Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Avira Antivir meldet Adware/Yontoo.Gen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 25.02.2013, 11:35   #1
Kleinvieh
 
Avira Antivir meldet Adware/Yontoo.Gen - Standard

Avira Antivir meldet Adware/Yontoo.Gen



Hallo!

Beim letzten Scan mit Avira Antivir wurde mir der Virus Adware/Yontoo.Gen gemeldet.
An mehreren Stelle in eurem Forum habe ich gelesen, dass man besser nichts auf eigene Faust unternimmt, sondern lieber ein neues Thema erstellen soll. Dies mache ich hiermit und bitte um Hilfe, damit mein Rechner bald wieder sauber ist.
Vielen Dank schonmal

Alt 25.02.2013, 12:34   #2
markusg
/// Malware-holic
 
Avira Antivir meldet Adware/Yontoo.Gen - Standard

Avira Antivir meldet Adware/Yontoo.Gen



hi
avira Funde posten:
http://www.trojaner-board.de/125889-...en-posten.html
dann:

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 25.02.2013, 12:49   #3
Kleinvieh
 
Avira Antivir meldet Adware/Yontoo.Gen - Standard

Avira Antivir meldet Adware/Yontoo.Gen



Exportierte Ereignisse:

25.02.2013 12:05 [System Scanner] Malware gefunden
Die Datei 'C:\Users\das kleinvieh\AppData\Local\Microsoft\Windows\Temporary
Internet Files\Content.IE5\7C09PPM1\yontoosetup[1].exe'
enthielt einen Virus oder unerwünschtes Programm 'ADWARE/Yontoo.Gen' [adware].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5555e8c3.qua'
verschoben!

22.02.2013 18:16 [System Scanner] Malware gefunden
Die Datei 'C:\Users\das
kleinvieh\AppData\Local\Temp\is513561925\QtraxInstaller.exe'
enthielt einen Virus oder unerwünschtes Programm 'DR/Delphi.Gen' [dropper].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '551e07fb.qua'
verschoben!

22.02.2013 18:13 [Echtzeit Scanner] Malware gefunden
In der Datei 'C:\Users\das
kleinvieh\AppData\Local\Temp\9C7A861A\YontooSetup.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Yontoo.Gen' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

22.02.2013 18:13 [Echtzeit Scanner] Malware gefunden
In der Datei 'C:\Users\das kleinvieh\AppData\Local\Temp\9C7A861A\up.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Yontoo.Gen' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

22.02.2013 18:13 [Echtzeit Scanner] Malware gefunden
In der Datei 'C:\Users\das kleinvieh\AppData\Local\Microsoft\Windows\Temporary
Internet Files\Content.IE5\7C09PPM1\yontoosetup[1].exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Yontoo.Gen' [adware]
gefunden.
Ausgeführte Aktion: Übergeben an Scanner

22.02.2013 18:12 [Echtzeit Scanner] Malware gefunden
In der Datei 'C:\Users\das
kleinvieh\AppData\Local\Temp\9C7A861A\YontooSetup.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Yontoo.Gen' [adware]
gefunden.
Ausgeführte Aktion: Übergeben an Scanner

22.02.2013 18:12 [Echtzeit Scanner] Malware gefunden
In der Datei 'C:\Users\das
kleinvieh\AppData\Local\Temp\is513561925\QtraxInstaller.exe'
wurde ein Virus oder unerwünschtes Programm 'DR/Delphi.Gen' [dropper] gefunden.
Ausgeführte Aktion: Übergeben an Scanner

22.02.2013 18:12 [Echtzeit Scanner] Malware gefunden
In der Datei 'C:\Users\das
kleinvieh\AppData\Local\Temp\is513561925\QtraxInstaller.exe'
wurde ein Virus oder unerwünschtes Programm 'DR/Delphi.Gen' [dropper] gefunden.
Ausgeführte Aktion: Zugriff verweigern

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 2/25/2013 1:52:02 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\das kleinvieh\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7.61 Gb Total Physical Memory | 5.38 Gb Available Physical Memory | 70.74% Memory free
15.21 Gb Paging File | 12.35 Gb Available in Paging File | 81.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 299.02 Gb Total Space | 74.67 Gb Free Space | 24.97% Space Free | Partition Type: NTFS
Drive D: | 296.76 Gb Total Space | 211.19 Gb Free Space | 71.17% Space Free | Partition Type: NTFS
 
Computer Name: DASKLEINVIEH | User Name: das kleinvieh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/02/25 13:40:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\das kleinvieh\Desktop\OTL.exe
PRC - [2013/02/21 10:30:09 | 002,561,488 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
PRC - [2013/02/15 13:08:24 | 001,597,864 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\steam.exe
PRC - [2013/02/15 13:08:20 | 000,543,144 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013/01/20 20:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\das kleinvieh\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/12/18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/06 12:14:42 | 000,056,416 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2012/08/26 21:21:31 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/07/03 08:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2012/06/20 12:18:08 | 001,568,976 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2012/05/08 15:50:27 | 000,086,992 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\ipmgui.exe
PRC - [2012/05/08 15:50:27 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/08 15:50:25 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012/05/08 15:50:25 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/04/01 16:04:00 | 000,634,880 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2012/03/23 13:25:24 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011/12/09 18:22:26 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/03/29 14:33:08 | 000,598,312 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011/03/14 09:22:06 | 002,125,472 | ---- | M] (Audible, Inc.) -- C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
PRC - [2011/01/17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/12/03 14:57:16 | 000,304,560 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2010/11/21 04:23:51 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schtasks.exe
PRC - [2009/07/28 20:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/03/10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/02/21 10:30:09 | 002,561,488 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
MOD - [2013/02/21 10:28:52 | 002,231,248 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll
MOD - [2013/02/15 13:08:20 | 000,988,584 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2013/01/22 04:22:06 | 020,320,680 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/12/18 18:28:50 | 000,647,168 | ---- | M] () -- C:\Program Files (x86)\Steam\sdl.dll
MOD - [2012/12/11 09:51:10 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/12/11 09:51:10 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/12/11 09:51:10 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/10/05 11:53:24 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/08/31 11:59:19 | 004,550,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
MOD - [2012/04/01 16:04:00 | 001,515,520 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll
MOD - [2012/04/01 16:04:00 | 000,634,880 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2012/04/01 16:04:00 | 000,559,244 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll
MOD - [2012/04/01 16:04:00 | 000,516,599 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2012/04/01 16:04:00 | 000,385,024 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetect.dll
MOD - [2012/04/01 16:04:00 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2012/04/01 16:04:00 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2012/04/01 16:04:00 | 000,103,936 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll
MOD - [2012/04/01 16:04:00 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2012/02/20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/12/28 19:11:34 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2010/11/21 04:24:32 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2010/11/21 04:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/11/21 04:23:48 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2010/11/13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011/06/07 21:54:56 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/12/09 17:45:26 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/12/08 15:42:54 | 000,137,632 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2010/10/20 14:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/09/09 17:26:34 | 000,162,824 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\GFNEXSrv.exe -- (GFNEXSrv)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2013/02/21 10:30:09 | 002,561,488 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect)
SRV - [2013/02/15 13:08:20 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/02/11 23:14:25 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/13 08:47:54 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/25 16:48:14 | 000,210,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Livedrive\VSSService.exe -- (LivedriveVSSService)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/08 15:50:27 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/08 15:50:25 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012/05/08 15:50:25 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/03/23 13:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/03/29 14:33:08 | 000,598,312 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011/02/10 08:25:36 | 000,112,080 | ---- | M] (Toshiba Europe GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService)
SRV - [2010/11/29 14:58:30 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/28 16:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/05/08 15:50:28 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/05/08 15:50:28 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/15 15:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/10/01 07:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 07:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 07:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 07:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/06/07 22:42:26 | 009,360,896 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/06/07 21:16:14 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/08 19:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/02/03 19:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/01/13 18:58:30 | 000,413,800 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/12/16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/19 10:23:10 | 001,077,840 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mod7700.sys -- (mod7700)
DRV:64bit: - [2010/11/02 16:48:38 | 001,103,464 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/10/29 16:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/06/25 15:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010/02/16 13:44:18 | 000,191,960 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cbfs.sys -- (CbFs)
DRV:64bit: - [2009/11/02 17:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/08/24 09:14:30 | 000,054,784 | ---- | M] (AzureWave Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\azvusb.sys -- (azvusb)
DRV:64bit: - [2009/07/30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchfunmoods.com/?f=1&a=drive&chnl=drive&cd=2XzuyEtN2Y1L1Qzu0EtD0C0AzyyEzyyC0F0D0EzztA0DtA0BtN0D0Tzu0CtBzytCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1790178156
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=drive&chnl=drive&cd=2XzuyEtN2Y1L1Qzu0EtD0C0AzyyEzyyC0F0D0EzztA0DtA0BtN0D0Tzu0CtBzytCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1790178156
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchfunmoods.com/?f=1&a=drive&chnl=drive&cd=2XzuyEtN2Y1L1Qzu0EtD0C0AzyyEzyyC0F0D0EzztA0DtA0BtN0D0Tzu0CtBzytCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1790178156
IE - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=drive&chnl=drive&cd=2XzuyEtN2Y1L1Qzu0EtD0C0AzyyEzyyC0F0D0EzztA0DtA0BtN0D0Tzu0CtBzytCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1790178156
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.delta-search.com/?affID=119370&babsrc=HP_ss&mntrId=2ef53d3b000000000000e0ca9496fde8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-search.com/?affID=119370&babsrc=HP_ss&mntrId=2ef53d3b000000000000e0ca9496fde8
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
IE - HKCU\..\SearchScopes\{0A545A3D-2DD1-4514-8BF7-EE62D8BD7EAF}: "URL" = hxxp://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119370&babsrc=SP_ss&mntrId=2ef53d3b000000000000e0ca9496fde8
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=drive&chnl=drive&cd=2XzuyEtN2Y1L1Qzu0EtD0C0AzyyEzyyC0F0D0EzztA0DtA0BtN0D0Tzu0CtBzytCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1790178156
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com Search"
FF - prefs.js..browser.search.defaultenginename: "Ask.com Search"
FF - prefs.js..browser.search.order.1: "Ask.com Search"
FF - prefs.js..browser.search.selectedEngine: "Ask.com Search"
FF - prefs.js..browser.startup.homepage: "hxxp://searchfunmoods.com/?f=1&a=drive&chnl=drive&cd=2XzuyEtN2Y1L1Qzu0EtD0C0AzyyEzyyC0F0D0EzztA0DtA0BtN0D0Tzu0CtBzytCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1790178156"
FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: ffxtlbr@funmoods.com:1.5.1
FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=413&sr=0&q="
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/11/24 19:02:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{0F827075-B026-42F3-885D-98981EE7B1AE}: C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2013/02/22 18:14:20 | 000,000,000 | ---D | M]
 
[2012/05/19 11:52:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\das kleinvieh\AppData\Roaming\mozilla\Extensions
[2013/02/22 18:30:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\das kleinvieh\AppData\Roaming\mozilla\Firefox\Profiles\wbhoc88w.default\extensions
[2013/02/22 18:13:19 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\das kleinvieh\AppData\Roaming\mozilla\Firefox\Profiles\wbhoc88w.default\extensions\ffxtlbr@delta.com
[2012/10/17 19:20:11 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\das kleinvieh\AppData\Roaming\mozilla\Firefox\Profiles\wbhoc88w.default\extensions\ffxtlbr@funmoods.com
[2012/10/17 19:20:11 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\das kleinvieh\AppData\Roaming\mozilla\Firefox\Profiles\wbhoc88w.default\extensions\ich@maltegoetz.de
[2013/02/06 01:41:01 | 000,002,306 | ---- | M] () -- C:\Users\das kleinvieh\AppData\Roaming\mozilla\firefox\profiles\wbhoc88w.default\searchplugins\askcomsearch.xml
[2013/02/22 18:13:26 | 000,001,294 | ---- | M] () -- C:\Users\das kleinvieh\AppData\Roaming\mozilla\firefox\profiles\wbhoc88w.default\searchplugins\delta.xml
[2012/10/17 19:20:19 | 000,002,341 | ---- | M] () -- C:\Users\das kleinvieh\AppData\Roaming\mozilla\firefox\profiles\wbhoc88w.default\searchplugins\Funmoods.xml
[2012/05/19 11:46:29 | 000,002,515 | ---- | M] () -- C:\Users\das kleinvieh\AppData\Roaming\mozilla\firefox\profiles\wbhoc88w.default\searchplugins\Search_Results.xml
[2012/05/19 11:46:29 | 000,002,515 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - homepage: hxxp://www.google.com/
CHR - Extension: Funmoods = C:\Users\das kleinvieh\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0\
CHR - Extension: Funmoods = C:\Users\das kleinvieh\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\2.1.0_0\
CHR - Extension: Neuer Tab = C:\Users\das kleinvieh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Neuer Tab = C:\Users\das kleinvieh\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\5.1_0\
CHR - Extension: Neuer Tab = C:\Users\das kleinvieh\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\7.0.18.1_0\
CHR - Extension: Erster Nutzer = C:\Users\das kleinvieh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\das kleinvieh\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.0_0\
CHR - Extension: No name found = C:\Users\das kleinvieh\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.1_0\
CHR - Extension: No name found = C:\Users\das kleinvieh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\
CHR - Extension: Erster Nutzer = C:\Users\das kleinvieh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (BrowserHelper Class) - {EDF48A39-1442-463F-9F4E-F376A78D034A} - C:\Program Files (x86)\Livedrive\LivedriveExplorerExtensions.dll (Livedrive Internet Ltd)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [NBAgent] c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [Livedrive] C:\Program Files (x86)\Livedrive\Livedrive.exe (Livedrive Internet Ltd)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKCU..\Run: [Udbaotbo] "C:\Users\das kleinvieh\AppData\Roaming\Boem\meybi.exe" File not found
O4 - Startup: C:\Users\das kleinvieh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\das kleinvieh\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\das kleinvieh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.13.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.145.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{19067128-07C1-4D82-849A-97DD7A22C106}: DhcpNameServer = 192.168.145.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{767F09BB-5770-4C51-A94B-2DF66FEAC5FC}: DhcpNameServer = 192.168.145.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/02/25 13:43:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\das kleinvieh\Desktop\OTL.exe
[2013/02/25 07:04:31 | 000,000,000 | ---D | C] -- C:\Users\das kleinvieh\AppData\Roaming\BabSolution
[2013/02/25 00:31:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/02/25 00:28:21 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/02/25 00:28:19 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/02/25 00:28:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/02/25 00:28:19 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/02/25 00:18:37 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2013/02/23 11:16:18 | 000,000,000 | ---D | C] -- C:\Users\das kleinvieh\Desktop\Neuer Ordner
[2013/02/23 10:56:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
[2013/02/23 10:56:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes
[2013/02/23 10:53:38 | 000,000,000 | ---D | C] -- C:\Users\das kleinvieh\AppData\Local\{689F167D-DCEC-4B39-9C8A-82D0CE8B875C}
[2013/02/22 18:32:54 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/02/22 18:14:39 | 000,000,000 | ---D | C] -- C:\Users\das kleinvieh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
[2013/02/22 18:14:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
[2013/02/22 18:13:36 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect
[2013/02/22 18:13:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Delta
[2013/02/22 18:13:16 | 000,000,000 | ---D | C] -- C:\Users\das kleinvieh\AppData\Roaming\Delta
[2013/02/22 18:12:52 | 000,000,000 | ---D | C] -- C:\Users\das kleinvieh\AppData\Roaming\Babylon
[2013/02/22 18:12:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013/02/22 15:30:05 | 000,000,000 | ---D | C] -- C:\Users\das kleinvieh\Desktop\Curtis Stigers
[2013/02/22 13:13:57 | 000,450,560 | ---- | C] (LogicNP Software (hxxp://www.ssware.com)) -- C:\Windows\SysWow64\fldrvw90.ocx
[2013/02/22 13:13:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllDup
[2013/02/22 13:13:56 | 002,369,456 | ---- | C] (Codejock Software) -- C:\Windows\SysWow64\Codejock.CommandBars.v13.4.2.ocx
[2013/02/22 13:13:56 | 001,005,088 | ---- | C] (Bennet-Tec Information Systems, Inc) -- C:\Windows\SysWow64\TList8.ocx
[2013/02/22 13:13:56 | 000,171,752 | ---- | C] (Michael Thummerer Software Design) -- C:\Windows\SysWow64\mtRTF2.ocx
[2013/02/22 13:13:56 | 000,089,888 | ---- | C] (Michael Thummerer Software Design) -- C:\Windows\SysWow64\mtFrame.ocx
[2013/02/22 13:13:56 | 000,086,016 | ---- | C] (Michael Thummerer Software Design) -- C:\Windows\SysWow64\mtSplitter.ocx
[2013/02/22 13:13:56 | 000,077,504 | ---- | C] (Michael Thummerer Software Design) -- C:\Windows\SysWow64\mtScrollContainer.ocx
[2013/02/22 13:13:56 | 000,044,736 | ---- | C] (Michael Thummerer Software Design) -- C:\Windows\SysWow64\mtSubclass.dll
[2013/02/22 13:13:55 | 000,000,000 | ---D | C] -- C:\Users\das kleinvieh\AppData\Roaming\AllDup
[2013/02/22 13:13:55 | 000,000,000 | ---D | C] -- C:\ProgramData\AllDup
[2013/02/22 13:13:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AllDup
[2013/02/22 13:13:44 | 000,000,000 | ---D | C] -- C:\Users\das kleinvieh\AppData\Local\Programs
 
========== Files - Modified Within 30 Days ==========
 
[2013/02/25 13:55:02 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/25 13:40:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\das kleinvieh\Desktop\OTL.exe
[2013/02/25 13:35:45 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/25 07:06:52 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/25 07:03:58 | 000,009,808 | ---- | M] () -- C:\Users\das kleinvieh\AppData\Roaming\BabMaint.exe
[2013/02/25 06:54:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/25 00:34:57 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2013/02/25 00:31:08 | 000,001,750 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/02/24 23:37:39 | 561,389,151 | ---- | M] () -- C:\Users\das kleinvieh\Desktop\Hedwig%20and%20the%20Angry%20____medium.mp4
[2013/02/24 23:33:17 | 005,679,029 | ---- | M] () -- C:\Users\das kleinvieh\Desktop\Hedwig%20&%20The%20Angry%20In____medium.mp4
[2013/02/23 12:21:25 | 000,025,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/23 12:21:25 | 000,025,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/23 12:17:21 | 001,614,036 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/23 12:17:21 | 000,697,322 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013/02/23 12:17:21 | 000,652,600 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/23 12:17:21 | 000,148,328 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013/02/23 12:17:21 | 000,121,274 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/23 12:16:09 | 000,000,085 | -HS- | M] () -- C:\ProgramData\.zreglib
[2013/02/23 12:10:38 | 000,310,272 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/23 12:09:42 | 1830,875,135 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/23 10:56:11 | 000,001,170 | ---- | M] () -- C:\Users\Public\Desktop\CloneDVD2.lnk
[2013/02/22 18:32:30 | 800,236,596 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/02/22 13:13:57 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\AllDup.lnk
[2013/02/02 22:35:33 | 000,001,069 | ---- | M] () -- C:\Users\das kleinvieh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/02/02 22:35:04 | 000,001,053 | ---- | M] () -- C:\Users\das kleinvieh\Desktop\Dropbox.lnk
[2013/02/02 22:15:28 | 000,002,150 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
 
