Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Link in Mastercard Phishing mail angeklickt -Virus o. Ä. ?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 08.05.2013, 09:48   #1
Katjathe
 
Link in Mastercard Phishing mail angeklickt -Virus o. Ä. ? - Standard

Link in Mastercard Phishing mail angeklickt -Virus o. Ä. ?



Hallo zusammen,

wie schön, dass es dieses Board gibt, vielen Dank bereits vorab an alle Helfer!!

Auch ich habe in einem Anfall geistiger Umnachtung einen Link in einer der bekannten Mastercard Phishing mails angeklickt. Dann kam mir die Sache allerdings (endlich) doch sehr seltsam vor und ich habe die Seite relativ schnell wieder weggeklickt (ohne auf der Seite noch weiteren links zu folgen oder gar Daten einzugeben).
Probleme mit dem Computer habe ich seither (gestern Nacht) nicht, aber ich bin leider ziemlicher Laie und weiß daher nicht, ob und ggf. was ich mir wohlmöglich eingefangen haben. Avira Antivir (leider bislang nur die free-Version) hat nichts gefunden.

Ich habe versucht, die zunächst angeforderten Scans schonmal durchzuführen, bin aber gleich beim Defogger gescheitert:

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 10:19 on 08/05/2013 (***)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-
         
Nun wusste ich nicht, ob und wie ich weitermachen soll, da ja die Frage nach dem Re-enable noch aussteht und ich für den anderen Scan alle Programme schließen soll.

Ich wäre sehr dankbar, wenn mir jemand helfen könnte.

Liebe Grüße

Alt 08.05.2013, 11:23   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Link in Mastercard Phishing mail angeklickt -Virus o. Ä. ? - Standard

Link in Mastercard Phishing mail angeklickt -Virus o. Ä. ?



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 08.05.2013, 13:20   #3
Katjathe
 
Link in Mastercard Phishing mail angeklickt -Virus o. Ä. ? - Standard

Link in Mastercard Phishing mail angeklickt -Virus o. Ä. ?



Hallo cosinus,

vielen Dank erstmal für Deine Hilfe.

..bisher habe ich nur antivir darüber laufen lassen (das ist das Einzige, was ich habe...), dies ergab folgendes:

Code:
ATTFilter

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Mittwoch, 8. Mai 2013  00:00


Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows 7 Home Premium
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus     : Normal gebootet
Benutzername   : Angela
Computername   : ANGELA-TOSH

Versionsinformationen:
BUILD.DAT      : 13.0.0.3640    54852 Bytes  18.04.2013 13:29:00
AVSCAN.EXE     : 13.6.0.1262   636984 Bytes  07.05.2013 21:59:04
AVSCANRC.DLL   : 13.4.0.360     64800 Bytes  07.05.2013 21:59:04
LUKE.DLL       : 13.6.0.1262    65080 Bytes  07.05.2013 21:59:23
AVSCPLR.DLL    : 13.6.0.986     94944 Bytes  07.05.2013 21:59:45
AVREG.DLL      : 13.6.0.940    250592 Bytes  07.05.2013 21:59:45
avlode.dll     : 13.6.2.1262   432184 Bytes  07.05.2013 21:59:02
avlode.rdf     : 13.0.0.46      15591 Bytes  07.05.2013 21:59:46
VBASE000.VDF   : 7.11.70.0   66736640 Bytes  04.04.2013 21:58:29
VBASE001.VDF   : 7.11.74.226  2201600 Bytes  30.04.2013 21:58:32
VBASE002.VDF   : 7.11.74.227     2048 Bytes  30.04.2013 21:58:32
VBASE003.VDF   : 7.11.74.228     2048 Bytes  30.04.2013 21:58:32
VBASE004.VDF   : 7.11.74.229     2048 Bytes  30.04.2013 21:58:32
VBASE005.VDF   : 7.11.74.230     2048 Bytes  30.04.2013 21:58:32
VBASE006.VDF   : 7.11.74.231     2048 Bytes  30.04.2013 21:58:32
VBASE007.VDF   : 7.11.74.232     2048 Bytes  30.04.2013 21:58:32
VBASE008.VDF   : 7.11.74.233     2048 Bytes  30.04.2013 21:58:32
VBASE009.VDF   : 7.11.74.234     2048 Bytes  30.04.2013 21:58:32
VBASE010.VDF   : 7.11.74.235     2048 Bytes  30.04.2013 21:58:32
VBASE011.VDF   : 7.11.74.236     2048 Bytes  30.04.2013 21:58:32
VBASE012.VDF   : 7.11.74.237     2048 Bytes  30.04.2013 21:58:32
VBASE013.VDF   : 7.11.74.238     2048 Bytes  30.04.2013 21:58:32
VBASE014.VDF   : 7.11.75.97    181248 Bytes  02.05.2013 21:58:32
VBASE015.VDF   : 7.11.75.183   217600 Bytes  03.05.2013 21:58:33
VBASE016.VDF   : 7.11.76.27    183808 Bytes  04.05.2013 21:58:33
VBASE017.VDF   : 7.11.76.101   194048 Bytes  06.05.2013 21:58:33
VBASE018.VDF   : 7.11.76.102     2048 Bytes  06.05.2013 21:58:33
VBASE019.VDF   : 7.11.76.103     2048 Bytes  06.05.2013 21:58:33
VBASE020.VDF   : 7.11.76.104     2048 Bytes  06.05.2013 21:58:33
VBASE021.VDF   : 7.11.76.105     2048 Bytes  06.05.2013 21:58:33
VBASE022.VDF   : 7.11.76.106     2048 Bytes  06.05.2013 21:58:34
VBASE023.VDF   : 7.11.76.107     2048 Bytes  06.05.2013 21:58:34
VBASE024.VDF   : 7.11.76.108     2048 Bytes  06.05.2013 21:58:34
VBASE025.VDF   : 7.11.76.109     2048 Bytes  06.05.2013 21:58:34
VBASE026.VDF   : 7.11.76.110     2048 Bytes  06.05.2013 21:58:34
VBASE027.VDF   : 7.11.76.111     2048 Bytes  06.05.2013 21:58:34
VBASE028.VDF   : 7.11.76.112     2048 Bytes  06.05.2013 21:58:34
VBASE029.VDF   : 7.11.76.113     2048 Bytes  06.05.2013 21:58:34
VBASE030.VDF   : 7.11.76.114     2048 Bytes  06.05.2013 21:58:34
VBASE031.VDF   : 7.11.76.210   154624 Bytes  07.05.2013 21:58:35
Engineversion  : 8.2.12.34 
AEVDF.DLL      : 8.1.2.10      102772 Bytes  07.05.2013 21:58:41
AESCRIPT.DLL   : 8.1.4.110     483709 Bytes  07.05.2013 21:58:41
AESCN.DLL      : 8.1.10.4      131446 Bytes  07.05.2013 21:58:40
AESBX.DLL      : 8.2.5.12      606578 Bytes  07.05.2013 21:58:41
AERDL.DLL      : 8.2.0.88      643444 Bytes  07.05.2013 21:58:40
AEPACK.DLL     : 8.3.2.6       827767 Bytes  07.05.2013 21:58:40
AEOFFICE.DLL   : 8.1.2.56      205180 Bytes  07.05.2013 21:58:39
AEHEUR.DLL     : 8.1.4.336    5898617 Bytes  07.05.2013 21:58:39
AEHELP.DLL     : 8.1.25.2      258423 Bytes  07.05.2013 21:58:36
AEGEN.DLL      : 8.1.7.2       442741 Bytes  07.05.2013 21:58:36
AEEXP.DLL      : 8.4.0.26      201078 Bytes  07.05.2013 21:58:41
AEEMU.DLL      : 8.1.3.2       393587 Bytes  07.05.2013 21:58:35
AECORE.DLL     : 8.1.31.2      201080 Bytes  07.05.2013 21:58:35
AEBB.DLL       : 8.1.1.4        53619 Bytes  07.05.2013 21:58:35
AVWINLL.DLL    : 13.6.0.480     26480 Bytes  07.05.2013 21:57:07
AVPREF.DLL     : 13.6.0.480     51056 Bytes  07.05.2013 21:59:03
AVREP.DLL      : 13.6.0.480    178544 Bytes  07.05.2013 21:59:45
AVARKT.DLL     : 13.6.0.1262   258104 Bytes  07.05.2013 21:58:55
AVEVTLOG.DLL   : 13.6.0.1262   164920 Bytes  07.05.2013 21:58:57
SQLITE3.DLL    : 3.7.0.1       397704 Bytes  07.05.2013 21:59:34
AVSMTP.DLL     : 13.6.0.480     62832 Bytes  07.05.2013 21:59:05
NETNT.DLL      : 13.6.0.480     16240 Bytes  07.05.2013 21:59:27
RCIMAGE.DLL    : 13.4.0.360   4780832 Bytes  07.05.2013 21:57:08
RCTEXT.DLL     : 13.6.0.976     69344 Bytes  07.05.2013 21:57:08

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Schnelle Systemprüfung
Konfigurationsdatei...................: c:\program files (x86)\avira\antivir desktop\quicksysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Mittwoch, 8. Mai 2013  00:00

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLANExt.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'NvXDSync.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'ACService.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'DTUpdate.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftvsa.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvSCPAPISvr.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'TemproTray.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'TODDSrv.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'TosCoSrv.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftlist.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'TosNcCore.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'TosReelTimeMonitor.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPwrMain.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'TecoService.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'TCrdMain.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'Teco.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'CVHSVC.EXE' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'TOPI.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchEngineProtection.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'TMMonitor.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'TosDIMonitor.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'TSleepSrv.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'ToshibaServiceStation.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'ExpressTV.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPHelper.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'TrustedInstaller.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'Updater.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'ACDaemon.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'NDSTray.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'CFSwMgr.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'TMachInfo.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'avira_free_antivirus.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'avwebloader.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'TosSmartSrv.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'TosSENotify.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPCHSrv.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPCHWMsg.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'CFIWmxSvcs64.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'CFSvcs.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'NASvc.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'sppsvc.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'presetup.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'setup.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'avconfig.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'update.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'updrgui.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '0' Modul(e) wurden durchsucht


Ende des Suchlaufs: Mittwoch, 8. Mai 2013  00:01
Benötigte Zeit: 00:04 Minute(n)

Der Suchlauf wurde abgebrochen!

      0 Verzeichnisse wurden überprüft
    100 Dateien wurden geprüft
      0 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      0 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
    100 Dateien ohne Befall
      0 Archive wurden durchsucht
      0 Warnungen
      0 Hinweise
         
__________________

Alt 08.05.2013, 13:39   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Link in Mastercard Phishing mail angeklickt -Virus o. Ä. ? - Standard

Link in Mastercard Phishing mail angeklickt -Virus o. Ä. ?



Da sind aber keine Funde geloggt. Gab es denn niemals bisher iwelche Funde?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.05.2013, 13:53   #5
Katjathe
 
Link in Mastercard Phishing mail angeklickt -Virus o. Ä. ? - Standard

Link in Mastercard Phishing mail angeklickt -Virus o. Ä. ?



... nein, gab es nicht...
eventuell ist ja auch nichts, aber überall im Netz wird so eine Panik gemacht, wenn man auf den Link in einer solchen mail klickt - und ich kenne mich wirklich leider nicht so gut aus, so dass ich einfach nur sicher gehen wollte, ob ich weiter "risikolos" online Einkaufen und meine Bankgeschäfte machen kann...

Ich hoffe, ich habe Dich nicht vollkommen sinnloserweise bemüht.


Alt 08.05.2013, 13:54   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Link in Mastercard Phishing mail angeklickt -Virus o. Ä. ? - Standard

Link in Mastercard Phishing mail angeklickt -Virus o. Ä. ?



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________
--> Link in Mastercard Phishing mail angeklickt -Virus o. Ä. ?

Alt 08.05.2013, 16:46   #7
Katjathe
 
Link in Mastercard Phishing mail angeklickt -Virus o. Ä. ? - Standard

Link in Mastercard Phishing mail angeklickt -Virus o. Ä. ?



