-Browser (=> i.trkjmp.com) - scheint



Leider kann ich dir nicht genau sagen, wie du dich infiziert hast. Achte auf jeden Fall darauf, dass du bei der Installation von Programmen immer die benutzerdefinierte Variante wählst. So kannst du unerwünschte Programme abwählen.



Ich bin froh, dass wir helfen konnten

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.

Antwort

Themen zu Unerwünschte Verlinkung im Internet-Browser (=> i.trkjmp.com) - scheint
7-zip, antivirus, autorun, babylontoolbar, bho, blockiert, bonjour, converter, crossdomain.xm, enigma, error, fehler, firefox, flash player, home, homepage, hängen, i.trkjmp.com, install.exe, installation, internet, internet security 2013, problem, realtek, rechner blockiert, registry, savebyclick, scan, security, software, starten, svchost.exe, sweetpacks, unterstrichen, verlinkung, visual studio, windows



Ähnliche Themen: Unerwünschte Verlinkung im Internet-Browser (=> i.trkjmp.com) - scheint


  1. Unerwünschte Werbung, Browser kaum noch nutzbar
    Plagegeister aller Art und deren Bekämpfung - 26.01.2015 (10)
  2. unerwünschte Werbeprogramme im Browser Google chrome
    Log-Analyse und Auswertung - 31.10.2014 (11)
  3. Unerwünschte Werbung mit neuen Tab im browser (Firefox und explorer)
    Log-Analyse und Auswertung - 03.10.2014 (11)
  4. Windows 8.1 64 Bit; unerwünschte Popups im Chrome Browser
    Log-Analyse und Auswertung - 29.06.2014 (32)
  5. Browser öffnen unerwünschte Ads von 123srv.com, gos.drivedo.ne, www.doivndj.com, ..
    Log-Analyse und Auswertung - 16.05.2014 (13)
  6. Windows 8.1 : PC sehr langsam + unerwünschte Weiterleitungen im Browser
    Log-Analyse und Auswertung - 16.05.2014 (17)
  7. Unerwünschte Links und Werbung in jedem Browser
    Log-Analyse und Auswertung - 23.04.2014 (24)
  8. Unerwünschte Werbung im Browser
    Plagegeister aller Art und deren Bekämpfung - 02.12.2013 (14)
  9. Unerwünschte Werbebanner, Textlinks und PopUps im Browser
    Log-Analyse und Auswertung - 30.09.2013 (15)
  10. Verlinkung im Mozilla (trkjmp.com etc.)
    Log-Analyse und Auswertung - 20.06.2013 (11)
  11. Unerwünschte Links im Internet Browser
    Log-Analyse und Auswertung - 19.06.2013 (31)
  12. Verlinkungen im Internet-Browser ( i.trkjmp.com)
    Plagegeister aller Art und deren Bekämpfung - 25.03.2013 (26)
  13. Unerwünschte Verlinkung - vermutlich mit http://i.trkjmp.com/crossdomain.xm - Trojaner am Werk?
    Plagegeister aller Art und deren Bekämpfung - 22.01.2013 (5)
  14. Links bei Google werden umgeleitet und Internet scheint allgemein langsamer/stockend
    Log-Analyse und Auswertung - 20.11.2010 (9)
  15. Unerwünschte Pop-up Fenster sowie verlinkung auf skurile Seiten
    Log-Analyse und Auswertung - 18.12.2008 (0)
  16. Browser öffnet unerwünschte Seiten-bitte HJT Auswertung
    Log-Analyse und Auswertung - 13.02.2008 (7)
  17. unerwünschte Weiterleitung Browser
    Log-Analyse und Auswertung - 07.12.2007 (0)

Zum Thema Unerwünschte Verlinkung im Internet-Browser (=> i.trkjmp.com) - scheint - Hallo Zusammen! ich habe seit etwa 5 Tagen folgendes Problem: Auf allen Seiten meiner Browsers (Chrome) werden bestimmte Begriffe als Verknüpfung (unterstrichen) dargestellt. (zB bereits , früherer ...). Bei Mouseover - Unerwünschte Verlinkung im Internet-Browser (=> i.trkjmp.com) - scheint...
Archiv
Du betrachtest: Unerwünschte Verlinkung im Internet-Browser (=> i.trkjmp.com) - scheint auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.