========== Files Created - No Company Name ==========
 
[2013/02/25 07:04:31 | 000,009,808 | ---- | C] () -- C:\Users\das kleinvieh\AppData\Roaming\BabMaint.exe
[2013/02/25 00:31:08 | 000,001,750 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/02/24 23:33:02 | 005,679,029 | ---- | C] () -- C:\Users\das kleinvieh\Desktop\Hedwig%20&%20The%20Angry%20In____medium.mp4
[2013/02/24 18:28:57 | 561,389,151 | ---- | C] () -- C:\Users\das kleinvieh\Desktop\Hedwig%20and%20the%20Angry%20____medium.mp4
[2013/02/23 10:56:29 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2013/02/23 10:56:11 | 000,001,170 | ---- | C] () -- C:\Users\Public\Desktop\CloneDVD2.lnk
[2013/02/22 18:32:30 | 800,236,596 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/02/22 13:13:57 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\AllDup.lnk
[2012/10/17 18:33:23 | 000,010,076 | ---- | C] () -- C:\Users\das kleinvieh\Skin.swf
[2012/10/17 18:33:23 | 000,009,038 | ---- | C] () -- C:\Users\das kleinvieh\FLVPlayer.swf
[2012/10/17 18:33:23 | 000,001,518 | ---- | C] () -- C:\Users\das kleinvieh\IMG0100.html
[2012/10/17 17:53:59 | 027,613,202 | ---- | C] () -- C:\Users\das kleinvieh\IMG0100.flv
[2012/10/17 16:11:07 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2012/10/17 16:10:07 | 000,290,500 | ---- | C] () -- C:\Users\das kleinvieh\AppData\Local\funmoods-speeddial_sf.crx
[2012/10/17 16:10:04 | 000,031,465 | ---- | C] () -- C:\Users\das kleinvieh\AppData\Local\funmoods.crx
[2012/07/04 20:47:32 | 004,503,728 | ---- | C] () -- C:\ProgramData\l_u0_0.pad
[2012/05/19 10:32:11 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011/12/28 23:20:20 | 001,591,930 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/11/30 20:27:45 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2011/11/30 19:57:57 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011/11/30 19:47:04 | 000,128,312 | ---- | C] () -- C:\Windows\SysWow64\GFNEX.dll
[2011/11/30 19:45:21 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/11/30 19:42:14 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/02/22 13:34:43 | 000,000,000 | ---D | M] -- C:\Users\das kleinvieh\AppData\Roaming\AllDup
[2012/03/01 09:01:48 | 000,000,000 | ---D | M] -- C:\Users\das kleinvieh\AppData\Roaming\Amazon
[2012/07/04 20:47:01 | 000,000,000 | ---D | M] -- C:\Users\das kleinvieh\AppData\Roaming\Aqeze
[2011/12/29 23:11:31 | 000,000,000 | ---D | M] -- C:\Users\das kleinvieh\AppData\Roaming\Atari
[2013/02/25 07:04:31 | 000,000,000 | ---D | M] -- C:\Users\das kleinvieh\AppData\Roaming\BabSolution
[2013/02/22 18:12:52 | 000,000,000 | ---D | M] -- C:\Users\das kleinvieh\AppData\Roaming\Babylon
[2012/07/07 18:28:07 | 000,000,000 | ---D | M] -- C:\Users\das kleinvieh\AppData\Roaming\Boem
[2012/09/14 10:19:30 | 000,000,000 | ---D | M] -- C:\Users\das kleinvieh\AppData\Roaming\calibre
[2013/02/22 18:13:46 | 000,000,000 | ---D | M] -- C:\Users\das kleinvieh\AppData\Roaming\Delta
[2013/02/23 12:14:22 | 000,000,000 | ---D | M] -- C:\Users\das kleinvieh\AppData\Roaming\Dropbox
[2012/10/17 19:20:05 | 000,000,000 | ---D | M] -- C:\Users\das kleinvieh\AppData\Roaming\DVDVideoSoft
[2012/07/19 19:36:45 | 000,000,000 | ---D | M] -- C:\Users\das kleinvieh\AppData\Roaming\fotobuch.de AG
[2012/05/19 11:48:37 | 000,000,000 | ---D | M] -- C:\Users\das kleinvieh\AppData\Roaming\FreeFLVConverter
[2012/05/03 07:00:12 | 000,000,000 | ---D | M] -- C:\Users\das kleinvieh\AppData\Roaming\HTC
[2012/02/03 20:55:11 | 000,000,000 | ---D | M] -- C:\Users\das kleinvieh\AppData\Roaming\Jens Lorek
[2012/07/05 08:46:00 | 000,000,000 | ---D | M] -- C:\Users\das kleinvieh\AppData\Roaming\Kuenma
[2012/10/17 19:19:36 | 000,000,000 | ---D | M] -- C:\Users\das kleinvieh\AppData\Roaming\OpenCandy
[2012/01/05 22:47:24 | 000,000,000 | ---D | M] -- C:\Users\das kleinvieh\AppData\Roaming\OpenOffice.org
[2013/01/08 15:17:37 | 000,000,000 | ---D | M] -- C:\Users\das kleinvieh\AppData\Roaming\SoftGrid Client
[2012/01/08 15:52:46 | 000,000,000 | ---D | M] -- C:\Users\das kleinvieh\AppData\Roaming\Thunderbird
[2011/12/28 18:12:44 | 000,000,000 | ---D | M] -- C:\Users\das kleinvieh\AppData\Roaming\Toshiba
[2011/12/28 16:14:27 | 000,000,000 | ---D | M] -- C:\Users\das kleinvieh\AppData\Roaming\TOSHIBA Online Product Information
[2012/04/03 15:17:07 | 000,000,000 | ---D | M] -- C:\Users\das kleinvieh\AppData\Roaming\TP
[2012/09/09 20:32:54 | 000,000,000 | ---D | M] -- C:\Users\das kleinvieh\AppData\Roaming\TS3Client
[2012/09/09 20:24:19 | 000,000,000 | ---D | M] -- C:\Users\das kleinvieh\AppData\Roaming\ts3overlay
[2012/04/03 20:29:32 | 000,000,000 | ---D | M] -- C:\Users\das kleinvieh\AppData\Roaming\Vessel
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012/03/03 08:27:12 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2011/08/08 09:53:38 | 000,000,000 | ---D | M] -- C:\921a40a51946bfc1cf4f8d
[2013/02/25 00:33:57 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009/07/14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013/02/25 00:28:21 | 000,000,000 | R--D | M] -- C:\Program Files
[2013/02/25 00:28:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)
[2013/02/25 00:28:19 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2013/02/25 13:57:29 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011/12/28 15:10:35 | 000,000,000 | ---D | M] -- C:\Toshiba
[2011/12/28 15:05:31 | 000,000,000 | R--D | M] -- C:\Users
[2013/02/25 00:18:37 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009/07/14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009/07/14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009/07/14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009/07/14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010/11/21 04:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009/07/14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/14 06:08:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/06/07 15:21:04 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012/11/14 13:14:33 | 000,001,120 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012/11/14 13:14:36 | 000,001,124 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
 
< MD5 for: AGP440.SYS  >
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010/11/21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010/11/21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011/03/11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010/11/21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010/11/21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010/11/21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/14 02:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll
 
< %USERPROFILE%\*.* >
[2011/09/28 08:18:06 | 000,009,038 | ---- | M] () -- C:\Users\das kleinvieh\FLVPlayer.swf
[2012/10/17 18:33:23 | 027,613,202 | ---- | M] () -- C:\Users\das kleinvieh\IMG0100.flv
[2012/10/17 18:33:23 | 000,001,518 | ---- | M] () -- C:\Users\das kleinvieh\IMG0100.html
[2013/02/25 14:28:41 | 002,097,152 | -HS- | M] () -- C:\Users\das kleinvieh\ntuser.dat
[2013/02/25 14:28:41 | 000,262,144 | -HS- | M] () -- C:\Users\das kleinvieh\ntuser.dat.LOG1
[2011/12/28 15:05:32 | 000,000,000 | -HS- | M] () -- C:\Users\das kleinvieh\ntuser.dat.LOG2
[2011/12/28 18:02:51 | 000,065,536 | -HS- | M] () -- C:\Users\das kleinvieh\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011/12/28 18:02:51 | 000,524,288 | -HS- | M] () -- C:\Users\das kleinvieh\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011/12/28 18:02:51 | 000,524,288 | -HS- | M] () -- C:\Users\das kleinvieh\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2011/12/28 15:05:32 | 000,000,020 | -HS- | M] () -- C:\Users\das kleinvieh\ntuser.ini
[2011/09/28 08:18:06 | 000,010,076 | ---- | M] () -- C:\Users\das kleinvieh\Skin.swf
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >
         
--- --- ---

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 2/25/2013 1:52:02 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\das kleinvieh\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7.61 Gb Total Physical Memory | 5.38 Gb Available Physical Memory | 70.74% Memory free
15.21 Gb Paging File | 12.35 Gb Available in Paging File | 81.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 299.02 Gb Total Space | 74.67 Gb Free Space | 24.97% Space Free | Partition Type: NTFS
Drive D: | 296.76 Gb Total Space | 211.19 Gb Free Space | 71.17% Space Free | Partition Type: NTFS
 
Computer Name: DASKLEINVIEH | User Name: das kleinvieh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\fotobuch.de\Designer 2.0\Designer.exe" = C:\Program Files (x86)\fotobuch.de\Designer 2.0\Designer.exe:*:Designer.exe -- ()
"C:\Program Files (x86)\fotobuch.de\Designer 2.0\Designer.exe" = C:\Program Files (x86)\fotobuch.de\Designer 2.0\Designer.exe:*:Designer.exe -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07890EB7-8660-486C-ADC9-CF4CF06A74C5}" = lport=445 | protocol=6 | dir=in | app=system | 
"{09BB63B7-8484-4CD4-9483-43C67E8A869F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0A58FD01-F201-4ED6-BC94-41FB339DDD6E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0F6606AC-24DB-42CC-B520-247E04E93DEB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{125E52AE-9549-45C7-8921-E6BC7790DD27}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{16B5AD9C-384D-4622-81D7-EDC31D68DCC7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1D9E6A33-588A-49A2-9CE0-C0F732A45744}" = lport=2869 | protocol=6 | dir=in | name=upnp device discovery (tcp 2869) | 
"{2C9ED414-0771-4F2D-B1B9-1316C58F5234}" = lport=138 | protocol=17 | dir=in | app=system | 
"{39BC3C72-A071-4ACC-9DA6-8564D55082CC}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{3B788083-A9AE-4BA2-95C9-AA793B3E8288}" = rport=137 | protocol=17 | dir=out | app=system | 
"{4288D53F-C651-41E1-A793-BE9BD1E1E0B8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4C7512F1-7205-4034-B453-F7D3888BDE43}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{5EC05CE0-7092-404E-BEC0-17B8CC3AF69F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{6CA9F014-E5F9-429D-917B-AB0426991A0F}" = lport=137 | protocol=17 | dir=in | app=system | 
"{7591C57E-D6C7-4C1E-89D7-D45DF91EC78F}" = rport=445 | protocol=6 | dir=out | app=system | 
"{77F66C16-04B4-4D14-8962-98A7AC9BFF83}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{80B73AE0-E934-4D3A-B826-15499A1EE320}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{8AB85FB8-A8CB-4B64-9423-BE0E7751E50F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{A87A2C56-0F32-4FB3-AA72-75C7C9FCFFC4}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{B631F91B-FA7D-420B-98EC-3B5097BAAA6C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{C68C5C16-0D8D-4C9E-8EED-61603F379B07}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{CCB6C3C7-0820-4006-A6B5-B23D48FAE3BC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{CFC27FDA-4832-414A-AF66-F645BB98B5D6}" = rport=139 | protocol=6 | dir=out | app=system | 
"{E5FB0B64-15D2-46E9-A014-E32B562F3602}" = rport=138 | protocol=17 | dir=out | app=system | 
"{ED864E1D-F2E7-4EA2-AD51-77D4C3964EA1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F299FC13-CAD5-4188-BE07-175D0058DABC}" = lport=1900 | protocol=17 | dir=in | name=upnp device discovery (udp 1900) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{038F11F7-8BAE-4C79-81C1-C88B0D31BD38}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0981AA37-D5C2-49FE-B88C-B03241DD2CC9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1D193B89-9FFC-4B77-B023-FE0DF848328A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1D1F8561-CA3B-4F9C-9EAC-E7FDBC199413}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{20DC7EDD-E485-4CB4-B01E-931B35A64780}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{24AA54F2-4775-47B4-BA13-BFAC8732BB7B}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{367BA6BF-2762-4867-82CE-480DDFDCFDA1}" = protocol=6 | dir=in | app=c:\users\das kleinvieh\appdata\roaming\dropbox\bin\dropbox.exe | 
"{37A91973-564D-40D7-9DE9-5A344B8F4710}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3A8D55CA-F192-4AB2-B0B9-D9C4CE6264F6}" = dir=in | app=c:\program files (x86)\common files\pctv systems\streamingserver\strmserver.exe | 
"{3AC6B63F-700E-4C6F-9EF7-8B7DF142B8FB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{3FC4DED0-76D6-4F01-9335-5E5A18AFF636}" = dir=in | app=c:\windows\ehome\ehrecvr.exe | 
"{60E8DF25-584D-4FC4-AE0A-0D828B3820C8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{639AE670-8E7E-465F-94BB-69E0EFFC728C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6C67DBC2-C9D2-4AC0-B6C7-307025DE71B5}" = dir=in | app=c:\program files (x86)\common files\pctv systems\pvr\videocontrol.exe | 
"{721803A3-BD33-467C-BB39-D11E6905FCE4}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{72FDCCD2-A4CD-4741-B3D6-F9DE1FB5BA25}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{7F8CB670-359C-42A8-8704-E695857D9DF6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{855D6FF3-9250-414E-8FCE-1723158F8377}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{A441EF6B-4CD3-4D7A-AEC1-9BEB108693A6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A559240C-7A27-45EB-9E9E-435F183B2BF9}" = protocol=6 | dir=out | app=system | 
"{A5F81F62-0CCC-44E2-914C-17DA71A3DBC2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{ACB304E7-BE64-4152-A9DD-D620A9FDCB7D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{AECA852D-285B-4780-B8BC-D6C8F57F941E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{B0CA2DF1-718F-4D9C-83D5-A216642ED24D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{BCF4D519-E58C-46DB-A820-FD9EC66113DC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{BF2CF403-41AC-45E0-97BA-3BA01939CA63}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{C04123F5-4C3E-40ED-AE4C-FDF51FADB8C6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{C0531599-DC81-407E-AB56-76BD40156E06}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{C2C69C3A-5A1D-4231-9A79-7860D3F205F5}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{CA73F23C-9DEC-4292-9BF3-20F2FAD15B47}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D0FDF293-0ABF-4357-81A4-0CE57B1B50A3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{D37BFD5D-57DB-43E7-AFAF-382A90D130A5}" = protocol=17 | dir=in | app=c:\users\das kleinvieh\appdata\roaming\dropbox\bin\dropbox.exe | 
"{D7A50C08-B963-483D-B26B-BD421F93F6ED}" = dir=in | app=c:\program files (x86)\pctv systems\tvcenter\tvcenter.exe | 
"{D91F9AAD-09B0-43DA-9496-3F4845478D57}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DD0A5600-BC5F-4CB9-9550-049DF1870266}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{DEED4239-CD04-4123-9BDB-08F9F2242747}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{E52E69F3-9AFA-4777-8FB6-31345EEC5EEC}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{E7385B36-F140-4FDC-9C76-22259D276AB7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{EA14E844-5F61-4442-977B-EB855C9871C2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"TCP Query User{12BF948D-8B40-4BB0-8817-3BED3AD3DB98}C:\program files (x86)\progdvb\progdvbnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\progdvb\progdvbnet.exe | 
"TCP Query User{2748A7F3-6D14-4E5D-A7E7-61AB1D17F45E}C:\users\das kleinvieh\appdata\roaming\boem\meybi.exe" = protocol=6 | dir=in | app=c:\users\das kleinvieh\appdata\roaming\boem\meybi.exe | 
"TCP Query User{2B038957-E05F-4D0A-A679-DF38C68373B0}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | 
"TCP Query User{4324D5BD-F316-49E9-942A-0C157771DEB2}C:\users\das kleinvieh\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\das kleinvieh\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{834CBDC6-3438-40F3-A484-33E8A72EA8EA}C:\users\das kleinvieh\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\das kleinvieh\appdata\local\temp\gw2.exe | 
"TCP Query User{B48F197C-94C3-4339-BF4E-8BE532E9DE6B}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{D4525631-52A6-46A8-BA8D-73D7A48F380F}C:\users\das kleinvieh\appdata\roaming\boem\meybi.exe" = protocol=6 | dir=in | app=c:\users\das kleinvieh\appdata\roaming\boem\meybi.exe | 
"UDP Query User{0E45DE16-1CB1-48E4-AE62-68AE0D5B1789}C:\users\das kleinvieh\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\das kleinvieh\appdata\local\temp\gw2.exe | 
"UDP Query User{25154E03-0F10-4E4A-ACAA-0130A750026D}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{3D0CEB78-4034-48D6-B326-B52BD1FEF06B}C:\users\das kleinvieh\appdata\roaming\boem\meybi.exe" = protocol=17 | dir=in | app=c:\users\das kleinvieh\appdata\roaming\boem\meybi.exe | 
"UDP Query User{624D3F9F-C656-4EAC-9C7A-1B4A7E907C08}C:\users\das kleinvieh\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\das kleinvieh\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{6725E3F8-DEE5-4623-9913-D7401E92DD3F}C:\users\das kleinvieh\appdata\roaming\boem\meybi.exe" = protocol=17 | dir=in | app=c:\users\das kleinvieh\appdata\roaming\boem\meybi.exe | 
"UDP Query User{ECC29018-F373-40FE-B6B6-0E620A4E4BFC}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | 
"UDP Query User{FB96FA7A-83B9-4D98-84A4-DA1E92018226}C:\program files (x86)\progdvb\progdvbnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\progdvb\progdvbnet.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{18F703C3-32EC-4E5C-BC3C-C1BD72D35F5B}" = TVCenter
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{4ACA5AE7-E68C-5A48-F8E6-D67946267506}" = ATI Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{6316805C-2485-2FF5-974C-750E3BE1DF65}" = AMD Media Foundation Decoders
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A34D9B7F-8453-DA02-DC98-EEEE085411C6}" = ccc-utility64
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DCA66383-D4C4-4C92-B501-14D2CDF306EC}" = Livedrive
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0146E330-EEE7-B924-B347-B399460893ED}" = CCC Help Czech
"{02FCAA8F-59D3-4198-822E-135C61EE4F0B}" = NeroKwikMedia Help (CHM)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{09927C92-A652-057A-3A7B-153F23175C58}" = CCC Help Dutch
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{109CBCC5-7151-1CC6-DAD6-6F7DD3162A8A}" = Catalyst Control Center InstallProxy
"{119826A8-4EF6-4BE5-A88B-D2D81FA7CEE2}" = TOSHIBA Supervisor Password
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserProtect
"{177586E7-E42E-4F38-83D1-D15B4AF5B714}" = Delta Chrome Toolbar
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19E40731-8E1A-07FB-DA7D-8A54603F6408}" = CCC Help English
"{1B97813D-74A7-25EB-4837-792413507E82}" = CCC Help Danish
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1CF94211-A7BB-8151-44B8-6618C5A162F8}" = CCC Help Portuguese
"{1D7FEEAC-6CEE-5B5F-A8B0-9BE7A6BCB7FB}" = CCC Help Chinese Traditional
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}" = Nero Kwik Media
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2063D199-D79F-471A-9019-9E647296394D}" = Nero Multimedia Suite 10 Essentials
"{2290A680-4083-410A-ADCC-7092C67FC052}" = TOSHIBA Online Product Information
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{247E03D2-485B-7A70-BF5C-AB9BDF6AFB44}" = CCC Help Polish
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2C303EE0-A595-3543-A71A-931C7AC40EDE}" = Microsoft Primary Interoperability Assemblies 2005
"{2EEFB3C4-4706-C2B5-DF69-CF914D87BCE4}" = CCC Help Swedish
"{2FD5D2C5-A7A1-4065-89BA-90542BF7CCD3}" = TOSHIBA Hardware Setup
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{337FDED7-D27B-E476-E888-3674E1C01C69}" = CCC Help Spanish
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4485C9D0-A742-F1BB-C0B0-58FC61960D99}" = CCC Help Korean
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{461F6F0D-7173-4902-9604-AB1A29108AF2}" = TOSHIBA Places Icon Utility
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A423411-E28A-4A13-BDB0-8E8BC42FFA29}" = HTC Sync
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58CB9A9A-1EFB-4EA8-B50C-3097E754AC21}" = High-Definition Video Playback
"{5BA99779-6E12-49EF-BE49-F35B1EDB4DF9}" = TOSHIBA Wireless LAN Indicator
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{666E35A7-A224-E3E9-48C2-C641837535D9}" = Catalyst Control Center Localization All
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{8064A378-46F4-4A4E-8AF5-153D0D4018DD}" = Catalyst Control Center - Branding
"{83601916-2E71-F1C7-EE5F-A1C985BC9217}" = CCC Help German
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A34A135-D405-DD03-9B2E-0EB99238A312}" = CCC Help Finnish
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9550EA6C-4CBE-C1F3-1E1C-5E87F2C645ED}" = CCC Help French
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97F67013-3076-4261-DC10-808409655042}" = AMD VISION Engine Control Center
"{986BB897-C295-2FED-8DCA-4ADE3AFCEF84}" = CCC Help Russian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A4FF8F4E-D665-712B-07EE-F03ED360E9BE}" = CCC Help Italian
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.6) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADB50F70-98FF-067F-DF39-47DD83E32D58}" = CCC Help Chinese Standard
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B83FCE14-53D5-CBF8-87E9-59B8968ADB4C}" = CCC Help Norwegian
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C78E3449-4F24-839B-5F7A-6911C67A5BE9}" = Catalyst Control Center Graphics Previews Common
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D5AEEAA2-184E-4A2A-BAA3-6225EA4B9516}" = TOSHIBA ConfigFree
"{D6E90970-BA9C-51AA-EFA2-9F80A7AE0956}" = CCC Help Thai
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D826A52E-0AC9-5A55-61B8-0E088477A1B0}" = CCC Help Greek
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E60B35E0-824B-4DB7-B494-8ECB118C5AC6}" = calibre
"{E69540AC-FFC3-5519-F925-5ACC8D20DED5}" = CCC Help Hungarian
"{E9D96BD5-7D33-7ED3-0A8E-229FA2524487}" = CCC Help Turkish
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F082CB11-4794-4259-99A1-D91BA762AD15}" = TOSHIBA TEMPRO
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F931F27F-A967-982A-9226-494787D5FBBB}" = CCC Help Japanese
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Absolute Video to Audio Converter_is1" = Absolute Video to Audio Converter 3.1.8
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AllDup_is1" = AllDup 3.4.18
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"AudibleDownloadManager" = Audible Download Manager
"Audiograbber" = Audiograbber 1.83 SE 
"Audiograbber-Lame" = Audiograbber MP3-Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CloneDVD2" = CloneDVD2
"delta" = Delta toolbar  
"Designer 2.0_is1" = Designer 2.0
"Free FLV Converter_is1" = Free FLV Converter V 7.4.0
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.19.1015
"Google Chrome" = Google Chrome
"Guild Wars 2" = Guild Wars 2
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Amazon Kindle" = Amazon Kindle
"Dropbox" = Dropbox
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12/21/2012 4:02:34 PM | Computer Name = daskleinvieh | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1076
 