Hier also die OTL.Txt:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 5/8/2013 2:59:30 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\A*\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7.98 Gb Total Physical Memory | 5.90 Gb Available Physical Memory | 73.92% Memory free
15.96 Gb Paging File | 13.65 Gb Available in Paging File | 85.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 348.61 Gb Total Space | 268.95 Gb Free Space | 77.15% Space Free | Partition Type: NTFS
Drive D: | 349.64 Gb Total Space | 335.62 Gb Free Space | 95.99% Space Free | Partition Type: NTFS
 
Computer Name: A*-TOSH | User Name: A* | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\A*\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\program files (x86)\avira\antivir desktop\avcenter.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\GamesBar\update\SearchEngineProtection.exe (Oberon Media )
PRC - C:\Users\A*\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe ()
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe (Somoto)
PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - c:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\SysWOW64\schtasks.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)
PRC - C:\Program Files (x86)\ASUS\PopupTV\ExpressTV.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - c:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Windows\SysWOW64\msjetoledb40.dll ()
MOD - C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\uPiApi.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (DefaultTabUpdate) -- C:\Users\A*\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (NAUpdate) -- c:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (TemproMonitoringService) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\rtsuvstor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (Tosrfusb) -- C:\Windows\SysNative\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (tosrfec) -- C:\Windows\SysNative\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (AF9035BDA) -- C:\Windows\SysNative\drivers\AF9035BDA.sys (AfaTech                  )
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV:64bit: - (QIOMem) -- C:\Windows\SysNative\drivers\QIOMem.sys (TOSHIBA)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ASUSVRC64) -- C:\Windows\SysNative\drivers\AsusVRC64.sys (ASUSTeK COMPUTER INC.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3602645871-113791597-1020444511-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
IE - HKU\S-1-5-21-3602645871-113791597-1020444511-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=109958&tt=4312_2&babsrc=HP_ss&mntrId=5422d03800000000000074de2b167e9c
IE - HKU\S-1-5-21-3602645871-113791597-1020444511-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-3602645871-113791597-1020444511-1000\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files (x86)\W3i\NetAssistant\NetAssistant.dll (W3i, LLC)
IE - HKU\S-1-5-21-3602645871-113791597-1020444511-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3602645871-113791597-1020444511-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3602645871-113791597-1020444511-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www2.delta-search.com/?q={searchTerms}&affID=119816&tt=gc_&babsrc=SP_ss&mntrId=542274DE2B167E9C
IE - HKU\S-1-5-21-3602645871-113791597-1020444511-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TEUA_deDE470
IE - HKU\S-1-5-21-3602645871-113791597-1020444511-1000\..\SearchScopes\{B34C0330-4203-422A-9F7A-8638C120BE63}: "URL" = hxxp://www.mysearchresults.com/search?c=2653&t=01&q={searchTerms}
IE - HKU\S-1-5-21-3602645871-113791597-1020444511-1000\..\SearchScopes\{F54CF899-75A7-44C3-BFC4-757FCAEA803B}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=TKR&o=15589&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=IY&apn_dtid=YYYYYYYYDE&apn_uid=36d9835c-49b5-4a56-b233-bc3e6dcdcd2b&apn_sauid=B0A11F95-F585-4D92-B504-9F986D79E572
IE - HKU\S-1-5-21-3602645871-113791597-1020444511-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Yahoo!"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Yahoo!"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://start.gamesagogo.iplay.com/?o=shp"
FF - prefs.js..extensions.enabledAddons: toolbar@web.de:2.3.3
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?affID=109958&tt=4312_2&babsrc=KW_ss&mntrId=5422d03800000000000074de2b167e9c&q="
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/14 10:46:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/04/14 10:45:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lrcspal@xinghao.net: C:\Program Files (x86)\XingHaoLyrics\FF\ [2013/05/08 10:10:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/14 10:46:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/04/14 10:45:56 | 000,000,000 | ---D | M]
 
[2012/02/14 15:36:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\A*\AppData\Roaming\mozilla\Extensions
[2013/04/07 10:11:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\A*\AppData\Roaming\mozilla\Firefox\Profiles\alsg3ztp.default\extensions
[2013/04/07 10:11:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\A*\AppData\Roaming\mozilla\Firefox\Profiles\alsg3ztp.default\extensions\staged
[2013/04/03 09:58:13 | 000,000,000 | ---D | M] (@@toolbarname@@) -- C:\Users\A*\AppData\Roaming\mozilla\Firefox\Profiles\alsg3ztp.default\extensions\toolbar@ask.com
[2013/05/08 10:18:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\A*\AppData\Roaming\mozilla\Firefox\Profiles\o416w7wc.default-1350920785951\extensions
[2013/04/07 10:11:03 | 000,029,637 | ---- | M] () (No name found) -- C:\Users\A*\AppData\Roaming\mozilla\firefox\profiles\alsg3ztp.default\extensions\staged\addon@defaulttab.com.xpi
[2013/03/21 21:02:10 | 000,549,639 | ---- | M] () (No name found) -- C:\Users\A*\AppData\Roaming\mozilla\firefox\profiles\o416w7wc.default-1350920785951\extensions\toolbar@web.de.xpi
[2013/05/08 10:10:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013/04/14 10:45:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/04/14 10:45:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/04/14 10:45:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/05/08 10:10:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\ffxtlbr@babylon.com
[2013/04/14 10:45:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions
[2013/04/14 10:45:56 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/04/14 10:46:01 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/14 17:49:30 | 000,171,136 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2013/04/14 10:45:59 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/10/22 17:33:37 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2013/04/14 10:45:59 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/04/14 10:45:59 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013/04/14 10:45:59 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013/04/14 10:45:59 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013/04/14 10:45:59 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
[2013/04/07 10:11:31 | 000,000,786 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Yahooober1661941.xml
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\A*\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
O2 - BHO: (LyricsPal) - {A3DAEB01-4C15-4AC6-A689-6406FD954EE0} - C:\Program Files (x86)\XingHaoLyrics\lrcspal.dll (XingHao Software)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (NetAssistant) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files (x86)\W3i\NetAssistant\NetAssistant.dll (W3i, LLC)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3602645871-113791597-1020444511-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3602645871-113791597-1020444511-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NBAgent] c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [POPUPTV] C:\Program Files (x86)\ASUS\PopupTV\ExpressTV.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)
O4 - HKU\.DEFAULT..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-21-3602645871-113791597-1020444511-1000..\Run: [SearchEngineProtection] C:\Program Files (x86)\GamesBar\update\SearchEngineProtection.exe (Oberon Media )
O4 - HKU\S-1-5-21-3602645871-113791597-1020444511-1000..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\RunOnce: [awde7zip23742] C:\Users\A*\AppData\Local\Temp\BI_RunOnce.exe (Somoto Ltd.)
O4 - HKLM..\RunOnce: [Del2185948] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3602645871-113791597-1020444511-1000..\RunOnce: [Del2185948] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3602645871-113791597-1020444511-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_Plugin.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-3602645871-113791597-1020444511-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8 - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69E146DC-559E-48A5-A0C6-C92ADAF6E315}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/05/08 10:10:30 | 000,000,000 | ---D | C] -- C:\Users\A*\Local Settings
[2013/05/08 10:10:27 | 000,000,000 | ---D | C] -- C:\Users\A*\AppData\Roaming\DealPly
[2013/05/08 10:10:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XingHaoLyrics
[2013/05/08 10:10:21 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect
[2013/05/08 10:09:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FilesFrog Update Checker
[2013/05/08 00:01:19 | 000,000,000 | ---D | C] -- C:\Users\A*\AppData\Roaming\Avira
[2013/05/08 00:01:04 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013/05/08 00:00:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013/05/08 00:00:08 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013/05/08 00:00:08 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013/05/08 00:00:08 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013/05/08 00:00:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013/05/07 23:15:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/05/07 23:15:26 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/05/07 23:15:26 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/05/07 23:15:26 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/05/07 10:16:15 | 000,000,000 | ---D | C] -- C:\Users\A*\4.0
[2013/05/07 10:16:14 | 000,000,000 | ---D | C] -- C:\Users\A*\.tfo4
[2013/04/29 20:53:41 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/04/14 10:45:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/04/10 20:14:07 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/04/10 20:14:07 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/04/10 20:14:07 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/04/10 20:14:06 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/04/10 20:14:06 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/04/10 20:14:06 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/04/10 20:14:06 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/04/10 20:14:06 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/04/10 20:14:06 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/04/10 20:14:06 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/04/10 20:14:06 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/04/10 20:14:06 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/04/10 20:14:05 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/04/10 20:14:05 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/04/10 20:14:04 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/04/10 19:35:46 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013/04/10 19:35:46 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013/04/10 19:35:46 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013/04/10 19:35:46 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013/04/10 19:35:46 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013/04/10 19:35:46 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013/04/10 19:35:39 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/04/10 19:35:39 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/04/10 19:35:39 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/04/10 19:35:38 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/04/10 19:35:38 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/04/10 19:35:38 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013/05/08 14:50:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/08 14:13:08 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/08 10:15:50 | 000,000,000 | ---- | M] () -- C:\Users\A*\defogger_reenable
[2013/05/08 09:42:01 | 000,025,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/08 09:42:01 | 000,025,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/08 09:34:22 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro64 startups.job
[2013/05/08 09:34:07 | 2133,217,279 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/08 00:01:02 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013/05/08 00:00:20 | 000,002,073 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013/05/07 23:59:45 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013/05/07 23:59:45 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013/05/07 23:59:45 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013/05/07 12:50:45 | 001,500,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/07 12:50:45 | 000,654,844 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013/05/07 12:50:45 | 000,616,686 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/07 12:50:45 | 000,130,426 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013/05/07 12:50:45 | 000,106,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/02 21:30:54 | 474,134,091 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/04/29 22:01:35 | 000,025,582 | ---- | M] () -- C:\Users\Public\Documents\cc_20130429_220119.reg
[2013/04/29 21:57:52 | 000,000,829 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/04/11 16:31:28 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013/05/08 10:15:50 | 000,000,000 | ---- | C] () -- C:\Users\A* \defogger_reenable
[2013/05/08 00:00:20 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013/05/02 21:30:54 | 474,134,091 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/04/29 22:01:30 | 000,025,582 | ---- | C] () -- C:\Users\Public\Documents\cc_20130429_220119.reg
[2013/04/29 21:57:52 | 000,000,829 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/04/07 10:11:04 | 000,000,306 | RHS- | C] () -- C:\Users\A*\ntuser.pol
[2013/03/03 12:08:01 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/02/20 14:39:03 | 004,014,540 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/11/09 10:45:38 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
--- --- ---


und hier der Extras.Txt:

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 5/8/2013 2:59:30 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\A*\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7.98 Gb Total Physical Memory | 5.90 Gb Available Physical Memory | 73.92% Memory free
15.96 Gb Paging File | 13.65 Gb Available in Paging File | 85.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 348.61 Gb Total Space | 268.95 Gb Free Space | 77.15% Space Free | Partition Type: NTFS
Drive D: | 349.64 Gb Total Space | 335.62 Gb Free Space | 95.99% Space Free | Partition Type: NTFS
 