Error - 12/21/2012 4:02:35 PM | Computer Name = daskleinvieh | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 12/21/2012 4:02:35 PM | Computer Name = daskleinvieh | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2121
 
Error - 12/21/2012 4:02:35 PM | Computer Name = daskleinvieh | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2121
 
Error - 12/21/2012 4:43:10 PM | Computer Name = daskleinvieh | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 12/21/2012 4:43:10 PM | Computer Name = daskleinvieh | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1466
 
Error - 12/21/2012 4:43:10 PM | Computer Name = daskleinvieh | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1466
 
Error - 12/21/2012 4:43:11 PM | Computer Name = daskleinvieh | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 12/21/2012 4:43:11 PM | Computer Name = daskleinvieh | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2792
 
Error - 12/21/2012 4:43:11 PM | Computer Name = daskleinvieh | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2792
 
[ Media Center Events ]
Error - 2/22/2012 5:36:56 AM | Computer Name = daskleinvieh | Source = MCUpdate | ID = 0
Description = 10:36:48 - Fehler beim Herstellen der Internetverbindung.  10:36:48 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 2/22/2012 6:51:20 AM | Computer Name = daskleinvieh | Source = MCUpdate | ID = 0
Description = 11:51:20 - Fehler beim Herstellen der Internetverbindung.  11:51:20 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 2/22/2012 6:51:27 AM | Computer Name = daskleinvieh | Source = MCUpdate | ID = 0
Description = 11:51:25 - Fehler beim Herstellen der Internetverbindung.  11:51:25 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 2/22/2012 7:51:33 AM | Computer Name = daskleinvieh | Source = MCUpdate | ID = 0
Description = 12:51:33 - Fehler beim Herstellen der Internetverbindung.  12:51:33 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 2/22/2012 7:51:41 AM | Computer Name = daskleinvieh | Source = MCUpdate | ID = 0
Description = 12:51:38 - Fehler beim Herstellen der Internetverbindung.  12:51:38 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 3/13/2012 1:50:04 PM | Computer Name = daskleinvieh | Source = MCUpdate | ID = 0
Description = 18:50:04 - Fehler beim Herstellen der Internetverbindung.  18:50:04 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 3/13/2012 1:50:17 PM | Computer Name = daskleinvieh | Source = MCUpdate | ID = 0
Description = 18:50:10 - Fehler beim Herstellen der Internetverbindung.  18:50:10 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 3/13/2012 2:50:22 PM | Computer Name = daskleinvieh | Source = MCUpdate | ID = 0
Description = 19:50:22 - Fehler beim Herstellen der Internetverbindung.  19:50:22 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 3/13/2012 2:50:33 PM | Computer Name = daskleinvieh | Source = MCUpdate | ID = 0
Description = 19:50:27 - Fehler beim Herstellen der Internetverbindung.  19:50:27 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 12/18/2012 3:33:28 AM | Computer Name = daskleinvieh | Source = MCUpdate | ID = 0
Description = 08:33:26 - Fehler beim Herstellen der Internetverbindung.  08:33:26 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 2/23/2013 6:24:14 AM | Computer Name = daskleinvieh | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 2/23/2013 6:24:21 AM | Computer Name = daskleinvieh | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 2/23/2013 7:08:26 AM | Computer Name = daskleinvieh | Source = DCOM | ID = 10010
Description = 
 
Error - 2/23/2013 7:19:08 AM | Computer Name = daskleinvieh | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 2/23/2013 7:19:08 AM | Computer Name = daskleinvieh | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 2/24/2013 7:06:46 PM | Computer Name = daskleinvieh | Source = Service Control Manager | ID = 7034
Description = Dienst "Google Update-Dienst (gupdate)" wurde unerwartet beendet. 
Dies ist bereits 1 Mal passiert.
 
Error - 2/24/2013 7:06:50 PM | Computer Name = daskleinvieh | Source = DCOM | ID = 10010
Description = 
 
Error - 2/24/2013 7:18:02 PM | Computer Name = daskleinvieh | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 2/24/2013 7:19:14 PM | Computer Name = daskleinvieh | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
 des Dienstes "Apple Mobile Device" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
 ist fehlgeschlagen. Fehler:   %%1056
 
Error - 2/24/2013 7:19:18 PM | Computer Name = daskleinvieh | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
 bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
 
< End of report >
         
--- --- ---
__________________

Alt 25.02.2013, 13:43   #4
Kleinvieh
 
Avira Antivir meldet Adware/Yontoo.Gen - Standard

Avira Antivir meldet Adware/Yontoo.Gen



OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 2/25/2013 1:52:02 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\das kleinvieh\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7.61 Gb Total Physical Memory | 5.38 Gb Available Physical Memory | 70.74% Memory free
15.21 Gb Paging File | 12.35 Gb Available in Paging File | 81.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 299.02 Gb Total Space | 74.67 Gb Free Space | 24.97% Space Free | Partition Type: NTFS
Drive D: | 296.76 Gb Total Space | 211.19 Gb Free Space | 71.17% Space Free | Partition Type: NTFS
 
Computer Name: DASKLEINVIEH | User Name: das kleinvieh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\fotobuch.de\Designer 2.0\Designer.exe" = C:\Program Files (x86)\fotobuch.de\Designer 2.0\Designer.exe:*:Designer.exe -- ()
"C:\Program Files (x86)\fotobuch.de\Designer 2.0\Designer.exe" = C:\Program Files (x86)\fotobuch.de\Designer 2.0\Designer.exe:*:Designer.exe -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07890EB7-8660-486C-ADC9-CF4CF06A74C5}" = lport=445 | protocol=6 | dir=in | app=system | 
"{09BB63B7-8484-4CD4-9483-43C67E8A869F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0A58FD01-F201-4ED6-BC94-41FB339DDD6E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0F6606AC-24DB-42CC-B520-247E04E93DEB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{125E52AE-9549-45C7-8921-E6BC7790DD27}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{16B5AD9C-384D-4622-81D7-EDC31D68DCC7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1D9E6A33-588A-49A2-9CE0-C0F732A45744}" = lport=2869 | protocol=6 | dir=in | name=upnp device discovery (tcp 2869) | 
"{2C9ED414-0771-4F2D-B1B9-1316C58F5234}" = lport=138 | protocol=17 | dir=in | app=system | 
"{39BC3C72-A071-4ACC-9DA6-8564D55082CC}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{3B788083-A9AE-4BA2-95C9-AA793B3E8288}" = rport=137 | protocol=17 | dir=out | app=system | 
"{4288D53F-C651-41E1-A793-BE9BD1E1E0B8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4C7512F1-7205-4034-B453-F7D3888BDE43}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{5EC05CE0-7092-404E-BEC0-17B8CC3AF69F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{6CA9F014-E5F9-429D-917B-AB0426991A0F}" = lport=137 | protocol=17 | dir=in | app=system | 
"{7591C57E-D6C7-4C1E-89D7-D45DF91EC78F}" = rport=445 | protocol=6 | dir=out | app=system | 
"{77F66C16-04B4-4D14-8962-98A7AC9BFF83}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{80B73AE0-E934-4D3A-B826-15499A1EE320}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{8AB85FB8-A8CB-4B64-9423-BE0E7751E50F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{A87A2C56-0F32-4FB3-AA72-75C7C9FCFFC4}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{B631F91B-FA7D-420B-98EC-3B5097BAAA6C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{C68C5C16-0D8D-4C9E-8EED-61603F379B07}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{CCB6C3C7-0820-4006-A6B5-B23D48FAE3BC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{CFC27FDA-4832-414A-AF66-F645BB98B5D6}" = rport=139 | protocol=6 | dir=out | app=system | 
"{E5FB0B64-15D2-46E9-A014-E32B562F3602}" = rport=138 | protocol=17 | dir=out | app=system | 
"{ED864E1D-F2E7-4EA2-AD51-77D4C3964EA1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F299FC13-CAD5-4188-BE07-175D0058DABC}" = lport=1900 | protocol=17 | dir=in | name=upnp device discovery (udp 1900) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{038F11F7-8BAE-4C79-81C1-C88B0D31BD38}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0981AA37-D5C2-49FE-B88C-B03241DD2CC9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1D193B89-9FFC-4B77-B023-FE0DF848328A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1D1F8561-CA3B-4F9C-9EAC-E7FDBC199413}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{20DC7EDD-E485-4CB4-B01E-931B35A64780}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{24AA54F2-4775-47B4-BA13-BFAC8732BB7B}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{367BA6BF-2762-4867-82CE-480DDFDCFDA1}" = protocol=6 | dir=in | app=c:\users\das kleinvieh\appdata\roaming\dropbox\bin\dropbox.exe | 
"{37A91973-564D-40D7-9DE9-5A344B8F4710}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3A8D55CA-F192-4AB2-B0B9-D9C4CE6264F6}" = dir=in | app=c:\program files (x86)\common files\pctv systems\streamingserver\strmserver.exe | 
"{3AC6B63F-700E-4C6F-9EF7-8B7DF142B8FB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{3FC4DED0-76D6-4F01-9335-5E5A18AFF636}" = dir=in | app=c:\windows\ehome\ehrecvr.exe | 
"{60E8DF25-584D-4FC4-AE0A-0D828B3820C8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{639AE670-8E7E-465F-94BB-69E0EFFC728C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6C67DBC2-C9D2-4AC0-B6C7-307025DE71B5}" = dir=in | app=c:\program files (x86)\common files\pctv systems\pvr\videocontrol.exe | 
"{721803A3-BD33-467C-BB39-D11E6905FCE4}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{72FDCCD2-A4CD-4741-B3D6-F9DE1FB5BA25}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{7F8CB670-359C-42A8-8704-E695857D9DF6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{855D6FF3-9250-414E-8FCE-1723158F8377}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{A441EF6B-4CD3-4D7A-AEC1-9BEB108693A6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A559240C-7A27-45EB-9E9E-435F183B2BF9}" = protocol=6 | dir=out | app=system | 
"{A5F81F62-0CCC-44E2-914C-17DA71A3DBC2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{ACB304E7-BE64-4152-A9DD-D620A9FDCB7D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{AECA852D-285B-4780-B8BC-D6C8F57F941E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{B0CA2DF1-718F-4D9C-83D5-A216642ED24D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{BCF4D519-E58C-46DB-A820-FD9EC66113DC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{BF2CF403-41AC-45E0-97BA-3BA01939CA63}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{C04123F5-4C3E-40ED-AE4C-FDF51FADB8C6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{C0531599-DC81-407E-AB56-76BD40156E06}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{C2C69C3A-5A1D-4231-9A79-7860D3F205F5}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{CA73F23C-9DEC-4292-9BF3-20F2FAD15B47}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D0FDF293-0ABF-4357-81A4-0CE57B1B50A3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{D37BFD5D-57DB-43E7-AFAF-382A90D130A5}" = protocol=17 | dir=in | app=c:\users\das kleinvieh\appdata\roaming\dropbox\bin\dropbox.exe | 
"{D7A50C08-B963-483D-B26B-BD421F93F6ED}" = dir=in | app=c:\program files (x86)\pctv systems\tvcenter\tvcenter.exe | 
"{D91F9AAD-09B0-43DA-9496-3F4845478D57}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DD0A5600-BC5F-4CB9-9550-049DF1870266}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{DEED4239-CD04-4123-9BDB-08F9F2242747}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{E52E69F3-9AFA-4777-8FB6-31345EEC5EEC}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{E7385B36-F140-4FDC-9C76-22259D276AB7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{EA14E844-5F61-4442-977B-EB855C9871C2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"TCP Query User{12BF948D-8B40-4BB0-8817-3BED3AD3DB98}C:\program files (x86)\progdvb\progdvbnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\progdvb\progdvbnet.exe | 
"TCP Query User{2748A7F3-6D14-4E5D-A7E7-61AB1D17F45E}C:\users\das kleinvieh\appdata\roaming\boem\meybi.exe" = protocol=6 | dir=in | app=c:\users\das kleinvieh\appdata\roaming\boem\meybi.exe | 
"TCP Query User{2B038957-E05F-4D0A-A679-DF38C68373B0}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | 
"TCP Query User{4324D5BD-F316-49E9-942A-0C157771DEB2}C:\users\das kleinvieh\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\das kleinvieh\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{834CBDC6-3438-40F3-A484-33E8A72EA8EA}C:\users\das kleinvieh\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\das kleinvieh\appdata\local\temp\gw2.exe | 
"TCP Query User{B48F197C-94C3-4339-BF4E-8BE532E9DE6B}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{D4525631-52A6-46A8-BA8D-73D7A48F380F}C:\users\das kleinvieh\appdata\roaming\boem\meybi.exe" = protocol=6 | dir=in | app=c:\users\das kleinvieh\appdata\roaming\boem\meybi.exe | 
"UDP Query User{0E45DE16-1CB1-48E4-AE62-68AE0D5B1789}C:\users\das kleinvieh\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\das kleinvieh\appdata\local\temp\gw2.exe | 
"UDP Query User{25154E03-0F10-4E4A-ACAA-0130A750026D}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{3D0CEB78-4034-48D6-B326-B52BD1FEF06B}C:\users\das kleinvieh\appdata\roaming\boem\meybi.exe" = protocol=17 | dir=in | app=c:\users\das kleinvieh\appdata\roaming\boem\meybi.exe | 
"UDP Query User{624D3F9F-C656-4EAC-9C7A-1B4A7E907C08}C:\users\das kleinvieh\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\das kleinvieh\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{6725E3F8-DEE5-4623-9913-D7401E92DD3F}C:\users\das kleinvieh\appdata\roaming\boem\meybi.exe" = protocol=17 | dir=in | app=c:\users\das kleinvieh\appdata\roaming\boem\meybi.exe | 
"UDP Query User{ECC29018-F373-40FE-B6B6-0E620A4E4BFC}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | 
"UDP Query User{FB96FA7A-83B9-4D98-84A4-DA1E92018226}C:\program files (x86)\progdvb\progdvbnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\progdvb\progdvbnet.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{18F703C3-32EC-4E5C-BC3C-C1BD72D35F5B}" = TVCenter
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{4ACA5AE7-E68C-5A48-F8E6-D67946267506}" = ATI Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{6316805C-2485-2FF5-974C-750E3BE1DF65}" = AMD Media Foundation Decoders
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A34D9B7F-8453-DA02-DC98-EEEE085411C6}" = ccc-utility64
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DCA66383-D4C4-4C92-B501-14D2CDF306EC}" = Livedrive
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0146E330-EEE7-B924-B347-B399460893ED}" = CCC Help Czech
"{02FCAA8F-59D3-4198-822E-135C61EE4F0B}" = NeroKwikMedia Help (CHM)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{09927C92-A652-057A-3A7B-153F23175C58}" = CCC Help Dutch
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{109CBCC5-7151-1CC6-DAD6-6F7DD3162A8A}" = Catalyst Control Center InstallProxy
"{119826A8-4EF6-4BE5-A88B-D2D81FA7CEE2}" = TOSHIBA Supervisor Password
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserProtect
"{177586E7-E42E-4F38-83D1-D15B4AF5B714}" = Delta Chrome Toolbar
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19E40731-8E1A-07FB-DA7D-8A54603F6408}" = CCC Help English
"{1B97813D-74A7-25EB-4837-792413507E82}" = CCC Help Danish
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1CF94211-A7BB-8151-44B8-6618C5A162F8}" = CCC Help Portuguese
"{1D7FEEAC-6CEE-5B5F-A8B0-9BE7A6BCB7FB}" = CCC Help Chinese Traditional
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}" = Nero Kwik Media
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2063D199-D79F-471A-9019-9E647296394D}" = Nero Multimedia Suite 10 Essentials
"{2290A680-4083-410A-ADCC-7092C67FC052}" = TOSHIBA Online Product Information
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{247E03D2-485B-7A70-BF5C-AB9BDF6AFB44}" = CCC Help Polish
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2C303EE0-A595-3543-A71A-931C7AC40EDE}" = Microsoft Primary Interoperability Assemblies 2005
"{2EEFB3C4-4706-C2B5-DF69-CF914D87BCE4}" = CCC Help Swedish
"{2FD5D2C5-A7A1-4065-89BA-90542BF7CCD3}" = TOSHIBA Hardware Setup
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{337FDED7-D27B-E476-E888-3674E1C01C69}" = CCC Help Spanish
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4485C9D0-A742-F1BB-C0B0-58FC61960D99}" = CCC Help Korean
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{461F6F0D-7173-4902-9604-AB1A29108AF2}" = TOSHIBA Places Icon Utility
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A423411-E28A-4A13-BDB0-8E8BC42FFA29}" = HTC Sync
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58CB9A9A-1EFB-4EA8-B50C-3097E754AC21}" = High-Definition Video Playback
"{5BA99779-6E12-49EF-BE49-F35B1EDB4DF9}" = TOSHIBA Wireless LAN Indicator
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{666E35A7-A224-E3E9-48C2-C641837535D9}" = Catalyst Control Center Localization All
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{8064A378-46F4-4A4E-8AF5-153D0D4018DD}" = Catalyst Control Center - Branding
"{83601916-2E71-F1C7-EE5F-A1C985BC9217}" = CCC Help German
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A34A135-D405-DD03-9B2E-0EB99238A312}" = CCC Help Finnish
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9550EA6C-4CBE-C1F3-1E1C-5E87F2C645ED}" = CCC Help French
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97F67013-3076-4261-DC10-808409655042}" = AMD VISION Engine Control Center
"{986BB897-C295-2FED-8DCA-4ADE3AFCEF84}" = CCC Help Russian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A4FF8F4E-D665-712B-07EE-F03ED360E9BE}" = CCC Help Italian
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.6) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADB50F70-98FF-067F-DF39-47DD83E32D58}" = CCC Help Chinese Standard
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B83FCE14-53D5-CBF8-87E9-59B8968ADB4C}" = CCC Help Norwegian
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C78E3449-4F24-839B-5F7A-6911C67A5BE9}" = Catalyst Control Center Graphics Previews Common
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D5AEEAA2-184E-4A2A-BAA3-6225EA4B9516}" = TOSHIBA ConfigFree
"{D6E90970-BA9C-51AA-EFA2-9F80A7AE0956}" = CCC Help Thai
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D826A52E-0AC9-5A55-61B8-0E088477A1B0}" = CCC Help Greek
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E60B35E0-824B-4DB7-B494-8ECB118C5AC6}" = calibre
"{E69540AC-FFC3-5519-F925-5ACC8D20DED5}" = CCC Help Hungarian
"{E9D96BD5-7D33-7ED3-0A8E-229FA2524487}" = CCC Help Turkish
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F082CB11-4794-4259-99A1-D91BA762AD15}" = TOSHIBA TEMPRO
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F931F27F-A967-982A-9226-494787D5FBBB}" = CCC Help Japanese
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Absolute Video to Audio Converter_is1" = Absolute Video to Audio Converter 3.1.8
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AllDup_is1" = AllDup 3.4.18
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"AudibleDownloadManager" = Audible Download Manager
"Audiograbber" = Audiograbber 1.83 SE 
"Audiograbber-Lame" = Audiograbber MP3-Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CloneDVD2" = CloneDVD2
"delta" = Delta toolbar  
"Designer 2.0_is1" = Designer 2.0
"Free FLV Converter_is1" = Free FLV Converter V 7.4.0
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.19.1015
"Google Chrome" = Google Chrome
"Guild Wars 2" = Guild Wars 2
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Amazon Kindle" = Amazon Kindle
"Dropbox" = Dropbox
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12/21/2012 4:02:34 PM | Computer Name = daskleinvieh | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1076
 
Error - 12/21/2012 4:02:35 PM | Computer Name = daskleinvieh | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 12/21/2012 4:02:35 PM | Computer Name = daskleinvieh | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2121
 
Error - 12/21/2012 4:02:35 PM | Computer Name = daskleinvieh | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2121
 
Error - 12/21/2012 4:43:10 PM | Computer Name = daskleinvieh | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 12/21/2012 4:43:10 PM | Computer Name = daskleinvieh | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1466
 
Error - 12/21/2012 4:43:10 PM | Computer Name = daskleinvieh | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1466
 
Error - 12/21/2012 4:43:11 PM | Computer Name = daskleinvieh | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 12/21/2012 4:43:11 PM | Computer Name = daskleinvieh | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2792
 
Error - 12/21/2012 4:43:11 PM | Computer Name = daskleinvieh | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2792
 
[ Media Center Events ]
Error - 2/22/2012 5:36:56 AM | Computer Name = daskleinvieh | Source = MCUpdate | ID = 0
Description = 10:36:48 - Fehler beim Herstellen der Internetverbindung.  10:36:48 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 2/22/2012 6:51:20 AM | Computer Name = daskleinvieh | Source = MCUpdate | ID = 0
Description = 11:51:20 - Fehler beim Herstellen der Internetverbindung.  11:51:20 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 2/22/2012 6:51:27 AM | Computer Name = daskleinvieh | Source = MCUpdate | ID = 0
Description = 11:51:25 - Fehler beim Herstellen der Internetverbindung.  11:51:25 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 2/22/2012 7:51:33 AM | Computer Name = daskleinvieh | Source = MCUpdate | ID = 0
Description = 12:51:33 - Fehler beim Herstellen der Internetverbindung.  12:51:33 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 2/22/2012 7:51:41 AM | Computer Name = daskleinvieh | Source = MCUpdate | ID = 0
Description = 12:51:38 - Fehler beim Herstellen der Internetverbindung.  12:51:38 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 3/13/2012 1:50:04 PM | Computer Name = daskleinvieh | Source = MCUpdate | ID = 0
Description = 18:50:04 - Fehler beim Herstellen der Internetverbindung.  18:50:04 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 3/13/2012 1:50:17 PM | Computer Name = daskleinvieh | Source = MCUpdate | ID = 0
Description = 18:50:10 - Fehler beim Herstellen der Internetverbindung.  18:50:10 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 3/13/2012 2:50:22 PM | Computer Name = daskleinvieh | Source = MCUpdate | ID = 0
Description = 19:50:22 - Fehler beim Herstellen der Internetverbindung.  19:50:22 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 3/13/2012 2:50:33 PM | Computer Name = daskleinvieh | Source = MCUpdate | ID = 0
Description = 19:50:27 - Fehler beim Herstellen der Internetverbindung.  19:50:27 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 12/18/2012 3:33:28 AM | Computer Name = daskleinvieh | Source = MCUpdate | ID = 0
Description = 08:33:26 - Fehler beim Herstellen der Internetverbindung.  08:33:26 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 2/23/2013 6:24:14 AM | Computer Name = daskleinvieh | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 2/23/2013 6:24:21 AM | Computer Name = daskleinvieh | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 2/23/2013 7:08:26 AM | Computer Name = daskleinvieh | Source = DCOM | ID = 10010
Description = 
 
Error - 2/23/2013 7:19:08 AM | Computer Name = daskleinvieh | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 2/23/2013 7:19:08 AM | Computer Name = daskleinvieh | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 2/24/2013 7:06:46 PM | Computer Name = daskleinvieh | Source = Service Control Manager | ID = 7034
Description = Dienst "Google Update-Dienst (gupdate)" wurde unerwartet beendet. 
Dies ist bereits 1 Mal passiert.
 
Error - 2/24/2013 7:06:50 PM | Computer Name = daskleinvieh | Source = DCOM | ID = 10010
Description = 
 
Error - 2/24/2013 7:18:02 PM | Computer Name = daskleinvieh | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 2/24/2013 7:19:14 PM | Computer Name = daskleinvieh | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
 des Dienstes "Apple Mobile Device" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
 ist fehlgeschlagen. Fehler:   %%1056
 
Error - 2/24/2013 7:19:18 PM | Computer Name = daskleinvieh | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
 bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
 
< End of report >
         
--- --- ---

Alt 25.02.2013, 15:07   #5
markusg
/// Malware-holic
 
Avira Antivir meldet Adware/Yontoo.Gen - Standard

Avira Antivir meldet Adware/Yontoo.Gen



Hi,
otl fix

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:OTL
O4 - HKCU..\Run: [Udbaotbo] "C:\Users\das kleinvieh\AppData\Roaming\Boem\meybi.exe" File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: []  File not found
:files
:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 25.02.2013, 15:37   #6
Kleinvieh
 
Avira Antivir meldet Adware/Yontoo.Gen - Standard

Avira Antivir meldet Adware/Yontoo.Gen



All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Udbaotbo deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: das kleinvieh
->Temp folder emptied: 1509735462 bytes
->Temporary Internet Files folder emptied: 992702357 bytes
->Java cache emptied: 230869 bytes
->FireFox cache emptied: 71140917 bytes
->Google Chrome cache emptied: 375287214 bytes
->Apple Safari cache emptied: 190464 bytes
->Flash cache emptied: 3676 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 396477458 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 53187 bytes
RecycleBin emptied: 3319135620 bytes

Total Files Cleaned = 6,356.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02252013_162226

Files\Folders moved on Reboot...
File\Folder C:\Users\das kleinvieh\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\TSQWU1GG\=1;a8=1;b6=2;f3=4;j2=0;i0=1;k1=1;n1=3;n2=3;n3=3;n4=3;n5=3;n6=0;n7=3;n8=3;n9=0;a0=3;z1=1;z2=1;j8=3;j9=2;x3=1;x8=1;k5=1;x2=1; x5=1;k8=1;x1=1;k9=1;k10=1;k4=1;k11=0;l5=1;[1].js not found!
File\Folder C:\Users\das kleinvieh\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\TSQWU1GG\=1;a8=1;b6=2;f3=4;j2=0;i0=1;k1=1;n1=3;n2=3;n3=3;n4=3;n5=3;n6=0;n7=3;n8=3;n9=0;a0=3;z1=1;z2=1;j8=3;j9=2;x3=1;x8=1;k5=1;x2=1; x5=1;k8=1;x1=1;k9=1;k10=1;k4=1;k11=0;l5=1;[2].js not found!
File\Folder C:\Users\das kleinvieh\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\QW4B2TTC\=1;a8=1;b6=2;f3=4;j2=0;i0=1;k1=1;n1=3;n2=3;n3=3;n4=3;n5=3;n6=0;n7=3;n8=3;n9=0;a0=3;z1=1;z2=1;j8=3;j9=2;x3=1;x8=1;k5=1;x2=1; x5=1;k8=1;x1=1;k9=1;k10=1;k4=1;k11=0;l5=1;[1].js not found!
File\Folder C:\Users\das kleinvieh\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\QW4B2TTC\=1;a8=1;b6=2;f3=4;j2=0;i0=1;k1=1;n1=3;n2=3;n3=3;n4=3;n5=3;n6=0;n7=3;n8=3;n9=0;a0=3;z1=1;z2=1;j8=8;j9=2;x3=1;x8=1;k5=1;x2=1; x5=1;k8=1;x1=1;k9=1;k10=1;k4=1;k11=0;l5=1;[1].js not found!
File\Folder C:\Users\das kleinvieh\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\IAUAWPIN\=1;a8=1;b6=2;f3=4;j2=0;i0=1;k1=1;n1=3;n2=3;n3=3;n4=3;n5=3;n6=0;n7=3;n8=3;n9=0;a0=3;z1=1;z2=1;j8=3;j9=2;x3=1;x8=1;k5=1;x2=1; x5=1;k8=1;x1=1;k9=1;k10=1;k4=1;k11=0;l5=1;[1].js not found!
File\Folder C:\Users\das kleinvieh\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\IAUAWPIN\=1;a8=1;b6=2;f3=4;j2=0;i0=1;k1=1;n1=3;n2=3;n3=3;n4=3;n5=3;n6=0;n7=3;n8=3;n9=0;a0=3;z1=1;z2=1;j8=8;j9=2;x3=1;x8=1;k5=1;x2=1; x5=1;k8=1;x1=1;k9=1;k10=1;k4=1;k11=0;l5=1;[1].js not found!
File\Folder C:\Users\das kleinvieh\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\71DJ41E6\=1;a8=1;b6=2;f3=4;j2=0;i0=1;k1=1;n1=3;n2=3;n3=3;n4=3;n5=3;n6=0;n7=3;n8=3;n9=0;a0=3;z1=1;z2=1;j8=3;j9=2;x3=1;x8=1;k5=1;x2=1; x5=1;k8=1;x1=1;k9=1;k10=1;k4=1;k11=0;l5=1;[1].js not found!
File\Folder C:\Users\das kleinvieh\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\71DJ41E6\n;lay=no_panoramaad;wlcuid=12508;wlcuid=12509;wlcuid=12510;wlcuid=12511;wlcuid=12512;wlcuid=12513;wlcuid=12514;wlcuid=12515 ;wlcuid=12516;ss=1;kw=none;tagid=ad055928;[1].js not found!
C:\Users\das kleinvieh\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Alt 25.02.2013, 18:02   #7
markusg
/// Malware-holic
 
Avira Antivir meldet Adware/Yontoo.Gen - Standard

Avira Antivir meldet Adware/Yontoo.Gen



Hi,
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 26.02.2013, 10:28   #8
Kleinvieh
 