Computer Name: A*-TOSH | User Name: A* | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3602645871-113791597-1020444511-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0128B0D9-0D47-49FA-8C33-715597C6B8AB}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{0A140113-8F02-4001-9194-0B0B122BF668}" = lport=137 | protocol=17 | dir=in | app=system | 
"{138ACB98-34AE-4B65-887A-A3715780FEEE}" = rport=138 | protocol=17 | dir=out | app=system | 
"{1777A776-96A9-4012-8584-069728A46A33}" = rport=137 | protocol=17 | dir=out | app=system | 
"{1D5795F6-D4DC-433B-B0F0-C827A1EB1CD0}" = rport=139 | protocol=6 | dir=out | app=system | 
"{2373236C-0C55-416C-B072-B6FBDD26627C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{23C72F5E-303A-4F9C-87DA-0AD2C05607BA}" = lport=139 | protocol=6 | dir=in | app=system | 
"{24076BF4-EC65-4F47-AF4D-6F3500C06949}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2ECFE1E1-65DD-4303-B788-43E987269A86}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{34B18479-5035-45BF-942E-9F7FC0EE1E6C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{4A43C8C4-2115-49EF-B3B2-44154B64F16C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{6F6D42C4-A810-4675-8987-F7143F78409D}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{7167DADF-E237-4C00-86B8-3817914D5F64}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8814D23D-30B6-448E-8515-B7A58B27D3D5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{897873CD-0D7C-432A-8472-DCFE64C610AB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A267D4B5-ED8B-425B-A856-489BAF98CCF6}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A2ECC279-CCC8-4706-9777-FB75CB5C152C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AC1A4745-A7FC-4A98-8301-8C64EB658A95}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{B6D3C495-23AC-4066-AD96-942B0DA0711C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{BBBEE72E-528D-4ABB-BE69-7E7EF658175E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{BFEF2CD2-FABB-4583-B477-66A92D00BCEF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D027E29A-FEF9-4E28-88F9-BB158397B235}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D7EDE35E-75FD-4DCC-9853-FE3225DEB287}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{E66AC5D2-F3A9-41B4-A8B0-F03FB37382F7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{F23E30C6-03A2-499B-B9FB-C32D28E6722A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C4BDA53-FFC3-4504-B89D-9B1F6330363C}" = protocol=6 | dir=out | app=system | 
"{133B49D1-7960-4070-9FD9-EFCCF5F0E8B0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{19B29CD7-9BA4-442A-9544-DD48F14BF255}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{20159E8C-8E6A-40F7-B171-52140229B036}" = protocol=6 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia 3.5\totalmedia.exe | 
"{2A4124D4-F35F-49FC-B5BA-9B9F4F32B6EB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{32799E7B-4257-4250-8FB3-DD577B29BD5B}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{36A20562-7C71-431F-8560-B41458104492}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{37AAAD2F-9248-4BD0-BDB4-305CC0D4B310}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{44B2F3F5-B1B4-4818-933D-CAECE8AD8AD8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{5DB354C9-1289-474C-8539-2D4E3B77C0E9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{68A8D5A2-0C65-4F3A-9A89-FFA38038ED46}" = protocol=6 | dir=in | app=e:\o2cd.exe | 
"{99455950-3480-46F4-9C3A-4312B1B0DC21}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A0A1EA9D-28C1-421B-A434-EA8C65DD8700}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A1A92121-CB95-4A5B-8F05-C947D4E1F9F4}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{A49694EF-39E0-46F9-AB4B-8AA22AF29C91}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A7511BF5-C888-4DEA-ACA7-DF6BD037E9A2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{B9C7EE2F-8AA1-401F-8F29-FB450B0C7011}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{BD8875FC-D8BE-4FB9-B2EA-5CC7C3ACA396}" = protocol=17 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia 3.5\totalmedia.exe | 
"{BDD424BC-775D-4E9A-A600-02AC3049C203}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{C0F2F662-1837-4C1C-B3A4-0F767B3BC7BD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CD5D2552-769F-43EC-AF1F-881B7B60931E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DE2BA504-BCD5-4380-990E-C07F82AE2FE2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E01C2382-E13D-47F2-B79B-B0CF021E54C9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E3591540-267B-4128-B05B-A3E0C8380A7C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{E4B71F57-11B8-45D5-A506-ACC36DD7760C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E783EE53-FD5B-424D-A7B2-873115AB26A9}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{FD084741-38D4-446A-8943-633BC2E996A4}" = protocol=17 | dir=in | app=e:\o2cd.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{43DBC64B-3DD1-47E2-8788-D3C3B110C574}" = TOSHIBA Bulletin Board
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{65486209-5C54-439C-8383-8AC9BBE25932}" = Atheros Bluetooth Filter Driver Package
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 268.57
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 268.57
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 268.57
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D00E997B-D651-4ec9-B02A-BC8F867CA98C}" = Canon MF4500 Series
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FF63C7-6D9E-49F4-9018-BD269A1492C9}" = ASUS Popup TV
"{02FCAA8F-59D3-4198-822E-135C61EE4F0B}" = NeroKwikMedia Help (CHM)
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}" = Nero Kwik Media
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2063D199-D79F-471A-9019-9E647296394D}" = Nero Multimedia Suite 10 Essentials
"{2290A680-4083-410A-ADCC-7092C67FC052}" = TOSHIBA Online Product Information
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2C303EE0-A595-3543-A71A-931C7AC40EDE}" = Microsoft Primary Interoperability Assemblies 2005
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{461F6F0D-7173-4902-9604-AB1A29108AF2}" = TOSHIBA Places Icon Utility
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{49804761-518A-43F5-9805-BA171E3A01D8}" = ASUS U3100 Mini Plus DVB-T TUNER
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58CB9A9A-1EFB-4EA8-B50C-3097E754AC21}" = High-Definition Video Playback
"{5CDCB19B-1C44-46EE-82D6-3FA85A531DE8}" = ArcSoft TotalMedia 3.5
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{6767DFEE-8909-453A-B553-C7693912B2EB}" = Canon MF Toolbox 4.9.1.1.mf11
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{7A529246-912F-4C40-A82A-E608DB702FD7}" = ASUS VideoSecurity Online
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Tracker Toolbar
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.6) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B4F1C740-22FD-54E8-5B40-6A7EB5968A42}" = myphotobook.de
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C2229A1A-AC81-42E4-B514-98A71BB436F0}" = ASUS GadgeTV
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C792A75A-2A1F-4991-9B85-291745478A79}" = NetAssistant
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CDADE9BC-612C-42B8-B929-5C6A823E7FF9}" = TOSHIBA Wireless LAN Indicator
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D5AEEAA2-184E-4A2A-BAA3-6225EA4B9516}" = TOSHIBA ConfigFree
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{F082CB11-4794-4259-99A1-D91BA762AD15}" = TOSHIBA TEMPRO
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"bi_uninstaller" = Bundled software uninstaller
"de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = myphotobook.de
"DefaultTab" = DefaultTab
"ElsterFormular" = ElsterFormular
"Fotobuch_is1" = Fotobuch
"gamesagogo_w3i" = GamesBar (W)
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{43DBC64B-3DD1-47E2-8788-D3C3B110C574}" = TOSHIBA Bulletin Board
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{7A529246-912F-4C40-A82A-E608DB702FD7}" = ASUS VideoSecurity Online
"InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"lrcspal@xinghao.net" = LyricsPal
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Ravensburger tiptoi" = Ravensburger tiptoi
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WTA-0555b524-8a56-48c2-a5fd-6ad074c9d045" = Zuma Deluxe
"WTA-30916591-22a5-4e01-9fe7-b36c18e3aa8e" = Diner Dash 2 Restaurant Rescue
"WTA-3bcd5a54-6d1f-47bd-be7d-7d29c295929d" = Plants vs. Zombies - Game of the Year
"WTA-4537237d-a3fd-455e-9083-d9e06c6243d0" = Bejeweled 3
"WTA-56bc0010-f516-4678-9f10-92851d317b44" = Penguins!
"WTA-6be42bf6-8ee4-4dc4-b286-d18befb06429" = Polar Bowler
"WTA-6c5d55c2-2a70-4e82-80e7-995e314a3ac4" = Wedding Dash 2 - Rings Around the World
"WTA-802c7a75-875c-4c6e-8c95-18fb1b8efef8" = Slingo Deluxe
"WTA-81864432-afcb-48c9-a0a4-4d7a3ec41683" = Chuzzle Deluxe
"WTA-a997cfd1-159e-41b7-a140-b9b95304c502" = Insaniquarium Deluxe
"WTA-d1e81e31-a212-41f2-8852-9f7cd4ab529d" = Bejeweled 2 Deluxe
"WTA-deb480a3-dc43-4fb5-b5f8-c6b53e77f0f9" = Chicken Invaders 3 - Revenge of the Yolk
"WTA-e1db0ff7-288a-457b-bf27-66e073859be0" = FATE
"WTA-f98443e5-861f-450a-b5a8-6b30db1ea464" = Final Drive: Nitro
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3602645871-113791597-1020444511-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Tracker Toolbar Updater
"NetAssistant 3.8.3" = W3i NetAssistant
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 5/5/2013 2:16:24 PM | Computer Name = Angela-TOSH | Source = WinMgmt | ID = 10
Description = 
 
Error - 5/6/2013 7:23:44 AM | Computer Name = A*-TOSH | Source = WinMgmt | ID = 10
Description = 
 
Error - 5/6/2013 11:05:38 AM | Computer Name = A*-TOSH | Source = WinMgmt | ID = 10
Description = 
 
Error - 5/6/2013 1:20:20 PM | Computer Name = A*-TOSH | Source = WinMgmt | ID = 10
Description = 
 
Error - 5/7/2013 4:14:57 AM | Computer Name = A*-TOSH | Source = WinMgmt | ID = 10
Description = 
 
Error - 5/7/2013 5:10:04 PM | Computer Name = A*-TOSH | Source = WinMgmt | ID = 10
Description = 
 
Error - 5/7/2013 5:21:51 PM | Computer Name = A*-TOSH | Source = WinMgmt | ID = 10
Description = 
 
Error - 5/7/2013 5:54:22 PM | Computer Name = A*-TOSH | Source = WinMgmt | ID = 10
Description = 
 
Error - 5/7/2013 5:57:00 PM | Computer Name = A*-TOSH | Source = WinMgmt | ID = 10
Description = 
 
Error - 5/8/2013 3:36:02 AM | Computer Name = A*-TOSH | Source = WinMgmt | ID = 10
Description = 
 
[ Media Center Events ]
Error - 1/24/2013 4:10:01 PM | Computer Name = A*-TOSH | Source = MCUpdate | ID = 0
Description = 21:10:01 - Fehler beim Herstellen der Internetverbindung.  21:10:01 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 1/24/2013 4:10:11 PM | Computer Name = A*-TOSH | Source = MCUpdate | ID = 0
Description = 21:10:06 - Fehler beim Herstellen der Internetverbindung.  21:10:06 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 3/15/2013 3:16:22 PM | Computer Name = A*-TOSH | Source = MCUpdate | ID = 0
Description = 20:16:22 - Fehler beim Herstellen der Internetverbindung.  20:16:22 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 3/15/2013 3:16:33 PM | Computer Name = A*-TOSH | Source = MCUpdate | ID = 0
Description = 20:16:30 - Fehler beim Herstellen der Internetverbindung.  20:16:30 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 3/15/2013 4:16:38 PM | Computer Name = A*-TOSH | Source = MCUpdate | ID = 0
Description = 21:16:38 - Fehler beim Herstellen der Internetverbindung.  21:16:38 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 3/15/2013 4:16:43 PM | Computer Name = A*-TOSH | Source = MCUpdate | ID = 0
Description = 21:16:43 - Fehler beim Herstellen der Internetverbindung.  21:16:43 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 3/23/2013 10:01:01 AM | Computer Name = A*-TOSH | Source = MCUpdate | ID = 0
Description = 15:01:01 - Fehler beim Herstellen der Internetverbindung.  15:01:01 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 3/23/2013 10:01:10 AM | Computer Name = A*-TOSH | Source = MCUpdate | ID = 0
Description = 15:01:06 - Fehler beim Herstellen der Internetverbindung.  15:01:06 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 3/23/2013 11:02:53 AM | Computer Name = A*-TOSH | Source = MCUpdate | ID = 0
Description = 16:02:52 - MCESpotlight konnte nicht abgerufen werden (Fehler: Invalid
 security token.)  
 
Error - 3/23/2013 11:04:33 AM | Computer Name = A*-TOSH | Source = MCUpdate | ID = 0
Description = 16:04:33 - Broadband konnte nicht abgerufen werden (Fehler: Die Verbindung
 mit dem Remoteserver kann nicht hergestellt werden.)  
 
[ System Events ]
Error - 5/2/2013 1:07:03 PM | Computer Name = A*-TOSH | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Appinfo erreicht.
 
Error - 5/2/2013 1:07:03 PM | Computer Name = A*-TOSH | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Anwendungsinformationen" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 5/2/2013 1:07:33 PM | Computer Name = A*-TOSH | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
Error - 5/2/2013 1:08:03 PM | Computer Name = A*-TOSH | Source = DCOM | ID = 10005
Description = 
 
Error - 5/2/2013 1:08:03 PM | Computer Name = A*-TOSH | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst BITS erreicht.
 
Error - 5/2/2013 1:08:03 PM | Computer Name = A*-TOSH | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde aufgrund
 folgenden Fehlers nicht gestartet:   %%1053
 
Error - 5/2/2013 1:14:05 PM | Computer Name = A*-TOSH | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 TMachInfo erreicht.
 
Error - 5/2/2013 1:14:40 PM | Computer Name = A*-TOSH | Source = DCOM | ID = 10010
Description = 
 
Error - 5/2/2013 3:30:55 PM | Computer Name = A*-TOSH | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?02.?05.?2013 um 21:29:46 unerwartet heruntergefahren.
 
Error - 5/2/2013 3:31:06 PM | Computer Name = A*-TOSH | Source = BugCheck | ID = 1001
Description = 
 
 
< End of report >
         
--- --- ---

[/code]

Alt 08.05.2013, 22:26   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Link in Mastercard Phishing mail angeklickt -Virus o. Ä. ? - Standard

Link in Mastercard Phishing mail angeklickt -Virus o. Ä. ?



Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.


Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 09.05.2013, 07:23   #9
Katjathe
 
Link in Mastercard Phishing mail angeklickt -Virus o. Ä. ? - Standard

Link in Mastercard Phishing mail angeklickt -Virus o. Ä. ?



Ich verstehe ja wirklich nicht viel davon, aber ich denke, es sieht ganz gut aus, oder? Danke nochmals cosinus für Deine Hilfe, es ist sicher kein sehr spannender "Fall" für Dich...

gmer.txt:

[code]
GMER Logfile:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-09 07:55:47
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GT00 698,64GB
Running: uxh1vkds.exe; Driver: C:\Users\A*\AppData\Local\Temp\pwloyfow.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2020] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69         0000000077621465 2 bytes [62, 77]
.text  C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2020] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155        00000000776214bb 2 bytes [62, 77]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2976] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000077621465 2 bytes [62, 77]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2976] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000776214bb 2 bytes [62, 77]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                       0000000077621465 2 bytes [62, 77]
.text  C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                      00000000776214bb 2 bytes [62, 77]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[1880] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69          0000000077621465 2 bytes [62, 77]
.text  C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[1880] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155         00000000776214bb 2 bytes [62, 77]
.text  ...                                                                                                                                                    * 2

---- EOF - GMER 2.1 ----
         
--- --- ---


und mbar:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.05.09.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
A* :: A*-TOSH [administrator]

09.05.2013 08:10:57
mbar-log-2013-05-09 (08-10-57).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 29258
Time elapsed: 9 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
Wie kann ich meinen Computer eigentlich im Rahmen des sinnvollen künftig schützen? Was würdest Du mir da empfehlen?

Grüße Katjathe

Alt 09.05.2013, 16:49   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Link in Mastercard Phishing mail angeklickt -Virus o. Ä. ? - Standard

Link in Mastercard Phishing mail angeklickt -Virus o. Ä. ?



Diese Frage werden später beantwortet, sonst wird hier die Analyse unterbrochen

aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 09.05.2013, 17:26   #11
Katjathe
 
Link in Mastercard Phishing mail angeklickt -Virus o. Ä. ? - Standard

Link in Mastercard Phishing mail angeklickt -Virus o. Ä. ?



aswMBR:

Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-09 18:02:12
-----------------------------
18:02:12.769    OS Version: Windows x64 6.1.7601 Service Pack 1
18:02:12.769    Number of processors: 4 586 0x2A07
18:02:12.785    ComputerName: A*-TOSH  UserName: A*
18:02:13.627    Initialize success
18:02:18.296    AVAST engine download error: 0
18:02:22.695    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:02:22.695    Disk 0 Vendor: TOSHIBA_ GT00 Size: 715404MB BusType: 3
18:02:22.820    Disk 0 MBR read successfully
18:02:22.835    Disk 0 MBR scan
18:02:22.835    Disk 0 Windows 7 default MBR code
18:02:22.867    Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS          400 MB offset 2048
18:02:22.882    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       356973 MB offset 821248
18:02:22.913    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       358030 MB offset 731901952
18:02:23.069    Disk 0 scanning C:\Windows\system32\drivers
18:02:29.450    Service scanning
18:02:57.686    Modules scanning
18:02:57.701    Disk 0 trace - called modules:
18:02:57.717    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
18:02:57.717    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800998d060]
18:02:57.733    3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80086e4050]
18:02:57.733    Scan finished successfully
18:03:29.869    Disk 0 MBR has been saved successfully to "C:\Users\A*\Desktop\MBR.dat"
18:03:29.869    The log file has been saved successfully to "C:\Users\A*\Desktop\aswMBR.txt"
         