Avira Antivir meldet Adware/Yontoo.Gen - Standard

Avira Antivir meldet Adware/Yontoo.Gen



11:25:22.0782 5292 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
11:25:23.0515 5292 ============================================================
11:25:23.0515 5292 Current date / time: 2013/02/26 11:25:23.0515
11:25:23.0515 5292 SystemInfo:
11:25:23.0515 5292
11:25:23.0515 5292 OS Version: 6.1.7601 ServicePack: 1.0
11:25:23.0515 5292 Product type: Workstation
11:25:23.0515 5292 ComputerName: DASKLEINVIEH
11:25:23.0515 5292 UserName: das kleinvieh
11:25:23.0515 5292 Windows directory: C:\Windows
11:25:23.0515 5292 System windows directory: C:\Windows
11:25:23.0515 5292 Running under WOW64
11:25:23.0515 5292 Processor architecture: Intel x64
11:25:23.0515 5292 Number of processors: 2
11:25:23.0515 5292 Page size: 0x1000
11:25:23.0515 5292 Boot type: Normal boot
11:25:23.0515 5292 ============================================================
11:25:24.0982 5292 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:25:24.0982 5292 ============================================================
11:25:24.0982 5292 \Device\Harddisk0\DR0:
11:25:24.0982 5292 MBR partitions:
11:25:24.0982 5292 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC8800, BlocksNum 0x2560A800
11:25:24.0982 5292 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x256D3000, BlocksNum 0x251852B0
11:25:24.0982 5292 ============================================================
11:25:25.0013 5292 C: <-> \Device\Harddisk0\DR0\Partition1
11:25:25.0060 5292 D: <-> \Device\Harddisk0\DR0\Partition2
11:25:25.0060 5292 ============================================================
11:25:25.0060 5292 Initialize success
11:25:25.0060 5292 ============================================================
11:25:31.0222 6804 ============================================================
11:25:31.0222 6804 Scan started
11:25:31.0222 6804 Mode: Manual; SigCheck; TDLFS;
11:25:31.0222 6804 ============================================================
11:25:32.0470 6804 ================ Scan system memory ========================
11:25:32.0470 6804 System memory - ok
11:25:32.0470 6804 ================ Scan services =============================
11:25:32.0907 6804 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
11:25:33.0047 6804 1394ohci - ok
11:25:33.0078 6804 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
11:25:33.0125 6804 ACPI - ok
11:25:33.0172 6804 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
11:25:33.0203 6804 AcpiPmi - ok
11:25:33.0297 6804 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:25:33.0328 6804 AdobeARMservice - ok
11:25:33.0468 6804 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:25:33.0499 6804 AdobeFlashPlayerUpdateSvc - ok
11:25:33.0546 6804 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
11:25:33.0593 6804 adp94xx - ok
11:25:33.0655 6804 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
11:25:33.0702 6804 adpahci - ok
11:25:33.0702 6804 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
11:25:33.0749 6804 adpu320 - ok
11:25:33.0780 6804 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:25:33.0858 6804 AeLookupSvc - ok
11:25:33.0936 6804 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
11:25:33.0983 6804 AFD - ok
11:25:34.0030 6804 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
11:25:34.0061 6804 agp440 - ok
11:25:34.0108 6804 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
11:25:34.0155 6804 ALG - ok
11:25:34.0170 6804 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
11:25:34.0201 6804 aliide - ok
11:25:34.0248 6804 [ 2F2E91FD092811353C3BC968BEC274D8 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
11:25:34.0295 6804 AMD External Events Utility - ok
11:25:34.0311 6804 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
11:25:34.0342 6804 amdide - ok
11:25:34.0373 6804 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
11:25:34.0404 6804 AmdK8 - ok
11:25:34.0654 6804 [ 194D76D2083318A2E7071A988E02ECF4 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
11:25:34.0888 6804 amdkmdag - ok
11:25:34.0919 6804 [ 1EEFFCE9A3A65A56A28793EAA3F57026 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
11:25:34.0997 6804 amdkmdap - ok
11:25:35.0044 6804 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
11:25:35.0091 6804 AmdPPM - ok
11:25:35.0153 6804 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
11:25:35.0169 6804 amdsata - ok
11:25:35.0200 6804 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
11:25:35.0231 6804 amdsbs - ok
11:25:35.0247 6804 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
11:25:35.0278 6804 amdxata - ok
11:25:35.0340 6804 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
11:25:35.0371 6804 AntiVirSchedulerService - ok
11:25:35.0449 6804 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
11:25:35.0481 6804 AntiVirService - ok
11:25:35.0512 6804 [ 676894FA57B671FEC5C3F05F8929E03B ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
11:25:35.0559 6804 AntiVirWebService - ok
11:25:35.0621 6804 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
11:25:35.0699 6804 AppID - ok
11:25:35.0730 6804 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
11:25:35.0808 6804 AppIDSvc - ok
11:25:35.0808 6804 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
11:25:35.0902 6804 Appinfo - ok
11:25:36.0027 6804 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:25:36.0058 6804 Apple Mobile Device - ok
11:25:36.0105 6804 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
11:25:36.0136 6804 arc - ok
11:25:36.0151 6804 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
11:25:36.0183 6804 arcsas - ok
11:25:36.0292 6804 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
11:25:36.0323 6804 aspnet_state - ok
11:25:36.0354 6804 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:25:36.0417 6804 AsyncMac - ok
11:25:36.0432 6804 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
11:25:36.0463 6804 atapi - ok
11:25:36.0541 6804 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:25:36.0635 6804 AudioEndpointBuilder - ok
11:25:36.0651 6804 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
11:25:36.0744 6804 AudioSrv - ok
11:25:36.0775 6804 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
11:25:36.0822 6804 avgntflt - ok
11:25:36.0900 6804 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
11:25:36.0931 6804 avipbb - ok
11:25:36.0947 6804 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
11:25:36.0978 6804 avkmgr - ok
11:25:37.0025 6804 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
11:25:37.0072 6804 AxInstSV - ok
11:25:37.0134 6804 [ 9F4320BA8E7CE2342517B182A2F2C0E6 ] azvusb C:\Windows\system32\DRIVERS\azvusb.sys
11:25:37.0150 6804 azvusb - ok
11:25:37.0212 6804 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
11:25:37.0259 6804 b06bdrv - ok
11:25:37.0306 6804 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
11:25:37.0337 6804 b57nd60a - ok
11:25:37.0384 6804 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
11:25:37.0415 6804 BDESVC - ok
11:25:37.0462 6804 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
11:25:37.0555 6804 Beep - ok
11:25:37.0618 6804 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
11:25:37.0711 6804 BFE - ok
11:25:37.0758 6804 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
11:25:37.0852 6804 BITS - ok
11:25:37.0977 6804 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
11:25:38.0008 6804 blbdrive - ok
11:25:38.0179 6804 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:25:38.0211 6804 Bonjour Service - ok
11:25:38.0273 6804 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:25:38.0304 6804 bowser - ok
11:25:38.0335 6804 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
11:25:38.0382 6804 BrFiltLo - ok
11:25:38.0398 6804 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
11:25:38.0429 6804 BrFiltUp - ok
11:25:38.0460 6804 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
11:25:38.0491 6804 Browser - ok
11:25:38.0647 6804 [ FA127AC8BDF668903543D29C96B31632 ] BrowserProtect C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
11:25:38.0741 6804 BrowserProtect - ok
11:25:38.0772 6804 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
11:25:38.0819 6804 Brserid - ok
11:25:38.0819 6804 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
11:25:38.0866 6804 BrSerWdm - ok
11:25:38.0881 6804 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
11:25:38.0928 6804 BrUsbMdm - ok
11:25:38.0944 6804 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
11:25:38.0975 6804 BrUsbSer - ok
11:25:38.0975 6804 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
11:25:39.0022 6804 BTHMODEM - ok
11:25:39.0069 6804 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
11:25:39.0162 6804 bthserv - ok
11:25:39.0193 6804 [ D8466DF7629A7ACD2BED0CDE206E5DF9 ] CbFs C:\Windows\system32\drivers\cbfs.sys
11:25:39.0240 6804 CbFs - ok
11:25:39.0287 6804 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:25:39.0365 6804 cdfs - ok
11:25:39.0396 6804 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
11:25:39.0427 6804 cdrom - ok
11:25:39.0490 6804 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
11:25:39.0583 6804 CertPropSvc - ok
11:25:39.0708 6804 [ 41E7C4FA6491747402CFCA77CC1C7AAB ] cfWiMAXService C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
11:25:39.0739 6804 cfWiMAXService - ok
11:25:39.0786 6804 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
11:25:39.0849 6804 circlass - ok
11:25:39.0880 6804 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
11:25:39.0927 6804 CLFS - ok
11:25:39.0973 6804 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:25:40.0005 6804 clr_optimization_v2.0.50727_32 - ok
11:25:40.0051 6804 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:25:40.0083 6804 clr_optimization_v2.0.50727_64 - ok
11:25:40.0145 6804 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:25:40.0176 6804 clr_optimization_v4.0.30319_32 - ok
11:25:40.0192 6804 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:25:40.0223 6804 clr_optimization_v4.0.30319_64 - ok
11:25:40.0285 6804 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
11:25:40.0317 6804 CmBatt - ok
11:25:40.0332 6804 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
11:25:40.0363 6804 cmdide - ok
11:25:40.0410 6804 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
11:25:40.0457 6804 CNG - ok
11:25:40.0473 6804 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
11:25:40.0504 6804 Compbatt - ok
11:25:40.0519 6804 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
11:25:40.0566 6804 CompositeBus - ok
11:25:40.0582 6804 COMSysApp - ok
11:25:40.0613 6804 [ CAB0EEAF5295FC96DDD3E19DCE27E131 ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
11:25:40.0644 6804 ConfigFree Service - ok
11:25:40.0660 6804 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
11:25:40.0691 6804 crcdisk - ok
11:25:40.0753 6804 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:25:40.0785 6804 CryptSvc - ok
11:25:40.0909 6804 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
11:25:40.0956 6804 cvhsvc - ok
11:25:41.0019 6804 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
11:25:41.0112 6804 DcomLaunch - ok
11:25:41.0175 6804 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
11:25:41.0253 6804 defragsvc - ok
11:25:41.0268 6804 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:25:41.0346 6804 DfsC - ok
11:25:41.0393 6804 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
11:25:41.0440 6804 Dhcp - ok
11:25:41.0455 6804 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
11:25:41.0518 6804 discache - ok
11:25:41.0580 6804 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
11:25:41.0611 6804 Disk - ok
11:25:41.0658 6804 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:25:41.0689 6804 Dnscache - ok
11:25:41.0721 6804 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
11:25:41.0799 6804 dot3svc - ok
11:25:41.0814 6804 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
11:25:41.0892 6804 DPS - ok
11:25:41.0939 6804 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:25:41.0970 6804 drmkaud - ok
11:25:42.0017 6804 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:25:42.0064 6804 DXGKrnl - ok
11:25:42.0111 6804 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
11:25:42.0204 6804 EapHost - ok
11:25:42.0298 6804 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
11:25:42.0391 6804 ebdrv - ok
11:25:42.0423 6804 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
11:25:42.0469 6804 EFS - ok
11:25:42.0547 6804 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:25:42.0594 6804 ehRecvr - ok
11:25:42.0625 6804 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
11:25:42.0657 6804 ehSched - ok
11:25:42.0735 6804 [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
11:25:42.0750 6804 ElbyCDIO - ok
11:25:42.0813 6804 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
11:25:42.0859 6804 elxstor - ok
11:25:42.0875 6804 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
11:25:42.0906 6804 ErrDev - ok
11:25:42.0969 6804 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
11:25:43.0062 6804 EventSystem - ok
11:25:43.0078 6804 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
11:25:43.0156 6804 exfat - ok
11:25:43.0187 6804 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:25:43.0265 6804 fastfat - ok
11:25:43.0312 6804 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
11:25:43.0359 6804 Fax - ok
11:25:43.0374 6804 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
11:25:43.0421 6804 fdc - ok
11:25:43.0452 6804 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
11:25:43.0530 6804 fdPHost - ok
11:25:43.0546 6804 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
11:25:43.0624 6804 FDResPub - ok
11:25:43.0639 6804 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:25:43.0671 6804 FileInfo - ok
11:25:43.0686 6804 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:25:43.0764 6804 Filetrace - ok
11:25:43.0780 6804 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
11:25:43.0811 6804 flpydisk - ok
11:25:43.0842 6804 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:25:43.0889 6804 FltMgr - ok
11:25:43.0936 6804 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
11:25:43.0998 6804 FontCache - ok
11:25:44.0045 6804 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:25:44.0076 6804 FontCache3.0.0.0 - ok
11:25:44.0107 6804 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
11:25:44.0139 6804 FsDepends - ok
11:25:44.0185 6804 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:25:44.0217 6804 Fs_Rec - ok
11:25:44.0248 6804 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
11:25:44.0295 6804 fvevol - ok
11:25:44.0326 6804 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
11:25:44.0357 6804 gagp30kx - ok
11:25:44.0451 6804 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:25:44.0482 6804 GEARAspiWDM - ok
11:25:44.0544 6804 [ FA07EC01952729DDDDC5BF4BAE06B09E ] GFNEXSrv C:\Windows\System32\GFNEXSrv.exe
11:25:44.0591 6804 GFNEXSrv - ok
11:25:44.0638 6804 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
11:25:44.0716 6804 gpsvc - ok
11:25:44.0809 6804 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:25:44.0841 6804 gupdate - ok
11:25:44.0887 6804 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:25:44.0919 6804 gupdatem - ok
11:25:44.0965 6804 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
11:25:44.0997 6804 gusvc - ok
11:25:45.0043 6804 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
11:25:45.0075 6804 hcw85cir - ok
11:25:45.0106 6804 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:25:45.0168 6804 HdAudAddService - ok
11:25:45.0199 6804 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
11:25:45.0246 6804 HDAudBus - ok
11:25:45.0262 6804 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
11:25:45.0293 6804 HidBatt - ok
11:25:45.0324 6804 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
11:25:45.0355 6804 HidBth - ok
11:25:45.0371 6804 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
11:25:45.0402 6804 HidIr - ok
11:25:45.0433 6804 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
11:25:45.0527 6804 hidserv - ok
11:25:45.0543 6804 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
11:25:45.0574 6804 HidUsb - ok
11:25:45.0605 6804 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
11:25:45.0683 6804 hkmsvc - ok
11:25:45.0699 6804 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:25:45.0730 6804 HomeGroupListener - ok
11:25:45.0761 6804 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:25:45.0808 6804 HomeGroupProvider - ok
11:25:45.0839 6804 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
11:25:45.0870 6804 HpSAMD - ok
11:25:45.0917 6804 [ F47CEC45FB85791D4AB237563AD0FA8F ] HTCAND64 C:\Windows\system32\Drivers\ANDROIDUSB.sys
11:25:45.0979 6804 HTCAND64 - ok
11:25:46.0057 6804 [ B8B1B284362E1D8135112573395D5DA5 ] htcnprot C:\Windows\system32\DRIVERS\htcnprot.sys
11:25:46.0089 6804 htcnprot - ok
11:25:46.0135 6804 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:25:46.0260 6804 HTTP - ok
11:25:46.0276 6804 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
11:25:46.0307 6804 hwpolicy - ok
11:25:46.0338 6804 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
11:25:46.0369 6804 i8042prt - ok
11:25:46.0416 6804 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
11:25:46.0447 6804 iaStorV - ok
11:25:46.0525 6804 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
11:25:46.0525 6804 IDriverT ( UnsignedFile.Multi.Generic ) - warning
11:25:46.0525 6804 IDriverT - detected UnsignedFile.Multi.Generic (1)
11:25:46.0588 6804 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:25:46.0650 6804 idsvc - ok
11:25:46.0681 6804 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
11:25:46.0713 6804 iirsp - ok
11:25:46.0775 6804 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
11:25:46.0869 6804 IKEEXT - ok
11:25:46.0978 6804 [ 16C324E22208E6E8336C3F2DA14CFE2D ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
11:25:47.0103 6804 IntcAzAudAddService - ok
11:25:47.0134 6804 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
11:25:47.0165 6804 intelide - ok
11:25:47.0181 6804 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
11:25:47.0227 6804 intelppm - ok
11:25:47.0243 6804 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:25:47.0321 6804 IPBusEnum - ok
11:25:47.0337 6804 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:25:47.0415 6804 IpFilterDriver - ok
11:25:47.0477 6804 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
11:25:47.0508 6804 iphlpsvc - ok
11:25:47.0539 6804 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
11:25:47.0586 6804 IPMIDRV - ok
11:25:47.0586 6804 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
11:25:47.0664 6804 IPNAT - ok
11:25:47.0727 6804 [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
11:25:47.0773 6804 iPod Service - ok
11:25:47.0820 6804 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:25:47.0867 6804 IRENUM - ok
11:25:47.0883 6804 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
11:25:47.0914 6804 isapnp - ok
11:25:47.0929 6804 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
11:25:47.0961 6804 iScsiPrt - ok
11:25:47.0976 6804 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
11:25:48.0007 6804 kbdclass - ok
11:25:48.0039 6804 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
11:25:48.0070 6804 kbdhid - ok
11:25:48.0101 6804 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
11:25:48.0132 6804 KeyIso - ok
11:25:48.0179 6804 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
11:25:48.0210 6804 KSecDD - ok
11:25:48.0397 6804 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
11:25:48.0444 6804 KSecPkg - ok
11:25:48.0475 6804 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
11:25:48.0553 6804 ksthunk - ok
11:25:48.0600 6804 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
11:25:48.0678 6804 KtmRm - ok
11:25:48.0741 6804 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
11:25:48.0819 6804 LanmanServer - ok
11:25:48.0850 6804 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:25:48.0928 6804 LanmanWorkstation - ok
11:25:49.0006 6804 [ 4896C19C8D084E6C48F62BA13D516EF4 ] LivedriveVSSService C:\Program Files (x86)\Livedrive\VSSService.exe
11:25:49.0037 6804 LivedriveVSSService - ok
11:25:49.0099 6804 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
11:25:49.0177 6804 lltdio - ok
11:25:49.0209 6804 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
11:25:49.0287 6804 lltdsvc - ok
11:25:49.0318 6804 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
11:25:49.0396 6804 lmhosts - ok
11:25:49.0427 6804 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
11:25:49.0474 6804 LSI_FC - ok
11:25:49.0489 6804 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
11:25:49.0521 6804 LSI_SAS - ok
11:25:49.0536 6804 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
11:25:49.0567 6804 LSI_SAS2 - ok
11:25:49.0583 6804 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
11:25:49.0614 6804 LSI_SCSI - ok
11:25:49.0645 6804 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
11:25:49.0723 6804 luafv - ok
11:25:49.0770 6804 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
11:25:49.0801 6804 Mcx2Svc - ok
11:25:49.0817 6804 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
11:25:49.0848 6804 megasas - ok
11:25:49.0879 6804 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
11:25:49.0926 6804 MegaSR - ok
11:25:49.0957 6804 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
11:25:50.0035 6804 MMCSS - ok
11:25:50.0113 6804 [ 74C85BBD2489949F5B325FDD886E662F ] mod7700 C:\Windows\system32\DRIVERS\mod7700.sys
11:25:50.0176 6804 mod7700 - ok
11:25:50.0223 6804 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
11:25:50.0316 6804 Modem - ok
11:25:50.0347 6804 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
11:25:50.0394 6804 monitor - ok
11:25:50.0410 6804 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
11:25:50.0441 6804 mouclass - ok
11:25:50.0457 6804 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
11:25:50.0488 6804 mouhid - ok
11:25:50.0503 6804 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
11:25:50.0535 6804 mountmgr - ok
11:25:50.0628 6804 [ DAE3C509F33059BC4D48A8925F476FB4 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:25:50.0659 6804 MozillaMaintenance - ok
11:25:50.0691 6804 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
11:25:50.0722 6804 mpio - ok
11:25:50.0753 6804 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
11:25:50.0831 6804 mpsdrv - ok
11:25:50.0878 6804 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
11:25:50.0971 6804 MpsSvc - ok
11:25:50.0987 6804 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
11:25:51.0034 6804 MRxDAV - ok
11:25:51.0049 6804 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
11:25:51.0081 6804 mrxsmb - ok
11:25:51.0112 6804 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:25:51.0159 6804 mrxsmb10 - ok
11:25:51.0174 6804 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:25:51.0205 6804 mrxsmb20 - ok
11:25:51.0221 6804 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
11:25:51.0252 6804 msahci - ok
11:25:51.0283 6804 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
11:25:51.0315 6804 msdsm - ok
11:25:51.0330 6804 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
11:25:51.0361 6804 MSDTC - ok
11:25:51.0408 6804 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
11:25:51.0486 6804 Msfs - ok
11:25:51.0502 6804 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
11:25:51.0595 6804 mshidkmdf - ok
11:25:51.0595 6804 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
11:25:51.0627 6804 msisadrv - ok
11:25:51.0673 6804 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
11:25:51.0751 6804 MSiSCSI - ok
11:25:51.0767 6804 msiserver - ok
11:25:51.0829 6804 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
11:25:51.0907 6804 MSKSSRV - ok
11:25:51.0923 6804 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
11:25:51.0985 6804 MSPCLOCK - ok
11:25:52.0001 6804 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
11:25:52.0079 6804 MSPQM - ok
11:25:52.0110 6804 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
11:25:52.0141 6804 MsRPC - ok
11:25:52.0173 6804 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
11:25:52.0204 6804 mssmbios - ok
11:25:52.0235 6804 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
11:25:52.0329 6804 MSTEE - ok
11:25:52.0329 6804 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
11:25:52.0375 6804 MTConfig - ok
11:25:52.0375 6804 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
11:25:52.0407 6804 Mup - ok
11:25:52.0453 6804 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
11:25:52.0547 6804 napagent - ok
11:25:52.0594 6804 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
11:25:52.0656 6804 NativeWifiP - ok
11:25:52.0719 6804 [ 13AA2130F2A104DD775EAD0F0EE5417B ] NAUpdate c:\Program Files (x86)\Nero\Update\NASvc.exe
11:25:52.0750 6804 NAUpdate - ok
11:25:52.0828 6804 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
11:25:52.0890 6804 NDIS - ok
11:25:52.0937 6804 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
11:25:53.0015 6804 NdisCap - ok
11:25:53.0046 6804 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