und tdss:
Code:
ATTFilter
18:15:36.0144 1112  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:15:36.0300 1112  ============================================================
18:15:36.0300 1112  Current date / time: 2013/05/09 18:15:36.0300
18:15:36.0300 1112  SystemInfo:
18:15:36.0300 1112  
18:15:36.0300 1112  OS Version: 6.1.7601 ServicePack: 1.0
18:15:36.0300 1112  Product type: Workstation
18:15:36.0300 1112  ComputerName: A*-TOSH
18:15:36.0300 1112  UserName: A*
18:15:36.0300 1112  Windows directory: C:\Windows
18:15:36.0300 1112  System windows directory: C:\Windows
18:15:36.0300 1112  Running under WOW64
18:15:36.0300 1112  Processor architecture: Intel x64
18:15:36.0300 1112  Number of processors: 4
18:15:36.0300 1112  Page size: 0x1000
18:15:36.0300 1112  Boot type: Normal boot
18:15:36.0300 1112  ============================================================
18:15:36.0877 1112  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:15:36.0893 1112  ============================================================
18:15:36.0893 1112  \Device\Harddisk0\DR0:
18:15:36.0893 1112  MBR partitions:
18:15:36.0893 1112  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC8800, BlocksNum 0x2B936800
18:15:36.0893 1112  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2B9FF000, BlocksNum 0x2BB47000
18:15:36.0893 1112  ============================================================
18:15:36.0909 1112  C: <-> \Device\Harddisk0\DR0\Partition1
18:15:36.0940 1112  D: <-> \Device\Harddisk0\DR0\Partition2
18:15:36.0940 1112  ============================================================
18:15:36.0940 1112  Initialize success
18:15:36.0940 1112  ============================================================
18:15:51.0541 5488  ============================================================
18:15:51.0541 5488  Scan started
18:15:51.0541 5488  Mode: Manual; SigCheck; TDLFS; 
18:15:51.0541 5488  ============================================================
18:15:51.0853 5488  ================ Scan system memory ========================
18:15:51.0853 5488  System memory - ok
18:15:51.0853 5488  ================ Scan services =============================
18:15:52.0087 5488  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
18:15:52.0290 5488  1394ohci - ok
18:15:52.0509 5488  [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon        C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
18:15:52.0587 5488  ACDaemon - ok
18:15:52.0618 5488  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
18:15:52.0665 5488  ACPI - ok
18:15:52.0696 5488  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
18:15:52.0805 5488  AcpiPmi - ok
18:15:52.0914 5488  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:15:52.0945 5488  AdobeARMservice - ok
18:15:53.0070 5488  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:15:53.0117 5488  AdobeFlashPlayerUpdateSvc - ok
18:15:53.0164 5488  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
18:15:53.0211 5488  adp94xx - ok
18:15:53.0257 5488  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
18:15:53.0289 5488  adpahci - ok
18:15:53.0304 5488  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
18:15:53.0335 5488  adpu320 - ok
18:15:53.0367 5488  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:15:53.0523 5488  AeLookupSvc - ok
18:15:53.0569 5488  [ 3022977B898CCE747CA10EE2D6F4EE6A ] AF9035BDA       C:\Windows\system32\Drivers\AF9035BDA.sys
18:15:53.0647 5488  AF9035BDA - ok
18:15:53.0710 5488  [ 6CCD1135320109D6B219F1A6E04AD9F6 ] Afc             C:\Windows\syswow64\drivers\Afc.sys
18:15:53.0741 5488  Afc - ok
18:15:53.0788 5488  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
18:15:53.0850 5488  AFD - ok
18:15:53.0881 5488  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
18:15:53.0913 5488  agp440 - ok
18:15:53.0944 5488  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
18:15:53.0975 5488  ALG - ok
18:15:54.0022 5488  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
18:15:54.0037 5488  aliide - ok
18:15:54.0053 5488  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
18:15:54.0069 5488  amdide - ok
18:15:54.0100 5488  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
18:15:54.0162 5488  AmdK8 - ok
18:15:54.0178 5488  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
18:15:54.0225 5488  AmdPPM - ok
18:15:54.0256 5488  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
18:15:54.0287 5488  amdsata - ok
18:15:54.0303 5488  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
18:15:54.0334 5488  amdsbs - ok
18:15:54.0349 5488  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
18:15:54.0365 5488  amdxata - ok
18:15:54.0568 5488  [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
18:15:54.0615 5488  AntiVirSchedulerService - ok
18:15:54.0646 5488  [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
18:15:54.0693 5488  AntiVirService - ok
18:15:54.0724 5488  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
18:15:54.0817 5488  AppID - ok
18:15:54.0833 5488  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
18:15:54.0927 5488  AppIDSvc - ok
18:15:54.0958 5488  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
18:15:55.0036 5488  Appinfo - ok
18:15:55.0067 5488  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
18:15:55.0083 5488  arc - ok
18:15:55.0098 5488  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
18:15:55.0114 5488  arcsas - ok
18:15:55.0161 5488  [ 6A2A1E4F6CFE33653E7F34A13D707F22 ] ASUSVRC64       C:\Windows\system32\DRIVERS\AsusVRC64.sys
18:15:55.0223 5488  ASUSVRC64 - ok
18:15:55.0270 5488  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:15:55.0348 5488  AsyncMac - ok
18:15:55.0379 5488  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
18:15:55.0395 5488  atapi - ok
18:15:55.0488 5488  [ B2931C83CFB12A3223A47B180473AE1A ] athr            C:\Windows\system32\DRIVERS\athrx.sys
18:15:55.0613 5488  athr - ok
18:15:55.0660 5488  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:15:55.0769 5488  AudioEndpointBuilder - ok
18:15:55.0785 5488  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
18:15:55.0816 5488  AudioSrv - ok
18:15:55.0878 5488  [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
18:15:55.0909 5488  avgntflt - ok
18:15:55.0956 5488  [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
18:15:55.0987 5488  avipbb - ok
18:15:56.0034 5488  [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
18:15:56.0065 5488  avkmgr - ok
18:15:56.0097 5488  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
18:15:56.0221 5488  AxInstSV - ok
18:15:56.0268 5488  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
18:15:56.0346 5488  b06bdrv - ok
18:15:56.0377 5488  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
18:15:56.0455 5488  b57nd60a - ok
18:15:56.0502 5488  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
18:15:56.0549 5488  BDESVC - ok
18:15:56.0596 5488  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
18:15:56.0705 5488  Beep - ok
18:15:56.0783 5488  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
18:15:56.0908 5488  BFE - ok
18:15:56.0955 5488  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
18:15:57.0079 5488  BITS - ok
18:15:57.0111 5488  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
18:15:57.0189 5488  blbdrive - ok
18:15:57.0220 5488  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:15:57.0298 5488  bowser - ok
18:15:57.0329 5488  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
18:15:57.0391 5488  BrFiltLo - ok
18:15:57.0407 5488  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
18:15:57.0469 5488  BrFiltUp - ok
18:15:57.0516 5488  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
18:15:57.0594 5488  Browser - ok
18:15:57.0625 5488  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
18:15:57.0703 5488  Brserid - ok
18:15:57.0735 5488  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
18:15:57.0781 5488  BrSerWdm - ok
18:15:57.0813 5488  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
18:15:57.0875 5488  BrUsbMdm - ok
18:15:57.0891 5488  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
18:15:57.0937 5488  BrUsbSer - ok
18:15:57.0984 5488  [ 2347ABBD13BADA65826FDAB4CAAFE357 ] BtFilter        C:\Windows\system32\DRIVERS\btfilter.sys
18:15:58.0015 5488  BtFilter - ok
18:15:58.0031 5488  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
18:15:58.0093 5488  BTHMODEM - ok
18:15:58.0140 5488  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
18:15:58.0234 5488  bthserv - ok
18:15:58.0281 5488  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:15:58.0359 5488  cdfs - ok
18:15:58.0405 5488  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
18:15:58.0468 5488  cdrom - ok
18:15:58.0515 5488  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
18:15:58.0608 5488  CertPropSvc - ok
18:15:58.0686 5488  [ 41E7C4FA6491747402CFCA77CC1C7AAB ] cfWiMAXService  C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
18:15:58.0733 5488  cfWiMAXService - ok
18:15:58.0780 5488  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
18:15:58.0842 5488  circlass - ok
18:15:58.0889 5488  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
18:15:58.0936 5488  CLFS - ok
18:15:58.0998 5488  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:15:59.0029 5488  clr_optimization_v2.0.50727_32 - ok
18:15:59.0076 5488  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:15:59.0123 5488  clr_optimization_v2.0.50727_64 - ok
18:15:59.0185 5488  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:15:59.0217 5488  clr_optimization_v4.0.30319_32 - ok
18:15:59.0279 5488  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:15:59.0326 5488  clr_optimization_v4.0.30319_64 - ok
18:15:59.0357 5488  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
18:15:59.0404 5488  CmBatt - ok
18:15:59.0419 5488  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
18:15:59.0466 5488  cmdide - ok
18:15:59.0513 5488  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
18:15:59.0575 5488  CNG - ok
18:15:59.0669 5488  [ 66847C979893A11CFCC2280E772D7EA1 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
18:15:59.0747 5488  CnxtHdAudService - ok
18:15:59.0794 5488  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
18:15:59.0809 5488  Compbatt - ok
18:15:59.0841 5488  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
18:15:59.0903 5488  CompositeBus - ok
18:15:59.0919 5488  COMSysApp - ok
18:15:59.0950 5488  [ CAB0EEAF5295FC96DDD3E19DCE27E131 ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
18:15:59.0965 5488  ConfigFree Service - ok
18:16:00.0012 5488  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
18:16:00.0043 5488  crcdisk - ok
18:16:00.0090 5488  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:16:00.0153 5488  CryptSvc - ok
18:16:00.0262 5488  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
18:16:00.0324 5488  cvhsvc - ok
18:16:00.0371 5488  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:16:00.0465 5488  DcomLaunch - ok
18:16:00.0574 5488  [ 34AE0DFA3EE3B5B9975042D87332D0B7 ] DefaultTabUpdate C:\Users\Angela\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
18:16:00.0605 5488  DefaultTabUpdate ( UnsignedFile.Multi.Generic ) - warning
18:16:00.0605 5488  DefaultTabUpdate - detected UnsignedFile.Multi.Generic (1)
18:16:00.0636 5488  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
18:16:00.0761 5488  defragsvc - ok
18:16:00.0792 5488  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
18:16:00.0870 5488  DfsC - ok
18:16:00.0933 5488  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
18:16:00.0995 5488  Dhcp - ok
18:16:01.0042 5488  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
18:16:01.0151 5488  discache - ok
18:16:01.0182 5488  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
18:16:01.0198 5488  Disk - ok
18:16:01.0213 5488  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:16:01.0260 5488  Dnscache - ok
18:16:01.0276 5488  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
18:16:01.0401 5488  dot3svc - ok
18:16:01.0416 5488  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
18:16:01.0494 5488  DPS - ok
18:16:01.0525 5488  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
18:16:01.0572 5488  drmkaud - ok
18:16:01.0619 5488  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
18:16:01.0681 5488  DXGKrnl - ok
18:16:01.0713 5488  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
18:16:01.0806 5488  EapHost - ok
18:16:01.0900 5488  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
18:16:02.0009 5488  ebdrv - ok
18:16:02.0056 5488  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
18:16:02.0118 5488  EFS - ok
18:16:02.0181 5488  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
18:16:02.0259 5488  ehRecvr - ok
18:16:02.0274 5488  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
18:16:02.0337 5488  ehSched - ok
18:16:02.0383 5488  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
18:16:02.0446 5488  elxstor - ok
18:16:02.0461 5488  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
18:16:02.0493 5488  ErrDev - ok
18:16:02.0539 5488  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
18:16:02.0617 5488  EventSystem - ok
18:16:02.0649 5488  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
18:16:02.0727 5488  exfat - ok
18:16:02.0758 5488  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
18:16:02.0805 5488  fastfat - ok
18:16:02.0851 5488  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
18:16:02.0898 5488  Fax - ok
18:16:02.0914 5488  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
18:16:02.0961 5488  fdc - ok
18:16:02.0992 5488  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
18:16:03.0054 5488  fdPHost - ok
18:16:03.0070 5488  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
18:16:03.0117 5488  FDResPub - ok
18:16:03.0148 5488  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:16:03.0163 5488  FileInfo - ok
18:16:03.0163 5488  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
18:16:03.0226 5488  Filetrace - ok
18:16:03.0257 5488  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
18:16:03.0273 5488  flpydisk - ok
18:16:03.0288 5488  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:16:03.0304 5488  FltMgr - ok
18:16:03.0366 5488  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
18:16:03.0460 5488  FontCache - ok
18:16:03.0491 5488  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:16:03.0522 5488  FontCache3.0.0.0 - ok
18:16:03.0538 5488  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
18:16:03.0585 5488  FsDepends - ok
18:16:03.0616 5488  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:16:03.0647 5488  Fs_Rec - ok
18:16:03.0694 5488  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
18:16:03.0756 5488  fvevol - ok
18:16:03.0787 5488  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
18:16:03.0834 5488  gagp30kx - ok
18:16:03.0897 5488  [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
18:16:03.0943 5488  GamesAppService - ok
18:16:04.0006 5488  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
18:16:04.0115 5488  gpsvc - ok
18:16:04.0162 5488  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
18:16:04.0209 5488  hcw85cir - ok
18:16:04.0224 5488  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:16:04.0302 5488  HdAudAddService - ok
18:16:04.0318 5488  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
18:16:04.0365 5488  HDAudBus - ok
18:16:04.0380 5488  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
18:16:04.0411 5488  HidBatt - ok
18:16:04.0443 5488  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
18:16:04.0505 5488  HidBth - ok
18:16:04.0536 5488  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
18:16:04.0583 5488  HidIr - ok
18:16:04.0599 5488  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
18:16:04.0661 5488  hidserv - ok
18:16:04.0708 5488  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
18:16:04.0739 5488  HidUsb - ok
18:16:04.0770 5488  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:16:04.0879 5488  hkmsvc - ok
18:16:04.0895 5488  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:16:04.0957 5488  HomeGroupListener - ok
18:16:04.0973 5488  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:16:05.0004 5488  HomeGroupProvider - ok
18:16:05.0035 5488  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
18:16:05.0051 5488  HpSAMD - ok
18:16:05.0082 5488  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:16:05.0176 5488  HTTP - ok
18:16:05.0207 5488  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
18:16:05.0207 5488  hwpolicy - ok
18:16:05.0238 5488  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
18:16:05.0254 5488  i8042prt - ok
18:16:05.0285 5488  [ D469B77687E12FE43E344806740B624D ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
18:16:05.0316 5488  iaStor - ok
18:16:05.0347 5488  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
18:16:05.0410 5488  iaStorV - ok
18:16:05.0488 5488  [ DAF66902F08796F9C694901660E5A64A ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
18:16:05.0535 5488  IDriverT ( UnsignedFile.Multi.Generic ) - warning
18:16:05.0535 5488  IDriverT - detected UnsignedFile.Multi.Generic (1)
18:16:05.0597 5488  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:16:05.0706 5488  idsvc - ok
18:16:05.0737 5488  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
18:16:05.0769 5488  iirsp - ok
18:16:05.0800 5488  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
18:16:05.0893 5488  IKEEXT - ok
18:16:05.0925 5488  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
18:16:05.0940 5488  intelide - ok
18:16:05.0971 5488  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
18:16:06.0003 5488  intelppm - ok
18:16:06.0049 5488  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
18:16:06.0127 5488  IPBusEnum - ok
18:16:06.0159 5488  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:16:06.0252 5488  IpFilterDriver - ok
18:16:06.0299 5488  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
18:16:06.0393 5488  iphlpsvc - ok
18:16:06.0408 5488  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
18:16:06.0455 5488  IPMIDRV - ok
18:16:06.0471 5488  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
18:16:06.0595 5488  IPNAT - ok
18:16:06.0642 5488  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:16:06.0689 5488  IRENUM - ok
18:16:06.0689 5488  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
18:16:06.0720 5488  isapnp - ok
18:16:06.0751 5488  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
18:16:06.0798 5488  iScsiPrt - ok
18:16:06.0814 5488  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
18:16:06.0845 5488  kbdclass - ok
18:16:06.0876 5488  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
18:16:06.0939 5488  kbdhid - ok
18:16:06.0954 5488  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
18:16:06.0985 5488  KeyIso - ok
18:16:07.0017 5488  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:16:07.0048 5488  KSecDD - ok
18:16:07.0063 5488  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
18:16:07.0095 5488  KSecPkg - ok
18:16:07.0126 5488  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
18:16:07.0219 5488  ksthunk - ok
18:16:07.0266 5488  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
18:16:07.0360 5488  KtmRm - ok
18:16:07.0422 5488  [ EBED8B3FF4A823C1A6EEBEED7B29353F ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
18:16:07.0453 5488  L1C - ok
18:16:07.0516 5488  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
18:16:07.0625 5488  LanmanServer - ok
18:16:07.0641 5488  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:16:07.0719 5488  LanmanWorkstation - ok
18:16:07.0750 5488  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:16:07.0828 5488  lltdio - ok
18:16:07.0859 5488  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
18:16:07.0937 5488  lltdsvc - ok
18:16:07.0968 5488  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
18:16:08.0062 5488  lmhosts - ok
18:16:08.0109 5488  [ 2ED1786B7542CDA261029F6B526EDF44 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
18:16:08.0155 5488  LMS - ok
18:16:08.0187 5488  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
18:16:08.0218 5488  LSI_FC - ok
18:16:08.0249 5488  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
18:16:08.0265 5488  LSI_SAS - ok
18:16:08.0280 5488  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
18:16:08.0296 5488  LSI_SAS2 - ok
18:16:08.0311 5488  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
18:16:08.0327 5488  LSI_SCSI - ok
18:16:08.0358 5488  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
18:16:08.0421 5488  luafv - ok
18:16:08.0452 5488  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
18:16:08.0467 5488  Mcx2Svc - ok
18:16:08.0499 5488  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
18:16:08.0499 5488  megasas - ok
18:16:08.0530 5488  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
18:16:08.0561 5488  MegaSR - ok
18:16:08.0608 5488  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
18:16:08.0623 5488  MEIx64 - ok
18:16:08.0655 5488  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
18:16:08.0733 5488  MMCSS - ok
18:16:08.0764 5488  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
18:16:08.0873 5488  Modem - ok
18:16:08.0904 5488  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
18:16:08.0935 5488  monitor - ok
18:16:08.0967 5488  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
18:16:08.0998 5488  mouclass - ok
18:16:09.0029 5488  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
18:16:09.0076 5488  mouhid - ok
18:16:09.0107 5488  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
18:16:09.0138 5488  mountmgr - ok
18:16:09.0216 5488  [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:16:09.0247 5488  MozillaMaintenance - ok
18:16:09.0263 5488  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
18:16:09.0294 5488  mpio - ok
18:16:09.0325 5488  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:16:09.0388 5488  mpsdrv - ok
18:16:09.0435 5488  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
18:16:09.0544 5488  MpsSvc - ok
18:16:09.0559 5488  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:16:09.0606 5488  MRxDAV - ok
18:16:09.0637 5488  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:16:09.0700 5488  mrxsmb - ok
18:16:09.0747 5488  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:16:09.0809 5488  mrxsmb10 - ok
18:16:09.0840 5488  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:16:09.0887 5488  mrxsmb20 - ok
18:16:09.0918 5488  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
18:16:09.0949 5488  msahci - ok
18:16:09.0965 5488  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
18:16:10.0012 5488  msdsm - ok
18:16:10.0027 5488  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
18:16:10.0043 5488  MSDTC - ok
18:16:10.0090 5488  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
18:16:10.0137 5488  Msfs - ok
18:16:10.0152 5488  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
18:16:10.0199 5488  mshidkmdf - ok
18:16:10.0215 5488  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
18:16:10.0215 5488  msisadrv - ok
18:16:10.0261 5488  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
18:16:10.0355 5488  MSiSCSI - ok
18:16:10.0355 5488  msiserver - ok
18:16:10.0402 5488  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
18:16:10.0495 5488  MSKSSRV - ok
18:16:10.0511 5488  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
18:16:10.0605 5488  MSPCLOCK - ok
18:16:10.0620 5488  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
18:16:10.0683 5488  MSPQM - ok
18:16:10.0698 5488  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
18:16:10.0729 5488  MsRPC - ok
18:16:10.0761 5488  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
18:16:10.0776 5488  mssmbios - ok
18:16:10.0792 5488  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
18:16:10.0885 5488  MSTEE - ok
18:16:10.0901 5488  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
18:16:10.0948 5488  MTConfig - ok
18:16:10.0963 5488  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
18:16:10.0995 5488  Mup - ok
18:16:11.0026 5488  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
18:16:11.0119 5488  napagent - ok
18:16:11.0166 5488  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
18:16:11.0229 5488  NativeWifiP - ok
18:16:11.0291 5488  [ 13AA2130F2A104DD775EAD0F0EE5417B ] NAUpdate        c:\Program Files (x86)\Nero\Update\NASvc.exe
18:16:11.0353 5488  NAUpdate - ok
18:16:11.0400 5488  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:16:11.0447 5488  NDIS - ok
18:16:11.0478 5488  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
18:16:11.0572 5488  NdisCap - ok
18:16:11.0603 5488  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:16:11.0665 5488  NdisTapi - ok
18:16:11.0697 5488  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
18:16:11.0775 5488  Ndisuio - ok
18:16:11.0806 5488  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
18:16:11.0868 5488  NdisWan - ok
18:16:11.0899 5488  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
18:16:11.0962 5488  NDProxy - ok
18:16:11.0993 5488  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
18:16:12.0071 5488  NetBIOS - ok
18:16:12.0087 5488  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
18:16:12.0149 5488  NetBT - ok
18:16:12.0165 5488  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
18:16:12.0180 5488  Netlogon - ok
18:16:12.0211 5488  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
18:16:12.0336 5488  Netman - ok
18:16:12.0352 5488  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
18:16:12.0399 5488  netprofm - ok
18:16:12.0414 5488  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:16:12.0430 5488  NetTcpPortSharing - ok
18:16:12.0461 5488  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
18:16:12.0492 5488  nfrd960 - ok
18:16:12.0539 5488  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:16:12.0601 5488  NlaSvc - ok
18:16:12.0633 5488  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
18:16:12.0711 5488  Npfs - ok
18:16:12.0742 5488  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
18:16:12.0835 5488  nsi - ok
18:16:12.0867 5488  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:16:12.0945 5488  nsiproxy - ok
18:16:13.0007 5488  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:16:13.0085 5488  Ntfs - ok
18:16:13.0101 5488  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
18:16:13.0179 5488  Null - ok
18:16:13.0225 5488  [ 158AD24745BD85BA9BE3C51C38F48C32 ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
18:16:13.0288 5488  nusb3hub - ok
18:16:13.0303 5488  [ D40A13B2C0891E218F9523B376955DB6 ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
18:16:13.0366 5488  nusb3xhc - ok
18:16:13.0413 5488  [ 960E39A54E525DF58CB29193147DFFA1 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
18:16:13.0459 5488  NVHDA - ok
18:16:13.0740 5488  [ FB2DC1985AC763AAC1B293441695BA34 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:16:13.0896 5488  nvlddmkm - ok
18:16:13.0959 5488  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
18:16:14.0005 5488  nvraid - ok
18:16:14.0037 5488  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
18:16:14.0068 5488  nvstor - ok
18:16:14.0161 5488  [ 0C0EE3E423AE115363E6C497D6D430E1 ] NVSvc           C:\Windows\system32\nvvsvc.exe
18:16:14.0224 5488  NVSvc - ok
18:16:14.0255 5488  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
18:16:14.0286 5488  nv_agp - ok
18:16:14.0317 5488  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
18:16:14.0380 5488  ohci1394 - ok
18:16:14.0411 5488  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:16:14.0458 5488  ose - ok
18:16:14.0629 5488  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:16:14.0739 5488  osppsvc - ok
18:16:14.0770 5488  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
18:16:14.0801 5488  p2pimsvc - ok
18:16:14.0817 5488  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
18:16:14.0879 5488  p2psvc - ok
18:16:14.0910 5488  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
18:16:14.0941 5488  Parport - ok
18:16:14.0957 5488  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
18:16:14.0988 5488  partmgr - ok
18:16:15.0004 5488  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
18:16:15.0051 5488  PcaSvc - ok
18:16:15.0082 5488  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
18:16:15.0097 5488  pci - ok
18:16:15.0113 5488  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
18:16:15.0129 5488  pciide - ok
18:16:15.0160 5488  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
18:16:15.0175 5488  pcmcia - ok
18:16:15.0191 5488  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
18:16:15.0207 5488  pcw - ok
18:16:15.0222 5488  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
18:16:15.0269 5488  PEAUTH - ok
18:16:15.0363 5488  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
18:16:15.0409 5488  PerfHost - ok
18:16:15.0441 5488  [ 91111CEBBDE8015E822C46120ED9537C ] PGEffect        C:\Windows\system32\DRIVERS\pgeffect.sys
18:16:15.0472 5488  PGEffect - ok
18:16:15.0534 5488  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
18:16:15.0643 5488  pla - ok
18:16:15.0690 5488  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
18:16:15.0753 5488  PlugPlay - ok
18:16:15.0768 5488  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
18:16:15.0815 5488  PNRPAutoReg - ok
18:16:15.0846 5488  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
18:16:15.0862 5488  PNRPsvc - ok
18:16:15.0909 5488  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
18:16:15.0987 5488  PolicyAgent - ok
18:16:16.0049 5488  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
18:16:16.0143 5488  Power - ok
18:16:16.0174 5488  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
18:16:16.0283 5488  PptpMiniport - ok
18:16:16.0314 5488  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
18:16:16.0330 5488  Processor - ok
18:16:16.0377 5488  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
18:16:16.0439 5488  ProfSvc - ok
18:16:16.0455 5488  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:16:16.0486 5488  ProtectedStorage - ok
18:16:16.0501 5488  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
18:16:16.0626 5488  Psched - ok
18:16:16.0673 5488  [ C8FCB4899F8B70CC34E0D9876A80963C ] QIOMem          C:\Windows\system32\drivers\QIOMem.sys
18:16:16.0720 5488  QIOMem - ok
18:16:16.0782 5488  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
18:16:16.0860 5488  ql2300 - ok
18:16:16.0876 5488  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
18:16:16.0891 5488  ql40xx - ok
18:16:16.0923 5488  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
18:16:16.0985 5488  QWAVE - ok
18:16:17.0001 5488  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
18:16:17.0063 5488  QWAVEdrv - ok
18:16:17.0094 5488  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
18:16:17.0172 5488  RasAcd - ok
18:16:17.0203 5488  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
18:16:17.0297 5488  RasAgileVpn - ok
18:16:17.0344 5488  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
18:16:17.0437 5488  RasAuto - ok
18:16:17.0469 5488  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
18:16:17.0531 5488  Rasl2tp - ok
18:16:17.0578 5488  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
18:16:17.0656 5488  RasMan - ok
18:16:17.0687 5488  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
18:16:17.0765 5488  RasPppoe - ok
18:16:17.0812 5488  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
18:16:17.0905 5488  RasSstp - ok
18:16:17.0921 5488  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
18:16:18.0015 5488  rdbss - ok
18:16:18.0030 5488  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
18:16:18.0061 5488  rdpbus - ok
18:16:18.0093 5488  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
18:16:18.0171 5488  RDPCDD - ok
18:16:18.0186 5488  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
18:16:18.0233 5488  RDPENCDD - ok
18:16:18.0249 5488  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
18:16:18.0295 5488  RDPREFMP - ok
18:16:18.0327 5488  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
18:16:18.0389 5488  RDPWD - ok
18:16:18.0436 5488  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
18:16:18.0483 5488  rdyboost - ok
18:16:18.0514 5488  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
18:16:18.0607 5488  RemoteAccess - ok
18:16:18.0654 5488  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
18:16:18.0779 5488  RemoteRegistry - ok
18:16:18.0795 5488  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
18:16:18.0873 5488  RpcEptMapper - ok
18:16:18.0904 5488  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
18:16:18.0951 5488  RpcLocator - ok
18:16:18.0982 5488  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
18:16:19.0060 5488  RpcSs - ok
18:16:19.0091 5488  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
18:16:19.0185 5488  rspndr - ok
18:16:19.0263 5488  [ 135A64530D7699AD48F29D73A658DD11 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
18:16:19.0294 5488  RSUSBSTOR - ok
18:16:19.0341 5488  [ E5DC911D0FEB72CAFF2BBDD6E7C3672F ] RSUSBVSTOR      C:\Windows\system32\Drivers\RTSUVSTOR.sys
18:16:19.0387 5488  RSUSBVSTOR - ok
18:16:19.0403 5488  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
18:16:19.0419 5488  SamSs - ok
18:16:19.0450 5488  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
18:16:19.0481 5488  sbp2port - ok
18:16:19.0512 5488  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
18:16:19.0590 5488  SCardSvr - ok
18:16:19.0621 5488  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
18:16:19.0668 5488  scfilter - ok
18:16:19.0699 5488  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
18:16:19.0762 5488  Schedule - ok
18:16:19.0809 5488  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
18:16:19.0840 5488  SCPolicySvc - ok
18:16:19.0855 5488  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
18:16:19.0871 5488  SDRSVC - ok
18:16:19.0902 5488  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
18:16:19.0933 5488  secdrv - ok
18:16:19.0949 5488  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
18:16:19.0980 5488  seclogon - ok
18:16:19.0996 5488  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
18:16:20.0074 5488  SENS - ok
18:16:20.0089 5488  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
18:16:20.0152 5488  SensrSvc - ok
18:16:20.0183 5488  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
18:16:20.0245 5488  Serenum - ok
18:16:20.0261 5488  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
18:16:20.0308 5488  Serial - ok
18:16:20.0308 5488  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