11:25:53.0124 6804 NdisTapi - ok
11:25:53.0140 6804 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
11:25:53.0218 6804 Ndisuio - ok
11:25:53.0233 6804 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
11:25:53.0296 6804 NdisWan - ok
11:25:53.0311 6804 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
11:25:53.0405 6804 NDProxy - ok
11:25:53.0436 6804 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
11:25:53.0514 6804 NetBIOS - ok
11:25:53.0545 6804 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
11:25:53.0623 6804 NetBT - ok
11:25:53.0639 6804 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
11:25:53.0670 6804 Netlogon - ok
11:25:53.0733 6804 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
11:25:53.0826 6804 Netman - ok
11:25:53.0873 6804 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:25:53.0904 6804 NetMsmqActivator - ok
11:25:53.0920 6804 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:25:53.0951 6804 NetPipeActivator - ok
11:25:53.0967 6804 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
11:25:54.0060 6804 netprofm - ok
11:25:54.0076 6804 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:25:54.0091 6804 NetTcpActivator - ok
11:25:54.0107 6804 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:25:54.0138 6804 NetTcpPortSharing - ok
11:25:54.0185 6804 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
11:25:54.0201 6804 nfrd960 - ok
11:25:54.0279 6804 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
11:25:54.0310 6804 NlaSvc - ok
11:25:54.0341 6804 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
11:25:54.0419 6804 Npfs - ok
11:25:54.0450 6804 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
11:25:54.0528 6804 nsi - ok
11:25:54.0544 6804 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
11:25:54.0622 6804 nsiproxy - ok
11:25:54.0684 6804 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
11:25:54.0762 6804 Ntfs - ok
11:25:54.0778 6804 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
11:25:54.0856 6804 Null - ok
11:25:54.0887 6804 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
11:25:54.0918 6804 nvraid - ok
11:25:54.0934 6804 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
11:25:54.0965 6804 nvstor - ok
11:25:54.0981 6804 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
11:25:55.0012 6804 nv_agp - ok
11:25:55.0027 6804 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
11:25:55.0059 6804 ohci1394 - ok
11:25:55.0121 6804 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:25:55.0152 6804 ose - ok
11:25:55.0308 6804 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:25:55.0495 6804 osppsvc - ok
11:25:55.0558 6804 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
11:25:55.0589 6804 p2pimsvc - ok
11:25:55.0620 6804 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
11:25:55.0667 6804 p2psvc - ok
11:25:55.0698 6804 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
11:25:55.0729 6804 Parport - ok
11:25:55.0761 6804 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
11:25:55.0807 6804 partmgr - ok
11:25:55.0901 6804 [ AFADA8B97BE3C9398DC6C770409C3544 ] PassThru Service C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
11:25:55.0917 6804 PassThru Service ( UnsignedFile.Multi.Generic ) - warning
11:25:55.0917 6804 PassThru Service - detected UnsignedFile.Multi.Generic (1)
11:25:55.0948 6804 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
11:25:55.0995 6804 PcaSvc - ok
11:25:56.0010 6804 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
11:25:56.0041 6804 pci - ok
11:25:56.0057 6804 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
11:25:56.0088 6804 pciide - ok
11:25:56.0119 6804 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
11:25:56.0151 6804 pcmcia - ok
11:25:56.0182 6804 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
11:25:56.0213 6804 pcw - ok
11:25:56.0229 6804 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
11:25:56.0322 6804 PEAUTH - ok
11:25:56.0400 6804 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
11:25:56.0431 6804 PerfHost - ok
11:25:56.0494 6804 [ 91111CEBBDE8015E822C46120ED9537C ] PGEffect C:\Windows\system32\DRIVERS\pgeffect.sys
11:25:56.0525 6804 PGEffect - ok
11:25:56.0587 6804 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
11:25:56.0697 6804 pla - ok
11:25:56.0743 6804 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
11:25:56.0790 6804 PlugPlay - ok
11:25:56.0821 6804 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
11:25:56.0853 6804 PNRPAutoReg - ok
11:25:56.0868 6804 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
11:25:56.0899 6804 PNRPsvc - ok
11:25:56.0946 6804 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
11:25:57.0024 6804 PolicyAgent - ok
11:25:57.0055 6804 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
11:25:57.0133 6804 Power - ok
11:25:57.0196 6804 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
11:25:57.0274 6804 PptpMiniport - ok
11:25:57.0289 6804 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
11:25:57.0321 6804 Processor - ok
11:25:57.0383 6804 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
11:25:57.0445 6804 ProfSvc - ok
11:25:57.0477 6804 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:25:57.0508 6804 ProtectedStorage - ok
11:25:57.0555 6804 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
11:25:57.0633 6804 Psched - ok
11:25:57.0695 6804 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
11:25:57.0757 6804 ql2300 - ok
11:25:57.0789 6804 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
11:25:57.0820 6804 ql40xx - ok
11:25:57.0867 6804 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
11:25:57.0913 6804 QWAVE - ok
11:25:57.0929 6804 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
11:25:57.0960 6804 QWAVEdrv - ok
11:25:57.0976 6804 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
11:25:58.0054 6804 RasAcd - ok
11:25:58.0101 6804 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
11:25:58.0179 6804 RasAgileVpn - ok
11:25:58.0210 6804 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
11:25:58.0288 6804 RasAuto - ok
11:25:58.0303 6804 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
11:25:58.0397 6804 Rasl2tp - ok
11:25:58.0600 6804 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
11:25:58.0678 6804 RasMan - ok
11:25:58.0740 6804 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
11:25:58.0818 6804 RasPppoe - ok
11:25:58.0849 6804 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
11:25:58.0927 6804 RasSstp - ok
11:25:58.0943 6804 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
11:25:59.0021 6804 rdbss - ok
11:25:59.0052 6804 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
11:25:59.0083 6804 rdpbus - ok
11:25:59.0099 6804 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
11:25:59.0177 6804 RDPCDD - ok
11:25:59.0208 6804 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
11:25:59.0286 6804 RDPENCDD - ok
11:25:59.0317 6804 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
11:25:59.0411 6804 RDPREFMP - ok
11:25:59.0458 6804 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
11:25:59.0489 6804 RDPWD - ok
11:25:59.0520 6804 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
11:25:59.0567 6804 rdyboost - ok
11:25:59.0614 6804 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
11:25:59.0692 6804 RemoteAccess - ok
11:25:59.0723 6804 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
11:25:59.0801 6804 RemoteRegistry - ok
11:25:59.0832 6804 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
11:25:59.0910 6804 RpcEptMapper - ok
11:25:59.0941 6804 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
11:25:59.0973 6804 RpcLocator - ok
11:26:00.0004 6804 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
11:26:00.0082 6804 RpcSs - ok
11:26:00.0129 6804 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
11:26:00.0222 6804 rspndr - ok
11:26:00.0300 6804 [ BE29B0A3AC1E8BD02FFAB8CEE86BADFA ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
11:26:00.0331 6804 RSUSBSTOR - ok
11:26:00.0378 6804 [ 6D3C7E7D82D3DC92DC2A8B0DF9F20F8A ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
11:26:00.0409 6804 RTL8167 - ok
11:26:00.0487 6804 [ E7D79600575F755614DD5D79B044D588 ] RTL8192Ce C:\Windows\system32\DRIVERS\rtl8192Ce.sys
11:26:00.0534 6804 RTL8192Ce - ok
11:26:00.0581 6804 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
11:26:00.0612 6804 SamSs - ok
11:26:00.0659 6804 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
11:26:00.0690 6804 sbp2port - ok
11:26:00.0737 6804 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
11:26:00.0815 6804 SCardSvr - ok
11:26:00.0831 6804 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
11:26:00.0909 6804 scfilter - ok
11:26:00.0940 6804 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
11:26:01.0049 6804 Schedule - ok
11:26:01.0080 6804 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
11:26:01.0143 6804 SCPolicySvc - ok
11:26:01.0174 6804 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
11:26:01.0221 6804 SDRSVC - ok
11:26:01.0252 6804 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
11:26:01.0330 6804 secdrv - ok
11:26:01.0361 6804 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
11:26:01.0455 6804 seclogon - ok
11:26:01.0455 6804 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
11:26:01.0533 6804 SENS - ok
11:26:01.0564 6804 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
11:26:01.0595 6804 SensrSvc - ok
11:26:01.0626 6804 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
11:26:01.0657 6804 Serenum - ok
11:26:01.0673 6804 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
11:26:01.0704 6804 Serial - ok
11:26:01.0720 6804 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
11:26:01.0767 6804 sermouse - ok
11:26:01.0798 6804 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
11:26:01.0876 6804 SessionEnv - ok
11:26:01.0891 6804 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
11:26:01.0923 6804 sffdisk - ok
11:26:01.0938 6804 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
11:26:01.0969 6804 sffp_mmc - ok
11:26:01.0985 6804 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
11:26:02.0016 6804 sffp_sd - ok
11:26:02.0032 6804 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
11:26:02.0063 6804 sfloppy - ok
11:26:02.0141 6804 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
11:26:02.0188 6804 Sftfs - ok
11:26:02.0266 6804 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
11:26:02.0313 6804 sftlist - ok
11:26:02.0344 6804 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
11:26:02.0375 6804 Sftplay - ok
11:26:02.0406 6804 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
11:26:02.0437 6804 Sftredir - ok
11:26:02.0469 6804 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
11:26:02.0500 6804 Sftvol - ok
11:26:02.0547 6804 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
11:26:02.0578 6804 sftvsa - ok
11:26:02.0609 6804 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
11:26:02.0687 6804 SharedAccess - ok
11:26:02.0734 6804 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:26:02.0812 6804 ShellHWDetection - ok
11:26:02.0859 6804 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
11:26:02.0890 6804 SiSRaid2 - ok
11:26:02.0921 6804 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
11:26:02.0952 6804 SiSRaid4 - ok
11:26:03.0030 6804 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
11:26:03.0046 6804 SkypeUpdate - ok
11:26:03.0093 6804 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
11:26:03.0171 6804 Smb - ok
11:26:03.0217 6804 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
11:26:03.0249 6804 SNMPTRAP - ok
11:26:03.0280 6804 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
11:26:03.0311 6804 spldr - ok
11:26:03.0342 6804 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
11:26:03.0389 6804 Spooler - ok
11:26:03.0483 6804 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
11:26:03.0623 6804 sppsvc - ok
11:26:03.0639 6804 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
11:26:03.0732 6804 sppuinotify - ok
11:26:03.0779 6804 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
11:26:03.0826 6804 srv - ok
11:26:03.0841 6804 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
11:26:03.0888 6804 srv2 - ok
11:26:03.0904 6804 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
11:26:03.0935 6804 srvnet - ok
11:26:03.0982 6804 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
11:26:04.0060 6804 SSDPSRV - ok
11:26:04.0075 6804 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
11:26:04.0153 6804 SstpSvc - ok
11:26:04.0169 6804 Steam Client Service - ok
11:26:04.0200 6804 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
11:26:04.0231 6804 stexstor - ok
11:26:04.0294 6804 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
11:26:04.0356 6804 stisvc - ok
11:26:04.0372 6804 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
11:26:04.0387 6804 swenum - ok
11:26:04.0450 6804 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
11:26:04.0543 6804 swprv - ok
11:26:04.0637 6804 [ F5B46DF59FEAA48A442AED7EEB754D4B ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
11:26:04.0699 6804 SynTP - ok
11:26:04.0762 6804 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
11:26:04.0824 6804 SysMain - ok
11:26:04.0840 6804 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:26:04.0887 6804 TabletInputService - ok
11:26:04.0902 6804 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
11:26:04.0980 6804 TapiSrv - ok
11:26:04.0996 6804 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
11:26:05.0074 6804 TBS - ok
11:26:05.0152 6804 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
11:26:05.0245 6804 Tcpip - ok
11:26:05.0292 6804 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
11:26:05.0386 6804 TCPIP6 - ok
11:26:05.0433 6804 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
11:26:05.0464 6804 tcpipreg - ok
11:26:05.0526 6804 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\Windows\system32\DRIVERS\tdcmdpst.sys
11:26:05.0557 6804 tdcmdpst - ok
11:26:05.0604 6804 TDEIO - ok
11:26:05.0651 6804 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
11:26:05.0682 6804 TDPIPE - ok
11:26:05.0729 6804 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
11:26:05.0745 6804 TDTCP - ok
11:26:05.0791 6804 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
11:26:05.0869 6804 tdx - ok
11:26:05.0963 6804 [ 1B709733A04DCC41A63F9CD1F76A4EBE ] TemproMonitoringService C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
11:26:05.0979 6804 TemproMonitoringService - ok
11:26:06.0010 6804 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
11:26:06.0041 6804 TermDD - ok
11:26:06.0072 6804 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
11:26:06.0166 6804 TermService - ok
11:26:06.0181 6804 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
11:26:06.0213 6804 Themes - ok
11:26:06.0244 6804 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
11:26:06.0322 6804 THREADORDER - ok
11:26:06.0431 6804 [ 83E91963C4452BE6899503CF9EBFD3ED ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
11:26:06.0447 6804 TMachInfo - ok
11:26:06.0509 6804 [ 8E2C799D3476EAC32C3BA0DF7CE6AF19 ] TODDSrv C:\Windows\system32\TODDSrv.exe
11:26:06.0540 6804 TODDSrv - ok
11:26:06.0634 6804 [ CDC97FA5C42B07FB0D4600E17C32F582 ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
11:26:06.0665 6804 TosCoSrv - ok
11:26:06.0727 6804 [ EDB4B432DB13EA3D1EB2356310D33263 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
11:26:06.0759 6804 TOSHIBA HDD SSD Alert Service - ok
11:26:06.0805 6804 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
11:26:06.0883 6804 TrkWks - ok
11:26:06.0930 6804 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:26:07.0008 6804 TrustedInstaller - ok
11:26:07.0039 6804 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
11:26:07.0102 6804 tssecsrv - ok
11:26:07.0149 6804 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
11:26:07.0180 6804 TsUsbFlt - ok
11:26:07.0195 6804 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
11:26:07.0227 6804 TsUsbGD - ok
11:26:07.0273 6804 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
11:26:07.0351 6804 tunnel - ok
11:26:07.0398 6804 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS
11:26:07.0429 6804 TVALZ - ok
11:26:07.0429 6804 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
11:26:07.0461 6804 uagp35 - ok
11:26:07.0492 6804 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
11:26:07.0601 6804 udfs - ok
11:26:07.0648 6804 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
11:26:07.0679 6804 UI0Detect - ok
11:26:07.0695 6804 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
11:26:07.0726 6804 uliagpkx - ok
11:26:07.0741 6804 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
11:26:07.0788 6804 umbus - ok
11:26:07.0788 6804 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
11:26:07.0819 6804 UmPass - ok
11:26:07.0851 6804 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
11:26:07.0929 6804 upnphost - ok
11:26:07.0975 6804 [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
11:26:08.0007 6804 USBAAPL64 - ok
11:26:08.0022 6804 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
11:26:08.0053 6804 usbccgp - ok
11:26:08.0116 6804 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
11:26:08.0147 6804 usbcir - ok
11:26:08.0178 6804 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
11:26:08.0209 6804 usbehci - ok
11:26:08.0241 6804 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\drivers\usbhub.sys
11:26:08.0272 6804 usbhub - ok
11:26:08.0287 6804 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
11:26:08.0319 6804 usbohci - ok
11:26:08.0334 6804 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
11:26:08.0365 6804 usbprint - ok
11:26:08.0412 6804 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:26:08.0443 6804 USBSTOR - ok
11:26:08.0443 6804 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
11:26:08.0490 6804 usbuhci - ok
11:26:08.0537 6804 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
11:26:08.0584 6804 usbvideo - ok
11:26:08.0646 6804 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\drivers\usb8023x.sys
11:26:08.0677 6804 usb_rndisx - ok
11:26:08.0709 6804 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
11:26:08.0787 6804 UxSms - ok
11:26:08.0880 6804 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
11:26:08.0927 6804 VaultSvc - ok
11:26:09.0036 6804 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
11:26:09.0067 6804 vdrvroot - ok
11:26:09.0145 6804 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
11:26:09.0223 6804 vds - ok
11:26:09.0270 6804 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
11:26:09.0301 6804 vga - ok
11:26:09.0333 6804 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
11:26:09.0411 6804 VgaSave - ok
11:26:09.0411 6804 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
11:26:09.0457 6804 vhdmp - ok
11:26:09.0457 6804 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
11:26:09.0504 6804 viaide - ok
11:26:09.0504 6804 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
11:26:09.0535 6804 volmgr - ok
11:26:09.0567 6804 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
11:26:09.0598 6804 volmgrx - ok
11:26:09.0629 6804 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
11:26:09.0660 6804 volsnap - ok
11:26:09.0723 6804 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
11:26:09.0754 6804 vsmraid - ok
11:26:09.0832 6804 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
11:26:09.0941 6804 VSS - ok
11:26:09.0957 6804 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
11:26:09.0988 6804 vwifibus - ok
11:26:10.0019 6804 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
11:26:10.0050 6804 vwififlt - ok
11:26:10.0097 6804 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
11:26:10.0175 6804 W32Time - ok
11:26:10.0206 6804 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
11:26:10.0253 6804 WacomPen - ok
11:26:10.0269 6804 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
11:26:10.0347 6804 WANARP - ok
11:26:10.0378 6804 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
11:26:10.0456 6804 Wanarpv6 - ok
11:26:10.0549 6804 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
11:26:10.0612 6804 WatAdminSvc - ok
11:26:10.0674 6804 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
11:26:10.0737 6804 wbengine - ok
11:26:10.0768 6804 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
11:26:10.0830 6804 WbioSrvc - ok
11:26:10.0846 6804 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
11:26:10.0893 6804 wcncsvc - ok
11:26:10.0908 6804 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:26:10.0940 6804 WcsPlugInService - ok
11:26:10.0971 6804 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
11:26:11.0002 6804 Wd - ok
11:26:11.0049 6804 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
11:26:11.0111 6804 Wdf01000 - ok
11:26:11.0142 6804 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
11:26:11.0189 6804 WdiServiceHost - ok
11:26:11.0205 6804 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
11:26:11.0252 6804 WdiSystemHost - ok
11:26:11.0267 6804 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
11:26:11.0314 6804 WebClient - ok
11:26:11.0345 6804 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
11:26:11.0423 6804 Wecsvc - ok
11:26:11.0439 6804 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
11:26:11.0517 6804 wercplsupport - ok
11:26:11.0532 6804 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
11:26:11.0626 6804 WerSvc - ok
11:26:11.0657 6804 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
11:26:11.0735 6804 WfpLwf - ok
11:26:11.0751 6804 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
11:26:11.0782 6804 WIMMount - ok
11:26:11.0813 6804 WinDefend - ok
11:26:11.0844 6804 WinHttpAutoProxySvc - ok
11:26:11.0907 6804 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
11:26:12.0000 6804 Winmgmt - ok
11:26:12.0063 6804 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
11:26:12.0188 6804 WinRM - ok
11:26:12.0266 6804 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
11:26:12.0297 6804 WinUsb - ok
11:26:12.0359 6804 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
11:26:12.0406 6804 Wlansvc - ok
11:26:12.0468 6804 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
11:26:12.0500 6804 wlcrasvc - ok
11:26:12.0640 6804 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:26:12.0734 6804 wlidsvc - ok
11:26:12.0780 6804 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
11:26:12.0812 6804 WmiAcpi - ok
11:26:12.0858 6804 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
11:26:12.0905 6804 wmiApSrv - ok
11:26:12.0952 6804 WMPNetworkSvc - ok
11:26:12.0999 6804 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
11:26:13.0030 6804 WPCSvc - ok
11:26:13.0046 6804 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
11:26:13.0092 6804 WPDBusEnum - ok
11:26:13.0108 6804 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
11:26:13.0186 6804 ws2ifsl - ok
11:26:13.0217 6804 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
11:26:13.0264 6804 wscsvc - ok
11:26:13.0264 6804 WSearch - ok
11:26:13.0358 6804 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
11:26:13.0451 6804 wuauserv - ok
11:26:13.0498 6804 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
11:26:13.0529 6804 WudfPf - ok
11:26:13.0576 6804 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
11:26:13.0623 6804 WUDFRd - ok
11:26:13.0654 6804 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
11:26:13.0685 6804 wudfsvc - ok
11:26:13.0716 6804 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
11:26:13.0779 6804 WwanSvc - ok
11:26:13.0810 6804 ================ Scan global ===============================
11:26:13.0841 6804 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
11:26:13.0872 6804 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
11:26:13.0904 6804 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
11:26:13.0919 6804 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
11:26:13.0966 6804 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
11:26:13.0966 6804 [Global] - ok
11:26:13.0982 6804 ================ Scan MBR ==================================
11:26:13.0997 6804 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:26:15.0152 6804 \Device\Harddisk0\DR0 - ok
11:26:15.0152 6804 ================ Scan VBR ==================================
11:26:15.0167 6804 [ 4715E5063EA69FF6DE97FC07A21FCC97 ] \Device\Harddisk0\DR0\Partition1
11:26:15.0183 6804 \Device\Harddisk0\DR0\Partition1 - ok
11:26:15.0198 6804 [ 5B1B3A3E5B1A72CC798CA10D53622E98 ] \Device\Harddisk0\DR0\Partition2
11:26:15.0198 6804 \Device\Harddisk0\DR0\Partition2 - ok
11:26:15.0198 6804 ============================================================
11:26:15.0198 6804 Scan finished
11:26:15.0198 6804 ============================================================
11:26:15.0230 6360 Detected object count: 2
11:26:15.0230 6360 Actual detected object count: 2
11:26:19.0130 6360 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
11:26:19.0130 6360 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:26:19.0130 6360 PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
11:26:19.0130 6360 PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