18:16:20.0355 5488  sermouse - ok
18:16:20.0401 5488  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
18:16:20.0495 5488  SessionEnv - ok
18:16:20.0511 5488  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
18:16:20.0542 5488  sffdisk - ok
18:16:20.0573 5488  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
18:16:20.0604 5488  sffp_mmc - ok
18:16:20.0620 5488  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
18:16:20.0651 5488  sffp_sd - ok
18:16:20.0682 5488  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
18:16:20.0729 5488  sfloppy - ok
18:16:20.0776 5488  [ C6CC9297BD53E5229653303E556AA539 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
18:16:20.0838 5488  Sftfs - ok
18:16:20.0916 5488  [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
18:16:20.0963 5488  sftlist - ok
18:16:20.0994 5488  [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
18:16:21.0025 5488  Sftplay - ok
18:16:21.0041 5488  [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
18:16:21.0072 5488  Sftredir - ok
18:16:21.0088 5488  [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
18:16:21.0103 5488  Sftvol - ok
18:16:21.0150 5488  [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
18:16:21.0166 5488  sftvsa - ok
18:16:21.0213 5488  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
18:16:21.0291 5488  SharedAccess - ok
18:16:21.0322 5488  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:16:21.0400 5488  ShellHWDetection - ok
18:16:21.0431 5488  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
18:16:21.0462 5488  SiSRaid2 - ok
18:16:21.0493 5488  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
18:16:21.0525 5488  SiSRaid4 - ok
18:16:21.0571 5488  [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
18:16:21.0649 5488  SkypeUpdate - ok
18:16:21.0665 5488  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
18:16:21.0743 5488  Smb - ok
18:16:21.0774 5488  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
18:16:21.0805 5488  SNMPTRAP - ok
18:16:21.0837 5488  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
18:16:21.0868 5488  spldr - ok
18:16:21.0915 5488  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
18:16:21.0977 5488  Spooler - ok
18:16:22.0086 5488  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
18:16:22.0242 5488  sppsvc - ok
18:16:22.0258 5488  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
18:16:22.0320 5488  sppuinotify - ok
18:16:22.0367 5488  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
18:16:22.0445 5488  srv - ok
18:16:22.0476 5488  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
18:16:22.0539 5488  srv2 - ok
18:16:22.0585 5488  [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL6.SYS
18:16:22.0617 5488  SrvHsfHDA - ok
18:16:22.0663 5488  [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV6.SYS
18:16:22.0757 5488  SrvHsfV92 - ok
18:16:22.0773 5488  [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
18:16:22.0835 5488  SrvHsfWinac - ok
18:16:22.0851 5488  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
18:16:22.0882 5488  srvnet - ok
18:16:22.0913 5488  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
18:16:23.0007 5488  SSDPSRV - ok
18:16:23.0038 5488  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
18:16:23.0069 5488  SstpSvc - ok
18:16:23.0100 5488  [ 5B0ACFF02CABF365F312143F6E0DA694 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
18:16:23.0147 5488  Stereo Service - ok
18:16:23.0178 5488  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
18:16:23.0194 5488  stexstor - ok
18:16:23.0225 5488  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
18:16:23.0272 5488  stisvc - ok
18:16:23.0287 5488  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
18:16:23.0303 5488  swenum - ok
18:16:23.0350 5488  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
18:16:23.0428 5488  swprv - ok
18:16:23.0490 5488  [ F5B46DF59FEAA48A442AED7EEB754D4B ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
18:16:23.0568 5488  SynTP - ok
18:16:23.0631 5488  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
18:16:23.0724 5488  SysMain - ok
18:16:23.0755 5488  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:16:23.0787 5488  TabletInputService - ok
18:16:23.0818 5488  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
18:16:23.0927 5488  TapiSrv - ok
18:16:23.0943 5488  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
18:16:23.0989 5488  TBS - ok
18:16:24.0052 5488  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
18:16:24.0130 5488  Tcpip - ok
18:16:24.0177 5488  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
18:16:24.0208 5488  TCPIP6 - ok
18:16:24.0239 5488  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
18:16:24.0270 5488  tcpipreg - ok
18:16:24.0317 5488  [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst        C:\Windows\system32\DRIVERS\tdcmdpst.sys
18:16:24.0348 5488  tdcmdpst - ok
18:16:24.0379 5488  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
18:16:24.0426 5488  TDPIPE - ok
18:16:24.0457 5488  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
18:16:24.0489 5488  TDTCP - ok
18:16:24.0535 5488  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
18:16:24.0613 5488  tdx - ok
18:16:24.0660 5488  [ 1B709733A04DCC41A63F9CD1F76A4EBE ] TemproMonitoringService C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
18:16:24.0707 5488  TemproMonitoringService - ok
18:16:24.0738 5488  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
18:16:24.0769 5488  TermDD - ok
18:16:24.0832 5488  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
18:16:24.0957 5488  TermService - ok
18:16:24.0972 5488  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
18:16:25.0035 5488  Themes - ok
18:16:25.0050 5488  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
18:16:25.0128 5488  THREADORDER - ok
18:16:25.0206 5488  [ F120967184A27E927052E8DDBB727851 ] TMachInfo       C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
18:16:25.0253 5488  TMachInfo - ok
18:16:25.0284 5488  [ 8E2C799D3476EAC32C3BA0DF7CE6AF19 ] TODDSrv         C:\Windows\system32\TODDSrv.exe
18:16:25.0315 5488  TODDSrv - ok
18:16:25.0393 5488  [ CDC97FA5C42B07FB0D4600E17C32F582 ] TosCoSrv        C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
18:16:25.0440 5488  TosCoSrv - ok
18:16:25.0503 5488  [ 8F099BE5DB17D025E19652851399B9F1 ] TOSHIBA Bluetooth Service C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
18:16:25.0534 5488  TOSHIBA Bluetooth Service - ok
18:16:25.0612 5488  [ D0F868A67CB4D817A3F7ABEF8C42F49C ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
18:16:25.0643 5488  TOSHIBA eco Utility Service - ok
18:16:25.0705 5488  [ EDB4B432DB13EA3D1EB2356310D33263 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
18:16:25.0737 5488  TOSHIBA HDD SSD Alert Service - ok
18:16:25.0737 5488  Tosrfcom - ok
18:16:25.0768 5488  [ F5E3AC4CBCD154EE80849B21887FD0B0 ] tosrfec         C:\Windows\system32\DRIVERS\tosrfec.sys
18:16:25.0783 5488  tosrfec - ok
18:16:25.0815 5488  [ 7A0048693F98460FF537BE31C741B927 ] Tosrfusb        C:\Windows\system32\DRIVERS\tosrfusb.sys
18:16:25.0830 5488  Tosrfusb - ok
18:16:25.0877 5488  [ 098B8A408C17E125A3D9A8E1166780C8 ] TPCHSrv         C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
18:16:25.0955 5488  TPCHSrv - ok
18:16:25.0986 5488  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
18:16:26.0111 5488  TrkWks - ok
18:16:26.0158 5488  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:16:26.0236 5488  TrustedInstaller - ok
18:16:26.0251 5488  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
18:16:26.0298 5488  tssecsrv - ok
18:16:26.0329 5488  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
18:16:26.0361 5488  TsUsbFlt - ok
18:16:26.0376 5488  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
18:16:26.0392 5488  TsUsbGD - ok
18:16:26.0423 5488  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
18:16:26.0470 5488  tunnel - ok
18:16:26.0517 5488  [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ           C:\Windows\system32\DRIVERS\TVALZ_O.SYS
18:16:26.0548 5488  TVALZ - ok
18:16:26.0579 5488  [ 9C7191F4B2E49BFF47A6C1144B5923FA ] TVALZFL         C:\Windows\system32\DRIVERS\TVALZFL.sys
18:16:26.0610 5488  TVALZFL - ok
18:16:26.0626 5488  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
18:16:26.0641 5488  uagp35 - ok
18:16:26.0688 5488  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
18:16:26.0782 5488  udfs - ok
18:16:26.0829 5488  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
18:16:26.0860 5488  UI0Detect - ok
18:16:26.0875 5488  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
18:16:26.0907 5488  uliagpkx - ok
18:16:26.0938 5488  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
18:16:26.0985 5488  umbus - ok
18:16:27.0000 5488  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
18:16:27.0047 5488  UmPass - ok
18:16:27.0156 5488  [ 7E5E1603D0FF2D240AE70295C5C3FEFC ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
18:16:27.0281 5488  UNS - ok
18:16:27.0312 5488  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
18:16:27.0390 5488  upnphost - ok
18:16:27.0421 5488  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
18:16:27.0468 5488  usbccgp - ok
18:16:27.0499 5488  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
18:16:27.0546 5488  usbcir - ok
18:16:27.0577 5488  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
18:16:27.0624 5488  usbehci - ok
18:16:27.0671 5488  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\drivers\usbhub.sys
18:16:27.0733 5488  usbhub - ok
18:16:27.0749 5488  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
18:16:27.0796 5488  usbohci - ok
18:16:27.0827 5488  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
18:16:27.0889 5488  usbprint - ok
18:16:27.0921 5488  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
18:16:27.0983 5488  usbscan - ok
18:16:27.0999 5488  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:16:28.0045 5488  USBSTOR - ok
18:16:28.0092 5488  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
18:16:28.0123 5488  usbuhci - ok
18:16:28.0170 5488  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
18:16:28.0233 5488  usbvideo - ok
18:16:28.0264 5488  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
18:16:28.0357 5488  UxSms - ok
18:16:28.0389 5488  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
18:16:28.0389 5488  VaultSvc - ok
18:16:28.0420 5488  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
18:16:28.0435 5488  vdrvroot - ok
18:16:28.0467 5488  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
18:16:28.0498 5488  vds - ok
18:16:28.0529 5488  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
18:16:28.0576 5488  vga - ok
18:16:28.0591 5488  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
18:16:28.0685 5488  VgaSave - ok
18:16:28.0701 5488  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
18:16:28.0732 5488  vhdmp - ok
18:16:28.0763 5488  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
18:16:28.0779 5488  viaide - ok
18:16:28.0794 5488  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
18:16:28.0810 5488  volmgr - ok
18:16:28.0841 5488  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
18:16:28.0872 5488  volmgrx - ok
18:16:28.0888 5488  [ DF8126BD41180351A093A3AD2FC8903B ] volsnap         C:\Windows\system32\drivers\volsnap.sys
18:16:28.0919 5488  volsnap - ok
18:16:28.0950 5488  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
18:16:28.0966 5488  vsmraid - ok
18:16:29.0044 5488  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
18:16:29.0184 5488  VSS - ok
18:16:29.0215 5488  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
18:16:29.0278 5488  vwifibus - ok
18:16:29.0309 5488  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
18:16:29.0356 5488  vwififlt - ok
18:16:29.0387 5488  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
18:16:29.0481 5488  W32Time - ok
18:16:29.0512 5488  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
18:16:29.0559 5488  WacomPen - ok
18:16:29.0590 5488  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
18:16:29.0652 5488  WANARP - ok
18:16:29.0652 5488  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
18:16:29.0699 5488  Wanarpv6 - ok
18:16:29.0777 5488  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
18:16:29.0855 5488  WatAdminSvc - ok
18:16:29.0933 5488  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
18:16:30.0011 5488  wbengine - ok
18:16:30.0042 5488  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
18:16:30.0089 5488  WbioSrvc - ok
18:16:30.0105 5488  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
18:16:30.0167 5488  wcncsvc - ok
18:16:30.0183 5488  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:16:30.0214 5488  WcsPlugInService - ok
18:16:30.0245 5488  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
18:16:30.0276 5488  Wd - ok
18:16:30.0323 5488  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
18:16:30.0354 5488  Wdf01000 - ok
18:16:30.0385 5488  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
18:16:30.0463 5488  WdiServiceHost - ok
18:16:30.0463 5488  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
18:16:30.0495 5488  WdiSystemHost - ok
18:16:30.0526 5488  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
18:16:30.0557 5488  WebClient - ok
18:16:30.0573 5488  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
18:16:30.0651 5488  Wecsvc - ok
18:16:30.0682 5488  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
18:16:30.0744 5488  wercplsupport - ok
18:16:30.0791 5488  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
18:16:30.0869 5488  WerSvc - ok
18:16:30.0900 5488  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
18:16:30.0947 5488  WfpLwf - ok
18:16:30.0963 5488  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
18:16:30.0963 5488  WIMMount - ok
18:16:30.0994 5488  WinDefend - ok
18:16:31.0009 5488  WinHttpAutoProxySvc - ok
18:16:31.0072 5488  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
18:16:31.0165 5488  Winmgmt - ok
18:16:31.0228 5488  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
18:16:31.0353 5488  WinRM - ok
18:16:31.0415 5488  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
18:16:31.0493 5488  Wlansvc - ok
18:16:31.0555 5488  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:16:31.0587 5488  wlcrasvc - ok
18:16:31.0696 5488  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:16:31.0821 5488  wlidsvc - ok
18:16:31.0852 5488  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
18:16:31.0883 5488  WmiAcpi - ok
18:16:31.0899 5488  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
18:16:31.0961 5488  wmiApSrv - ok
18:16:31.0992 5488  WMPNetworkSvc - ok
18:16:32.0023 5488  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
18:16:32.0055 5488  WPCSvc - ok
18:16:32.0086 5488  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
18:16:32.0133 5488  WPDBusEnum - ok
18:16:32.0164 5488  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
18:16:32.0257 5488  ws2ifsl - ok
18:16:32.0273 5488  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
18:16:32.0304 5488  wscsvc - ok
18:16:32.0304 5488  WSearch - ok
18:16:32.0382 5488  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
18:16:32.0476 5488  wuauserv - ok
18:16:32.0491 5488  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
18:16:32.0523 5488  WudfPf - ok
18:16:32.0554 5488  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
18:16:32.0585 5488  WUDFRd - ok
18:16:32.0616 5488  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
18:16:32.0663 5488  wudfsvc - ok
18:16:32.0694 5488  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
18:16:32.0772 5488  WwanSvc - ok
18:16:32.0819 5488  ================ Scan global ===============================
18:16:32.0850 5488  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:16:32.0881 5488  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
18:16:32.0913 5488  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
18:16:32.0944 5488  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:16:32.0975 5488  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:16:32.0991 5488  [Global] - ok
18:16:32.0991 5488  ================ Scan MBR ==================================
18:16:33.0006 5488  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:16:34.0067 5488  \Device\Harddisk0\DR0 - ok
18:16:34.0067 5488  ================ Scan VBR ==================================
18:16:34.0098 5488  [ B1896CB407542F8D0E26C10C8975F8B7 ] \Device\Harddisk0\DR0\Partition1
18:16:34.0114 5488  \Device\Harddisk0\DR0\Partition1 - ok
18:16:34.0129 5488  [ 8216FA22C7D2D37F1DE635F10BFAA6AE ] \Device\Harddisk0\DR0\Partition2
18:16:34.0145 5488  \Device\Harddisk0\DR0\Partition2 - ok
18:16:34.0145 5488  ============================================================
18:16:34.0145 5488  Scan finished
18:16:34.0145 5488  ============================================================
18:16:34.0161 2968  Detected object count: 2
18:16:34.0161 2968  Actual detected object count: 2
18:16:56.0750 2968  DefaultTabUpdate ( UnsignedFile.Multi.Generic ) - skipped by user
18:16:56.0750 2968  DefaultTabUpdate ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:16:56.0750 2968  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
18:16:56.0750 2968  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:18:07.0611 0704  Deinitialize success
         