Alt 26.02.2013, 13:30   #9
markusg
/// Malware-holic
 
Avira Antivir meldet Adware/Yontoo.Gen - Standard

Avira Antivir meldet Adware/Yontoo.Gen



Hi,
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 26.02.2013, 15:02   #10
Kleinvieh
 
Avira Antivir meldet Adware/Yontoo.Gen - Standard

Avira Antivir meldet Adware/Yontoo.Gen



Code:
ATTFilter
ComboFix 13-02-24.01 - das kleinvieh 26.02.2013  15:36:24.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.7789.6129 [GMT 1:00]
ausgeführt von:: c:\users\das kleinvieh\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\l_u0_0.pad
c:\users\das kleinvieh\AppData\Roaming\BabMaint.exe
c:\users\das kleinvieh\AppData\Roaming\Mozilla\Firefox\Profiles\wbhoc88w.default\extensions\ffxtlbr@funmoods.com
c:\users\das kleinvieh\AppData\Roaming\Mozilla\Firefox\Profiles\wbhoc88w.default\extensions\ffxtlbr@funmoods.com\chrome.manifest
c:\users\das kleinvieh\AppData\Roaming\Mozilla\Firefox\Profiles\wbhoc88w.default\extensions\ffxtlbr@funmoods.com\content\funmoods.css
c:\users\das kleinvieh\AppData\Roaming\Mozilla\Firefox\Profiles\wbhoc88w.default\extensions\ffxtlbr@funmoods.com\content\funmoods.xul
c:\users\das kleinvieh\AppData\Roaming\Mozilla\Firefox\Profiles\wbhoc88w.default\extensions\ffxtlbr@funmoods.com\content\images\pref.jpg
c:\users\das kleinvieh\AppData\Roaming\Mozilla\Firefox\Profiles\wbhoc88w.default\extensions\ffxtlbr@funmoods.com\content\imgs\arwDwn.gif
c:\users\das kleinvieh\AppData\Roaming\Mozilla\Firefox\Profiles\wbhoc88w.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ae.png
c:\users\das kleinvieh\AppData\Roaming\Mozilla\Firefox\Profiles\wbhoc88w.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\bg.png
c:\users\das kleinvieh\AppData\Roaming\Mozilla\Firefox\Profiles\wbhoc88w.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ch.png
c:\users\das kleinvieh\AppData\Roaming\Mozilla\Firefox\Profiles\wbhoc88w.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\cn.png
c:\users\das kleinvieh\AppData\Roaming\Mozilla\Firefox\Profiles\wbhoc88w.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\cz.png
c:\users\das kleinvieh\AppData\Roaming\Mozilla\Firefox\Profiles\wbhoc88w.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\de.png
c:\users\das kleinvieh\AppData\Roaming\Mozilla\Firefox\Profiles\wbhoc88w.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\eg.png
c:\users\das kleinvieh\AppData\Roaming\Mozilla\Firefox\Profiles\wbhoc88w.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\en.png
c:\users\das kleinvieh\AppData\Roaming\Mozilla\Firefox\Profiles\wbhoc88w.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\es.png
c:\users\das kleinvieh\AppData\Roaming\Mozilla\Firefox\Profiles\wbhoc88w.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\fr.png
c:\users\das kleinvieh\AppData\Roaming\Mozilla\Firefox\Profiles\wbhoc88w.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\gr.png
c:\users\das kleinvieh\AppData\Roaming\Mozilla\Firefox\Profiles\wbhoc88w.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\he.png
c:\users\das kleinvieh\AppData\Roaming\Mozilla\Firefox\Profiles\wbhoc88w.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\il.png
c:\users\das kleinvieh\AppData\Roaming\Mozilla\Firefox\Profiles\wbhoc88w.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\it.png
c:\users\das kleinvieh\AppData\Roaming\Mozilla\Firefox\Profiles\wbhoc88w.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ja.png
c:\users\das kleinvieh\AppData\Roaming\Mozilla\Firefox\Profiles\wbhoc88w.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\jp.png
c:\users\das kleinvieh\AppData\Roaming\Mozilla\Firefox\Profiles\wbhoc88w.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\nl.png
c:\users\das kleinvieh\AppData\Roaming\Mozilla\Firefox\Profiles\wbhoc88w.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\no.png
c:\users\das kleinvieh\AppData\Roaming\Mozilla\Firefox\Profiles\wbhoc88w.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\pl.png
c:\users\das kleinvieh\AppData\Roaming\Mozilla\Firefox\Profiles\wbhoc88w.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\pt.png
c:\users\das kleinvieh\AppData\Roaming\Mozilla\Firefox\Profiles\wbhoc88w.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ro.png
c:\users\das kleinvieh\AppData\Roaming\Mozilla\Firefox\Profiles\wbhoc88w.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ru.png
c:\users\das kleinvieh\AppData\Roaming\Mozilla\Firefox\Profiles\wbhoc88w.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\sa.png
c:\users\das kleinvieh\AppData\Roaming\Mozilla\Firefox\Profiles\wbhoc88w.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\se.png
c:\users\das kleinvieh\AppData\Roaming\Mozilla\Firefox\Profiles\wbhoc88w.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\sv.png
c:\users\das kleinvieh\AppData\Roaming\Mozilla\Firefox\Profiles\wbhoc88w.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\tr.png
c:\users\das kleinvieh\AppData\Roaming\Mozilla\Firefox\Profiles\wbhoc88w.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ua.png
c:\users\das kleinvieh\AppData\Roaming\Mozilla\Firefox\Profiles\wbhoc88w.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\us.png
c:\users\das kleinvieh\AppData\Roaming\Mozilla\Firefox\Profiles\wbhoc88w.default\extensions\ffxtlbr@funmoods.com\content\imgs\help_16.gif
c:\users\das kleinvieh\AppData\Roaming\Mozilla\Firefox\Profiles\wbhoc88w.default\extensions\ffxtlbr@funmoods.com\content\imgs\home.gif
c:\users\das kleinvieh\AppData\Roaming\Mozilla\Firefox\Profiles\wbhoc88w.default\extensions\ffxtlbr@funmoods.com\content\imgs\logo.png
c:\users\das kleinvieh\AppData\Roaming\Mozilla\Firefox\Profiles\wbhoc88w.default\extensions\ffxtlbr@funmoods.com\content\imgs\privecy_16_hot.gif
c:\users\das kleinvieh\AppData\Roaming\Mozilla\Firefox\Profiles\wbhoc88w.default\extensions\ffxtlbr@funmoods.com\content\imgs\tellafriend.gif
c:\users\das kleinvieh\AppData\Roaming\Mozilla\Firefox\Profiles\wbhoc88w.default\extensions\ffxtlbr@funmoods.com\content\loader.xul
c:\users\das kleinvieh\AppData\Roaming\Mozilla\Firefox\Profiles\wbhoc88w.default\extensions\ffxtlbr@funmoods.com\content\mtstart.js
c:\users\das kleinvieh\AppData\Roaming\Mozilla\Firefox\Profiles\wbhoc88w.default\extensions\ffxtlbr@funmoods.com\content\preferences.xul
c:\users\das kleinvieh\AppData\Roaming\Mozilla\Firefox\Profiles\wbhoc88w.default\extensions\ffxtlbr@funmoods.com\content\tmplt.js
c:\users\das kleinvieh\AppData\Roaming\Mozilla\Firefox\Profiles\wbhoc88w.default\extensions\ffxtlbr@funmoods.com\install.rdf
c:\users\das kleinvieh\AppData\Roaming\Mozilla\Firefox\Profiles\wbhoc88w.default\extensions\ffxtlbr@funmoods.com\META-INF\le_c6a58f26_4d2d_4341_b387_c4f2289b6170.rsa
c:\users\das kleinvieh\AppData\Roaming\Mozilla\Firefox\Profiles\wbhoc88w.default\extensions\ffxtlbr@funmoods.com\META-INF\le_c6a58f26_4d2d_4341_b387_c4f2289b6170.sf
c:\users\das kleinvieh\AppData\Roaming\Mozilla\Firefox\Profiles\wbhoc88w.default\extensions\ffxtlbr@funmoods.com\META-INF\manifest.mf
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-01-26 bis 2013-02-26  ))))))))))))))))))))))))))))))
.
.
2013-02-26 14:52 . 2013-02-26 14:52	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-02-26 14:40 . 2013-02-26 14:40	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{58BBBB06-7EE6-4B07-88A4-7BED4D957137}\offreg.dll
2013-02-25 15:22 . 2013-02-25 15:22	--------	d-----w-	C:\_OTL
2013-02-25 06:04 . 2013-02-25 06:04	--------	d-----w-	c:\users\das kleinvieh\AppData\Roaming\BabSolution
2013-02-24 23:28 . 2013-02-24 23:28	--------	d-----w-	c:\program files\iPod
2013-02-24 23:28 . 2013-02-24 23:30	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-02-24 23:28 . 2013-02-24 23:30	--------	d-----w-	c:\program files\iTunes
2013-02-24 23:28 . 2013-02-24 23:30	--------	d-----w-	c:\program files (x86)\iTunes
2013-02-23 09:56 . 2013-02-23 09:56	--------	d-----w-	c:\program files (x86)\Elaborate Bytes
2013-02-22 17:13 . 2013-02-22 17:13	--------	d-----w-	c:\programdata\BrowserProtect
2013-02-22 17:13 . 2013-02-22 17:13	--------	d-----w-	c:\program files (x86)\Delta
2013-02-22 17:13 . 2013-02-22 17:13	--------	d-----w-	c:\users\das kleinvieh\AppData\Roaming\Delta
2013-02-22 17:12 . 2013-02-22 17:12	--------	d-----w-	c:\users\das kleinvieh\AppData\Roaming\Babylon
2013-02-22 17:12 . 2013-02-22 17:12	--------	d-----w-	c:\programdata\Babylon
2013-02-22 12:13 . 2008-01-29 05:57	450560	----a-w-	c:\windows\SysWow64\fldrvw90.ocx
2013-02-22 12:13 . 2010-10-13 04:42	2369456	----a-w-	c:\windows\SysWow64\Codejock.CommandBars.v13.4.2.ocx
2013-02-22 12:13 . 2010-08-20 19:53	86016	----a-w-	c:\windows\SysWow64\mtSplitter.ocx
2013-02-22 12:13 . 2010-06-11 08:50	89888	----a-w-	c:\windows\SysWow64\mtFrame.ocx
2013-02-22 12:13 . 2010-06-01 12:45	1005088	----a-w-	c:\windows\SysWow64\TList8.ocx
2013-02-22 12:13 . 2010-03-25 08:33	171752	----a-w-	c:\windows\SysWow64\mtRTF2.ocx
2013-02-22 12:13 . 2009-10-12 22:02	44736	----a-w-	c:\windows\SysWow64\mtSubclass.dll
2013-02-22 12:13 . 2009-10-12 22:01	77504	----a-w-	c:\windows\SysWow64\mtScrollContainer.ocx
2013-02-22 12:13 . 2013-02-22 12:34	--------	d-----w-	c:\users\das kleinvieh\AppData\Roaming\AllDup
2013-02-22 12:13 . 2013-02-22 12:14	--------	d-----w-	c:\programdata\AllDup
2013-02-22 12:13 . 2013-02-22 12:14	--------	d-----w-	c:\program files (x86)\AllDup
2013-02-22 12:13 . 2013-02-22 12:13	--------	d-----w-	c:\users\das kleinvieh\AppData\Local\Programs
2013-02-22 10:49 . 2013-02-08 00:28	9162192	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{58BBBB06-7EE6-4B07-88A4-7BED4D957137}\mpengine.dll
2013-02-20 01:19 . 2013-01-09 01:10	996352	----a-w-	c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-20 01:19 . 2013-01-08 22:01	768000	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-20 01:15 . 2013-01-09 01:48	17812992	----a-w-	c:\windows\system32\mshtml.dll
2013-02-20 01:15 . 2013-01-09 01:22	10925568	----a-w-	c:\windows\system32\ieframe.dll
2013-02-16 08:56 . 2013-01-05 05:53	5553512	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-02-16 08:56 . 2013-01-05 05:00	3967848	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-02-16 08:56 . 2013-01-05 05:00	3913064	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-02-16 08:50 . 2013-01-04 03:26	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-02-16 08:50 . 2013-01-04 05:46	215040	----a-w-	c:\windows\system32\winsrv.dll
2013-02-16 08:50 . 2013-01-04 04:51	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2013-02-16 08:50 . 2013-01-04 02:47	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2013-02-16 08:50 . 2013-01-04 02:47	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2013-02-16 08:50 . 2013-01-04 02:47	2048	----a-w-	c:\windows\SysWow64\user.exe
2013-02-16 08:50 . 2013-01-04 02:47	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2013-02-16 08:50 . 2013-01-03 06:00	1913192	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-02-16 08:50 . 2013-01-03 06:00	288088	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-15 22:31 . 2013-02-15 22:31	186432	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-02-06 00:40 . 2013-02-06 00:40	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-20 01:25 . 2012-01-25 22:49	70004024	----a-w-	c:\windows\system32\MRT.exe
2013-02-11 22:14 . 2012-06-07 14:21	697712	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-11 22:14 . 2011-12-29 15:58	74096	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-06 00:40 . 2012-01-13 12:00	861088	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2013-02-06 00:40 . 2011-08-08 08:32	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-01-17 00:28 . 2010-11-21 03:27	273840	------w-	c:\windows\system32\MpSigStub.exe
2013-01-04 04:43 . 2013-02-16 08:50	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2012-12-24 12:25	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-24 12:25	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-24 12:25	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-24 12:25	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-13 12:50 . 2012-12-13 12:50	6112864	----a-w-	c:\windows\system32\usbaaplrc.dll
2012-12-13 12:50 . 2012-12-13 12:50	54784	----a-w-	c:\windows\system32\drivers\usbaapl64.sys
2012-12-07 13:20 . 2013-01-09 22:18	441856	----a-w-	c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-09 22:18	2746368	----a-w-	c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-09 22:18	308736	----a-w-	c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-09 22:18	2576384	----a-w-	c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-09 22:18	30720	----a-w-	c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-09 22:18	43520	----a-w-	c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-09 22:18	23552	----a-w-	c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-09 22:18	45568	----a-w-	c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-09 22:18	44544	----a-w-	c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-09 22:18	20480	----a-w-	c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-09 22:18	20480	----a-w-	c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-09 22:18	20480	----a-w-	c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-09 22:18	46592	----a-w-	c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-09 22:18	40960	----a-w-	c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-09 22:18	15360	----a-w-	c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-09 22:18	21504	----a-w-	c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-09 22:18	55296	----a-w-	c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-09 22:18	51712	----a-w-	c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-09 22:18	43520	----a-w-	c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-09 22:18	30720	----a-w-	c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-09 22:18	45568	----a-w-	c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 22:18	44544	----a-w-	c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 22:18	20480	----a-w-	c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 22:18	23552	----a-w-	c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-09 22:18	20480	----a-w-	c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 22:18	46592	----a-w-	c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-09 22:18	20480	----a-w-	c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-09 22:18	21504	----a-w-	c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-09 22:18	40960	----a-w-	c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-09 22:18	15360	----a-w-	c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-09 22:18	51712	----a-w-	c:\windows\SysWow64\esrb.rs
2012-12-07 10:46 . 2013-01-09 22:18	55296	----a-w-	c:\windows\SysWow64\cero.rs
2012-11-30 05:45 . 2013-01-09 22:19	362496	----a-w-	c:\windows\system32\wow64win.dll
2012-11-30 05:45 . 2013-01-09 22:19	243200	----a-w-	c:\windows\system32\wow64.dll
2012-11-30 05:45 . 2013-01-09 22:19	13312	----a-w-	c:\windows\system32\wow64cpu.dll
2012-11-30 05:43 . 2013-01-09 22:19	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2012-11-30 05:41 . 2013-01-09 22:19	424448	----a-w-	c:\windows\system32\KernelBase.dll
2012-11-30 05:41 . 2013-01-09 22:19	1161216	----a-w-	c:\windows\system32\kernel32.dll
2012-11-30 05:38 . 2013-01-09 22:19	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 22:19	4608	---ha-w-	c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 22:19	4608	---ha-w-	c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 22:19	4096	---ha-w-	c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 22:19	4096	---ha-w-	c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 22:19	3584	---ha-w-	c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 22:19	3072	---ha-w-	c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 22:19	3072	---ha-w-	c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 22:19	3072	---ha-w-	c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 22:19	3072	---ha-w-	c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 22:19	3584	---ha-w-	c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 22:19	3584	---ha-w-	c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 22:19	3584	---ha-w-	c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 22:19	5120	---ha-w-	c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 22:19	3072	---ha-w-	c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 22:19	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 22:19	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 22:19	3584	---ha-w-	c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 22:19	3584	---ha-w-	c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 22:19	3584	---ha-w-	c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 22:19	3072	---ha-w-	c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 22:19	3072	---ha-w-	c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 22:19	3072	---ha-w-	c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 22:19	3072	---ha-w-	c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 22:19	3072	---ha-w-	c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 22:19	3072	---ha-w-	c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 22:19	3072	---ha-w-	c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 22:19	3072	---ha-w-	c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 04:53 . 2013-01-09 22:19	274944	----a-w-	c:\windows\SysWow64\KernelBase.dll
2012-11-30 04:45 . 2013-01-09 22:19	4608	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 22:19	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 22:19	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 22:19	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 22:19	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 22:19	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 22:19	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 22:19	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 22:19	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 22:19	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 22:19	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 22:19	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 22:19	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 22:19	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 22:19	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 22:19	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 22:19	5120	---ha-w-	c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 22:19	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 22:19	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 22:19	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}]
2013-01-23 12:24	247704	----a-w-	c:\program files (x86)\Delta\delta\1.8.10.0\bh\delta.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-12-21 15:46	1521952	----a-w-	c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-12-21 1521952]
"{82E1477C-B154-48D3-9891-33D83C26BCD3}"= "c:\program files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll" [2013-01-23 321944]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{82e1477c-b154-48d3-9891-33d83c26bcd3}]
[HKEY_CLASSES_ROOT\delta.deltadskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\delta.deltadskBnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\das kleinvieh\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\das kleinvieh\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\das kleinvieh\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-02-15 1597864]
"Livedrive"="c:\program files (x86)\Livedrive\Livedrive.exe" [2012-10-25 1871360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2011-06-29 1409424]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-07 336384]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-11-29 1294712]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-06-20 1568976]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-26 348664]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-04-01 634880]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]
.
c:\users\das kleinvieh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\das kleinvieh\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe [2011-3-14 2125472]
Nach Updates suchen.lnk - c:\program files (x86)\Common Files\PCTV Systems\WebUpdater\WebUpdater.exe [2009-4-17 238864]
Toshiba Places Icon Utility.lnk - c:\program files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [2011-8-8 1493888]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2011-5-24 1875456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll c:\progra~3\browse~1\261095~1.52\{c16c1~1\browserprotect.dll
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-29 250984]
R3 TDEIO;TDEIO;c:\windows\SysWOW64\sysprep\Bootprio\tdeio64.sys [x]
R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-02-10 112080]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-09 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-15 27760]
S1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [2010-02-16 191960]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-07 204288]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-08 465360]
S2 BrowserProtect;BrowserProtect;c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2013-02-21 2561488]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 GFNEXSrv;GFNEX Service;c:\windows\System32\GFNEXSrv.exe [2010-09-09 162824]
S2 LivedriveVSSService;Livedrive VSS Service;c:\program files (x86)\Livedrive\VSSService.exe [2012-10-25 210144]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-03-29 598312]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-03-23 87040]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 azvusb;Virtual USB Hub;c:\windows\system32\DRIVERS\azvusb.sys [2009-08-24 54784]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-08 38096]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2010-11-02 1103464]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 26664519
*NewlyCreated* - 64575196
*Deregistered* - 26664519
*Deregistered* - 64575196
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-26 10:14	1629648	----a-w-	c:\program files (x86)\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-07 22:14]
.
2013-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-14 12:14]
.
2013-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-14 12:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupOverlay]
@="{B44A5D93-1351-41A1-BD91-5E92435D8ECD}"
[HKEY_CLASSES_ROOT\CLSID\{B44A5D93-1351-41A1-BD91-5E92435D8ECD}]
2012-10-25 15:48	1245920	----a-w-	c:\program files (x86)\Livedrive\LivedriveExtensions.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\das kleinvieh\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\das kleinvieh\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\das kleinvieh\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\das kleinvieh\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveDownloadOverlay]
@="{CBCDB610-6B68-4EE9-B7A2-1282FD0C9292}"
[HKEY_CLASSES_ROOT\CLSID\{CBCDB610-6B68-4EE9-B7A2-1282FD0C9292}]
2012-10-25 15:48	1245920	----a-w-	c:\program files (x86)\Livedrive\LivedriveExtensions.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveSharedOverlay]
@="{84CEF1E4-1356-4063-845F-05047F4DD52C}"
[HKEY_CLASSES_ROOT\CLSID\{84CEF1E4-1356-4063-845F-05047F4DD52C}]
2012-10-25 15:48	1245920	----a-w-	c:\program files (x86)\Livedrive\LivedriveExtensions.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveSyncedOverlay]
@="{42058329-2FBF-4B33-8E52-3BE5754DE0C1}"
[HKEY_CLASSES_ROOT\CLSID\{42058329-2FBF-4B33-8E52-3BE5754DE0C1}]
2012-10-25 15:48	1245920	----a-w-	c:\program files (x86)\Livedrive\LivedriveExtensions.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveUploadOverlay]
@="{39A1715A-E4CD-4F1E-B5C4-36B5DB80124E}"
[HKEY_CLASSES_ROOT\CLSID\{39A1715A-E4CD-4F1E-B5C4-36B5DB80124E}]
2012-10-25 15:48	1245920	----a-w-	c:\program files (x86)\Livedrive\LivedriveExtensions.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2011-02-10 1546720]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-12 11775592]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-10 2186856]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Toshiba Registration"="c:\program files\TOSHIBA\Registration\ToshibaReminder.exe" [2011-08-08 150992]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.delta-search.com/?affID=119370&babsrc=HP_ss&mntrId=2ef53d3b000000000000e0ca9496fde8
mStart Page = hxxp://searchfunmoods.com/?f=1&a=drive&chnl=drive&cd=2XzuyEtN2Y1L1Qzu0EtD0C0AzyyEzyyC0F0D0EzztA0DtA0BtN0D0Tzu0CtBzytCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1790178156
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.145.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Advanced System Protector_is1 - c:\program files (x86)\Advanced System Protector\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-02-26  15:58:11
ComboFix-quarantined-files.txt  2013-02-26 14:58
.
Vor Suchlauf: 9 Verzeichnis(se), 83.686.264.832 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 84.064.043.008 Bytes frei
.
- - End Of File - - FFA00C8A422B3DE7F95C4C8ABAF7C5B1
         

Alt 26.02.2013, 15:15   #11
markusg
/// Malware-holic
 
Avira Antivir meldet Adware/Yontoo.Gen - Standard

Avira Antivir meldet Adware/Yontoo.Gen



Hi,
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 26.02.2013, 16:12   #12
Kleinvieh
 
Avira Antivir meldet Adware/Yontoo.Gen - Standard

Avira Antivir meldet Adware/Yontoo.Gen



Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.26.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
das kleinvieh :: DASKLEINVIEH [Administrator]

26.02.2013 16:22:05
mbam-log-2013-02-26 (16-22-05).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 378121
Laufzeit: 49 Minute(n), 

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 11
HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs|Tabs (PUP.FunMoods) -> Daten: hxxp://searchfunmoods.com/?f=2&a=drive&chnl=drive&cd=2XzuyEtN2Y1L1Qzu0EtD0C0AzyyEzyyC0F0D0EzztA0DtA0BtN0D0Tzu0CtBzytCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1790178156 -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.FunMoods) -> Bösartig: (hxxp://searchfunmoods.com/?f=1&a=drive&chnl=drive&cd=2XzuyEtN2Y1L1Qzu0EtD0C0AzyyEzyyC0F0D0EzztA0DtA0BtN0D0Tzu0CtBzytCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1790178156) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Users\das kleinvieh\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\das kleinvieh\AppData\Local\funmoods.crx (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\das kleinvieh\AppData\Local\funmoods-speeddial_sf.crx (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\das kleinvieh\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

Alt 26.02.2013, 16:45   #13
markusg
/// Malware-holic
 
Avira Antivir meldet Adware/Yontoo.Gen - Standard

Avira Antivir meldet Adware/Yontoo.Gen



Hi,

lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 26.02.2013, 17:05   #14
Kleinvieh
 
Avira Antivir meldet Adware/Yontoo.Gen - Standard

Avira Antivir meldet Adware/Yontoo.Gen



Code:
ATTFilter
Absolute Video to Audio Converter 3.1.8		19.05.2012	nicht benötigt	
Adobe AIR	Adobe Systems Incorporated	03.05.2012		3.2.0.2070 unbekannt
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	11.02.2013	6,00MB	11.5.502.149 benötigt
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	11.02.2013	6,00MB	11.5.502.149 benötigt
Adobe Reader X (10.1.6) MUI	Adobe Systems Incorporated	23.02.2013	481MB	10.1.6 benötigt	
AllDup 3.4.18	Michael Thummerer Software Design	22.02.2013	9,97MB	3.4.18 nicht benötigt	
Amazon Kindle	Amazon	14.09.2012 benötigt		
Amazon MP3-Downloader 1.0.17	Amazon Services LLC	23.12.2012		1.0.17 benötigt
Apple Application Support	Apple Inc.	25.02.2013	62,7MB	2.3.3 benötigt
Apple Mobile Device Support	Apple Inc.	25.02.2013	25,2MB	6.1.0.13 benötigt
Apple Software Update	Apple Inc.	02.05.2012	2,38MB	2.1.3.127 benötigt
ATI Catalyst Install Manager	ATI Technologies, Inc.	30.11.2011	22,4MB	3.0.829.0 unbekannt
Audible Download Manager	Audible, Inc.	12.05.2012		6.6.0.15 benötigt
Audiograbber 1.83 SE	Audiograbber	17.10.2012		1.83 SE benötigt
Audiograbber MP3-Plugin	AG	17.10.2012		1.0 benötigt
Avira Free Antivirus	Avira	15.11.2012	108MB	12.1.9.1236 benötigt
Avira SearchFree Toolbar plus Web Protection	Ask.com	20.01.2013	3,94MB	1.15.13.0 benötigt
Avira SearchFree Toolbar plus Web Protection Updater	Ask.com	20.01.2013		1.3.0.23930 benötigt
Bonjour	Apple Inc.	02.05.2012	2,00MB	3.0.0.10 unbekannt
BrowserProtect	Bit89 Inc	22.02.2013		 unbekannt
calibre	Kovid Goyal	14.09.2012	136MB	0.8.69 benötigt
CCleaner	Piriform	25.02.2013		3.28 nicht benötigt
CloneDVD2	Elaborate Bytes	23.02.2013		2.9.3.0 nicht benötigt
Contrôle ActiveX Windows Live Mesh pour connexions à distance	Microsoft Corporation	08.08.2011	5,57MB	15.4.5722.2 unbekannt
Delta Chrome Toolbar	DeltaInstaller	22.02.2013	3,00KB	1.0.0.0 unbekannt
Delta toolbar	Delta	22.02.2013		1.8.10.0 unbekannt
Designer 2.0	Fomanu AG	19.07.2012		7.9.4 unbekannt
DivX Codec	DivX, Inc.	26.11.2012		6.6.1 unbekannt
Dropbox	Dropbox, Inc.	02.02.2013		1.6.16 benötigt
Free FLV Converter V 7.4.0	Koyote Soft	19.05.2012	17,5MB	7.4.0.0 nicht benötigt
Free Video to MP3 Converter version 5.0.19.1015	DVDVideoSoft Ltd.	17.10.2012	64,3MB	5.0.19.1015 nicht benötigt
Google Chrome	Google Inc.	14.11.2012		25.0.1364.97 benötigt
Google Toolbar for Internet Explorer	Google Inc.	20.01.2013		7.4.3607.2246 nicht benötigt
Guild Wars 2		08.06.2012 benötigt
HTC BMP USB Driver	HTC	03.05.2012	284KB	1.0.5375 nicht benötigt
HTC Driver Installer	HTC Corporation	03.05.2012	2,09MB	3.0.0.021 nicht benötigt
HTC Sync	HTC Corporation	03.05.2012	48,9MB	3.2.10 nicht benötigt
iCloud	Apple Inc.	20.01.2013	81,8MB	2.1.1.3 benötigt
Internet-TV für Windows Media Center	Microsoft Corporation	14.11.2012	13,6MB	4.2.2.0 benötigt
iTunes	Apple Inc.	25.02.2013	187MB	11.0.2.26 benötigt
Java 7 Update 13	Oracle	06.02.2013	129MB	7.0.130 benötigt
Java(TM) 6 Update 22	Oracle	28.12.2011	97,0MB	6.0.220 benötigt
Livedrive	Livedrive Internet Limited	02.11.2012	13,3MB	1.10.0.0 benötigt
Malwarebytes Anti-Malware Version 1.70.0.1100	Malwarebytes Corporation	26.02.2013	18,4MB	1.70.0.1100 nicht benötig
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	08.08.2011	38,8MB	4.0.30319 unbekannt
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	28.12.2011	2,93MB	4.0.30319 unbekannt
Microsoft .NET Framework 4 Extended	Microsoft Corporation	28.12.2011	51,9MB	4.0.30319 unbekannt
Microsoft .NET Framework 4 Extended DEU Language Pack	Microsoft Corporation	28.12.2011	10,6MB	4.0.30319 unbekannt
Microsoft Office 2010	Microsoft Corporation	08.08.2011	6,40MB	14.0.4763.1000 nicht benötigt
Microsoft Office Klick-und-Los 2010	Microsoft Corporation	03.04.2012		14.0.4763.1000 nicht benötigt
Microsoft Office Starter 2010 - Deutsch	Microsoft Corporation	03.04.2012		14.0.5128.5002 nicht benötigt
Microsoft Primary Interoperability Assemblies 2005	Microsoft Corporation	08.08.2011	7,75MB	9.0.21022 unbekannt
Microsoft Silverlight	Microsoft Corporation	12.05.2012	80,3MB	4.1.10329.0 unbekannt
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	08.08.2011	1,69MB	3.1.0000 unbekannt
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	25.01.2012	252KB	8.0.50727.4053 unbekannt
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	29.12.2011	300KB	8.0.61001 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17	Microsoft Corporation	08.08.2011	788KB	9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148	Microsoft Corporation	28.12.2011	784KB	9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	29.12.2011	788KB	9.0.30729.6161 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	08.08.2011	596KB	9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	08.08.2011	596KB	9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	29.12.2011	600KB	9.0.30729.6161 unbekannt
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319	Microsoft Corporation	07.01.2012	14,5MB	10.0.30319 unbekannt
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	19.01.2012	12,2MB	10.0.40219 unbekannt
Mozilla Maintenance Service	Mozilla	13.12.2012	216KB	16.0.2 unbekannt
Mozilla Thunderbird 16.0.2 (x86 de)	Mozilla	13.12.2012	39,5MB	16.0.2 benötigt
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	29.12.2011	1,27MB	4.20.9870.0 unbekannt
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	29.12.2011	1,33MB	4.20.9876.0 unbekannt
MSXML 4.0 SP3 Parser	Microsoft Corporation	03.05.2012	1,47MB	4.30.2100.0 unbekannt
MSXML 4.0 SP3 Parser (KB2721691)	Microsoft Corporation	11.07.2012	1,53MB	4.30.2114.0 unbekannt
MSXML 4.0 SP3 Parser (KB2758694)	Microsoft Corporation	11.01.2013	1,54MB	4.30.2117.0 unbekannt
MSXML 4.0 SP3 Parser (KB973685)	Microsoft Corporation	04.05.2012	1,53MB	4.30.2107.0 unbekannt
Nero BackItUp 10	Nero AG	08.08.2011	114MB	5.8.10900.8.100 unbekannt
Nero BurnRights 10	Nero AG	08.08.2011	6,14MB	4.4.10400.2.100 unbekannt
Nero Express 10	Nero AG	08.08.2011	165MB	10.6.10700.5.100 unbekannt
Nero InfoTool 10	Nero AG	08.08.2011	8,07MB	7.4.10300.1.100 unbekannt
Nero Kwik Media	Nero AG	08.08.2011	250MB	1.6.15100.59.100 unbekannt
Nero Multimedia Suite 10 Essentials	Nero AG	08.08.2011	846MB	10.6.10300 unbekannt
Nero RescueAgent 10	Nero AG	08.08.2011	6,53MB	3.6.10500.3.100 unbekannt
Nero StartSmart 10	Nero AG	08.08.2011	143MB	10.6.10500.3.100 unbekannt
Nero Update	Nero AG	08.08.2011	1,46MB	1.0.10900.31.0 unbekannt
OpenOffice.org 3.3	OpenOffice.org	28.12.2011	414MB	3.3.9567 benötigt
PlayReady PC Runtime amd64	Microsoft Corporation	08.08.2011	2,05MB	1.3.0 unbekannt
QuickTime	Apple Inc.	24.11.2012	73,1MB	7.73.80.64 benötigt
Realtek Ethernet Controller Driver	Realtek	30.11.2011		7.38.113.2011 unbekannt
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	30.11.2011		6.0.1.6289 unbekannt
Realtek USB 2.0 Card Reader	Realtek Semiconductor Corp.	30.11.2011		6.1.7600.30126 unbekannt
Realtek WLAN Driver	REALTEK Semiconductor Corp.	30.11.2011		2.00.0013unbekannt
Safari	Apple Inc.	10.05.2012	104MB	5.34.57.2 benötigt
Skype™ 5.10	Skype Technologies S.A.	15.09.2012	19,4MB	5.10.116 nicht benötigt
Steam	Valve Corporation	28.12.2011	35,4MB	1.0.0.0 benötigt
Synaptics Pointing Device Driver	Synaptics Incorporated	30.11.2011	46,4MB	15.2.11.1 unbekannt
TOSHIBA Assist	TOSHIBA CORPORATION	08.08.2011		4.02.02 unbekannt
TOSHIBA ConfigFree	TOSHIBA CORPORATION	30.11.2011	90,7MB	8.0.37 unbekannt
TOSHIBA Disc Creator	TOSHIBA Corporation	30.11.2011	19,1MB	2.1.0.6 for x64 unbekannt
TOSHIBA Face Recognition	TOSHIBA Corporation	30.11.2011		3.1.8.64 unbekannt
TOSHIBA Hardware Setup	TOSHIBA	30.11.2011		2.00.0013 unbekannt 
TOSHIBA HDD/SSD Alert	TOSHIBA Corporation	30.11.2011	55,0MB	3.1.64.7 unbekannt
Toshiba Manuals	TOSHIBA	08.08.2011		10.02 unbekannt
TOSHIBA Media Controller	TOSHIBA CORPORATION	30.11.2011		1.0.86.2 unbekannt
TOSHIBA Online Product Information	TOSHIBA	08.08.2011		4.01.0000 unbekannt
TOSHIBA Places Icon Utility	TOSHIBA Corporation	08.08.2011		1.1.0.12 unbekannt
TOSHIBA Recovery Media Creator	TOSHIBA CORPORATION	08.08.2011		2.1.3.10010 unbekannt
TOSHIBA Recovery Media Creator Reminder	TOSHIBA	08.08.2011	1,77MB	1.1.0.0 unbekannt
TOSHIBA ReelTime	TOSHIBA Corporation	30.11.2011		1.7.17.64 unbekannt
TOSHIBA Service Station	TOSHIBA	30.11.2011		2.1.52 unbekannt
TOSHIBA Supervisor Password	TOSHIBA	30.11.2011		2.00.0008 unbekannt
TOSHIBA TEMPRO	Toshiba Europe GmbH	08.08.2011	11,3MB	3.35 unbekannt
TOSHIBA Value Added Package	TOSHIBA Corporation	30.11.2011	176MB	1.5.4.64 unbekannt
TOSHIBA Web Camera Application	TOSHIBA Corporation	30.11.2011	61,6MB	2.0.0.13 unbekannt
TOSHIBA Wireless LAN Indicator	TOSHIBA CORPORATION	30.11.2011	5,08MB	1.0.4 unbekannt
TRORMCLauncher		30.11.2011 unbekannt		
TVCenter	PCTV Systems	26.11.2012	170MB	6.4.0.785 benötigt
Winamp	Nullsoft, Inc	07.01.2012		5.623  benötigt
Winamp Erkennungs-Plug-in	Nullsoft, Inc	07.01.2012	63,0KB	1.0.0.1benötigt
Windows Live Essentials	Microsoft Corporation	08.08.2011		15.4.3538.0513 unbekannt
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen	Microsoft Corporation	08.08.2011	5,57MB	15.4.5722.2 unbekannt
Windows Live Mesh ActiveX Control for Remote Connections	Microsoft Corporation	08.08.2011	5,37MB	15.4.5722.2 unbekannt
Windows Live Mesh ActiveX control for remote connections	Microsoft Corporation	08.08.2011	5,57MB	15.4.5722.2 unbekannt
         

Alt 26.02.2013, 17:31   #15
markusg
/// Malware-holic
 
Avira Antivir meldet Adware/Yontoo.Gen - Standard

Avira Antivir meldet Adware/Yontoo.Gen



Deinstaliere:
Absolute
Adobe AIR
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
Sicherheit (erweitert)
Erweiterte Sicherheit anhaken
und alle Dateien auswählen.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
AllDup
Avira SearchFree : beide, ist ne Toolbar und solche sollten auf PC's nicht instaliert sein.
BrowserProtect
CloneDVD2
Contrôle
Delta : beide
Designer
DivX
Free : beide
Google Toolbar
HTC : alle
Java : alle
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
Microsoft Office : nicht benötigte.
Microsoft Silverlight
Mozilla Thunderbird : öffnen, hilfe, update, einspielen.

Deinstaliere:
Nero : alle
Skype™
Windows Live : alle für dich unnötigen.

Öffne CCleaner, analysieren, starten, PC neustarten
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Avira Antivir meldet Adware/Yontoo.Gen
adware/yontoo.gen, antivir, avira, avira antivir, besser, bitte um hilfe, erstelle, erstellen, eurem, faust, forum, lieber, mehreren, melde, meldet, neues, nichts, rechner, sauber, scan, schonmal, stelle, thema, unternimmt, virus



Ähnliche Themen: Avira Antivir meldet Adware/Yontoo.Gen


  1. Avira meldet ständig Fund: ADWARE/CrossRider.VU
    Log-Analyse und Auswertung - 06.09.2015 (19)
  2. Windows 7: Avira meldet immer wieder ADWARE/Adware.Gen4 bzw. .Gen7, zudem taucht Optimizer Pro immer wieder auf
    Log-Analyse und Auswertung - 14.12.2014 (9)
  3. Win7/Avira meldet ADWARE/Adware.Gen7
    Log-Analyse und Auswertung - 24.11.2014 (8)
  4. Avira meldet ADWARE/DomaIQ.24569 + Defogger-Download blockiert
    Plagegeister aller Art und deren Bekämpfung - 07.04.2014 (13)
  5. Avira meldet ADWARE/InstallCore.Gen
    Log-Analyse und Auswertung - 24.01.2014 (13)
  6. Avira Free Antivirus meldet Adware/InstallCore7
    Log-Analyse und Auswertung - 19.01.2014 (9)
  7. Windows Vista: Avira Antivir meldet erst ADWARE/bProtect.D einige Tage später TR/Fakeadb.A
    Log-Analyse und Auswertung - 26.10.2013 (17)
  8. Windows XP: Avira meldet Adware, Maleware, Programme
    Log-Analyse und Auswertung - 07.10.2013 (19)
  9. Avira AntiVir meldet Atraps/Gen und Gen2
    Log-Analyse und Auswertung - 09.08.2013 (3)
  10. ADWARE/InstallCore.Gen, ADWARE/Yontoo.Gen und ADWARE/InstallCore.E von AVIRA gefunden
    Plagegeister aller Art und deren Bekämpfung - 16.04.2013 (10)
  11. Avira meldet ADWARE/Yontoo.E.1
    Plagegeister aller Art und deren Bekämpfung - 13.04.2013 (10)
  12. AVIRA meldet ADWARE/Yontoo.Gen Fund
    Log-Analyse und Auswertung - 13.04.2013 (7)
  13. AVIRA-Fund: ADWARE/YONTOO.GEN2 und ESET-Fund: Win32/StartPage.OPH trojan
    Plagegeister aller Art und deren Bekämpfung - 04.04.2013 (12)
  14. Avira fand mehrere ADWARE/Yontoo.Gen + Install Core.Gen
    Log-Analyse und Auswertung - 17.02.2013 (8)
  15. Avira meldet ADWARE/Yontoo.E.1
    Plagegeister aller Art und deren Bekämpfung - 04.01.2013 (12)
  16. avira meldet mehrere funde mit ADWARE im namen - gefährlich?
    Plagegeister aller Art und deren Bekämpfung - 13.04.2011 (15)
  17. Avira AntiVir meldet Trojaner TR/Hijacker.Gen - was tun?
    Plagegeister aller Art und deren Bekämpfung - 10.01.2011 (7)

Zum Thema Avira Antivir meldet Adware/Yontoo.Gen - Hallo! Beim letzten Scan mit Avira Antivir wurde mir der Virus Adware/Yontoo.Gen gemeldet. An mehreren Stelle in eurem Forum habe ich gelesen, dass man besser nichts auf eigene Faust unternimmt, - Avira Antivir meldet Adware/Yontoo.Gen...
Archiv
Du betrachtest: Avira Antivir meldet Adware/Yontoo.Gen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.