Alt 09.05.2013, 18:44   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Link in Mastercard Phishing mail angeklickt -Virus o. Ä. ? - Standard

Link in Mastercard Phishing mail angeklickt -Virus o. Ä. ?



Unauffällig

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 09.05.2013, 21:39   #13
Katjathe
 
Link in Mastercard Phishing mail angeklickt -Virus o. Ä. ? - Standard

Link in Mastercard Phishing mail angeklickt -Virus o. Ä. ?



...zunächst JRT:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Angela on 09.05.2013 at 21:43:13,85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] defaulttabupdate 
Successfully deleted: [Service] defaulttabupdate 



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apnupdater
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\searchengineprotection
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3602645871-113791597-1020444511-1000\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babylontoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\datamngr
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr_toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\default tab
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\default tab
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\defaulttab
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.com
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\pc optimizer pro
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\defaulttab
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\pricegong
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\genericasktoolbar.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasmancs
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\datamngr
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B34C0330-4203-422A-9F7A-8638C120BE63}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F54CF899-75A7-44C3-BFC4-757FCAEA803B}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\fighters"
Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\ProgramData\pc optimizer pro"
Successfully deleted: [Folder] "C:\Users\A*\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\A*\AppData\Roaming\dealply"
Successfully deleted: [Folder] "C:\Users\A*\AppData\Roaming\defaulttab"
Successfully deleted: [Folder] "C:\Users\A*\AppData\Roaming\fighters"
Successfully deleted: [Folder] "C:\Program Files (x86)\gamesbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\w3i"
Successfully deleted: [Folder] "C:\Users\A*\AppData\Roaming\microsoft\windows\start menu\programs\netassistant"
Successfully deleted: [Empty Folder] C:\Users\A*\appdata\local\{16B3EA32-35B7-46DF-A6D2-1EA7D7F513FD}
Successfully deleted: [Empty Folder] C:\Users\A*\appdata\local\{2FA1FA48-7A55-408C-92A7-5AA92DDD2293}
Successfully deleted: [Empty Folder] C:\Users\A*\appdata\local\{41B4D16D-129E-409A-AFBD-C6D1E4328D62}
Successfully deleted: [Empty Folder] C:\Users\A*\appdata\local\{60339642-00F3-43D8-9653-309638E13BC8}
Successfully deleted: [Empty Folder] C:\Users\A*\appdata\local\{63CC4321-CF2A-4EBD-B8D9-E2302D0D4B03}
Successfully deleted: [Empty Folder] C:\Users\A*\appdata\local\{A2C42CE7-99C2-4E59-9A00-83331B7BE78B}
Successfully deleted: [Empty Folder] C:\Users\A*\appdata\local\{AF78F42C-097F-4DA0-9B35-0628562B00CA}
Successfully deleted: [Empty Folder] C:\Users\A*\appdata\local\{B8966B24-7105-4CDA-B008-1020AC05FA25}
Successfully deleted: [Empty Folder] C:\Users\A*\appdata\local\{BF2D7C0E-5D11-4E77-97A4-CAC53B7F13F6}
Successfully deleted: [Empty Folder] C:\Users\A*\appdata\local\{C52A1A27-C01D-4F72-B8F0-62C057F788A8}
Successfully deleted: [Empty Folder] C:\Users\A*\appdata\local\{D49AE416-1B75-4EA1-B8CC-DC1F7B765F58}
Successfully deleted: [Empty Folder] C:\Users\A*\appdata\local\{DD43F9C6-1715-4CDF-A5BD-10AF2887BB96}



~~~ FireFox

Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml"
Successfully deleted: [File] C:\Users\A*\AppData\Roaming\mozilla\firefox\profiles\o416w7wc.default-1350920785951\user.js
Successfully deleted: [File] C:\Users\A*\AppData\Roaming\mozilla\firefox\profiles\o416w7wc.default-1350920785951\invalidprefs.js
Successfully deleted: [File] C:\Users\A*\AppData\Roaming\mozilla\firefox\profiles\o416w7wc.default-1350920785951\searchplugins\babylon.xml
Successfully deleted: [File] C:\Users\A*\AppData\Roaming\mozilla\firefox\profiles\o416w7wc.default-1350920785951\searchplugins\delta.xml
Successfully deleted: [File] C:\Users\A*\AppData\Roaming\mozilla\firefox\profiles\o416w7wc.default-1350920785951\searchplugins\search-here.xml
Successfully deleted: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com"
Successfully deleted the following from C:\Users\A*\AppData\Roaming\mozilla\firefox\profiles\o416w7wc.default-1350920785951\prefs.js

user_pref("extensions.defaulttab.lastUsed", 1365324099);
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.bbDpng", "8");
user_pref("extensions.delta.cntry", "DE");
user_pref("extensions.delta.hdrMd5", "");
user_pref("extensions.delta.lastVrsnTs", "");
user_pref("extensions.delta.newTab", false);
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.sg", "er");
user_pref("extensions.delta.smplGrp", "er");
Emptied folder: C:\Users\A*\AppData\Roaming\mozilla\firefox\profiles\o416w7wc.default-1350920785951\minidumps [193 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.05.2013 at 21:46:19,71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

...und dann AdwCleaner:

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.300 - Datei am 09/05/2013 um 21:52:17 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : A* - A*-TOSH
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\A*\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\A*\AppData\Roaming\Mozilla\Firefox\Profiles\alsg3ztp.default\bprotector_extensions.sqlite
Datei Gelöscht : C:\Users\A*\AppData\Roaming\Mozilla\Firefox\Profiles\o416w7wc.default-1350920785951\searchplugins\11-suche.xml
Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\Program Files (x86)\XingHaoLyrics
Ordner Gelöscht : C:\ProgramData\APN
Ordner Gelöscht : C:\Users\A*\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\A*\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\A*\AppData\Roaming\Mozilla\Firefox\Profiles\alsg3ztp.default\extensions\staged
Ordner Gelöscht : C:\Users\A*\AppData\Roaming\Mozilla\Firefox\Profiles\alsg3ztp.default\extensions\toolbar@ask.com
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\XingHaoLyrics
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\delta LTD
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A3DAEB01-4C15-4AC6-A689-6406FD954EE0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3DAEB01-4C15-4AC6-A689-6406FD954EE0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\NetAssistant 3.8.3
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\5e2dcdbe03cef49
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1E8FC16F-4C51-49C4-BC9B-4FC24BDDCEE7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\5e2dcdbe03cef49
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A3DAEB01-4C15-4AC6-A689-6406FD954EE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3DAEB01-4C15-4AC6-A689-6406FD954EE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C792A75A-2A1F-4991-9B85-291745478A79}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\lrcspal@xinghao.net
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Software
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\extensions [lrcspal@xinghao.net]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v20.0.1 (de)

Datei : C:\Users\A*\AppData\Roaming\Mozilla\Firefox\Profiles\alsg3ztp.default\prefs.js

C:\Users\A*\AppData\Roaming\Mozilla\Firefox\Profiles\alsg3ztp.default\user.js ... Gelöscht !

Gelöscht : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=109958&tt=4312_2&babsrc=NT_ss&mntr[...]
Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.order.1", "Search the web (Babylon)");
Gelöscht : user_pref("extensions.BabylonToolbar.admin", false);
Gelöscht : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Gelöscht : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Gelöscht : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Gelöscht : user_pref("extensions.BabylonToolbar.excTlbr", false);
Gelöscht : user_pref("extensions.BabylonToolbar.id", "5422d03800000000000074de2b167e9c");
Gelöscht : user_pref("extensions.BabylonToolbar.instlDay", "15635");
Gelöscht : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Gelöscht : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Gelöscht : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Gelöscht : user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");
Gelöscht : user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", true);
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=109958&tt=4312_[...]
Gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.817:33:47");
Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");
Gelöscht : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=109958&tt=4312_2&babsrc=KW_ss&mntrId=5422[...]

Datei : C:\Users\A*\AppData\Roaming\Mozilla\Firefox\Profiles\o416w7wc.default-1350920785951\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [9316 octets] - [09/05/2013 21:52:17]

########## EOF - C:\AdwCleaner[S1].txt - [9376 octets] ##########
         
--- --- ---



...und schließlich OTL:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 5/9/2013 9:58:59 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\A*\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

7.98 Gb Total Physical Memory | 6.30 Gb Available Physical Memory | 78.93% Memory free
15.96 Gb Paging File | 14.02 Gb Available in Paging File | 87.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 348.61 Gb Total Space | 268.33 Gb Free Space | 76.97% Space Free | Partition Type: NTFS
Drive D: | 349.64 Gb Total Space | 335.62 Gb Free Space | 95.99% Space Free | Partition Type: NTFS
 
Computer Name: A*-TOSH | User Name: A* | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\A*\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - c:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)
PRC - C:\Program Files (x86)\ASUS\PopupTV\ExpressTV.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Windows\SysWOW64\msjetoledb40.dll ()
MOD - C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\uPiApi.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (NAUpdate) -- c:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (TemproMonitoringService) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\rtsuvstor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (Tosrfusb) -- C:\Windows\SysNative\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (tosrfec) -- C:\Windows\SysNative\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (AF9035BDA) -- C:\Windows\SysNative\drivers\AF9035BDA.sys (AfaTech                  )
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV:64bit: - (QIOMem) -- C:\Windows\SysNative\drivers\QIOMem.sys (TOSHIBA)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ASUSVRC64) -- C:\Windows\SysNative\drivers\AsusVRC64.sys (ASUSTeK COMPUTER INC.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3602645871-113791597-1020444511-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
IE - HKU\S-1-5-21-3602645871-113791597-1020444511-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3602645871-113791597-1020444511-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3602645871-113791597-1020444511-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3602645871-113791597-1020444511-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TEUA_deDE470
IE - HKU\S-1-5-21-3602645871-113791597-1020444511-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo!"
FF - prefs.js..browser.search.selectedEngine: "Yahoo!"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://start.gamesagogo.iplay.com/?o=shp"
FF - prefs.js..extensions.enabledAddons: toolbar@web.de:2.3.3
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/14 10:46:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/04/14 10:45:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/14 10:46:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/04/14 10:45:56 | 000,000,000 | ---D | M]
 
[2012/02/14 15:36:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Extensions
[2013/05/09 21:52:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\A*\AppData\Roaming\mozilla\Firefox\Profiles\alsg3ztp.default\extensions
[2013/05/08 10:18:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\A*\AppData\Roaming\mozilla\Firefox\Profiles\o416w7wc.default-1350920785951\extensions
[2013/03/21 21:02:10 | 000,549,639 | ---- | M] () (No name found) -- C:\Users\A*\AppData\Roaming\mozilla\firefox\profiles\o416w7wc.default-1350920785951\extensions\toolbar@web.de.xpi
[2013/05/09 21:46:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013/04/14 10:45:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/04/14 10:45:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/04/14 10:45:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/04/14 10:45:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions
[2013/04/14 10:45:56 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/04/14 10:46:01 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/14 17:49:30 | 000,171,136 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2013/04/14 10:45:59 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013/04/14 10:45:59 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/04/14 10:45:59 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013/04/14 10:45:59 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013/04/14 10:45:59 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013/04/14 10:45:59 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
[2013/04/07 10:11:31 | 000,000,786 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Yahooober1661941.xml
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3602645871-113791597-1020444511-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NBAgent] c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [POPUPTV] C:\Program Files (x86)\ASUS\PopupTV\ExpressTV.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)
O4 - HKU\.DEFAULT..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-21-3602645871-113791597-1020444511-1000..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-3602645871-113791597-1020444511-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8 - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 78.42.43.62 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69E146DC-559E-48A5-A0C6-C92ADAF6E315}: DhcpNameServer = 78.42.43.62 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/05/09 21:43:07 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/05/09 21:42:46 | 000,000,000 | ---D | C] -- C:\JRT
[2013/05/09 18:09:49 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Angela\Desktop\tdsskiller.exe
[2013/05/09 17:57:19 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\A*\Desktop\aswMBR.exe
[2013/05/09 08:01:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/05/08 10:10:30 | 000,000,000 | ---D | C] -- C:\Users\A*\Local Settings
[2013/05/08 00:01:19 | 000,000,000 | ---D | C] -- C:\Users\A*\AppData\Roaming\Avira
[2013/05/08 00:01:04 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013/05/08 00:00:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013/05/08 00:00:08 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013/05/08 00:00:08 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013/05/08 00:00:08 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013/05/08 00:00:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013/05/07 23:15:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/05/07 23:15:26 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/05/07 23:15:26 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/05/07 23:15:26 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/05/07 10:16:15 | 000,000,000 | ---D | C] -- C:\Users\A*\4.0
[2013/05/07 10:16:14 | 000,000,000 | ---D | C] -- C:\Users\A*\.tfo4
[2013/04/29 20:53:41 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/04/14 10:45:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/04/10 20:14:07 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/04/10 20:14:07 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/04/10 20:14:07 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/04/10 20:14:06 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/04/10 20:14:06 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/04/10 20:14:06 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/04/10 20:14:06 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/04/10 20:14:06 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/04/10 20:14:06 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/04/10 20:14:06 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/04/10 20:14:06 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/04/10 20:14:06 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/04/10 20:14:05 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/04/10 20:14:05 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/04/10 20:14:04 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/04/10 19:35:46 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013/04/10 19:35:46 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013/04/10 19:35:46 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013/04/10 19:35:46 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013/04/10 19:35:46 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013/04/10 19:35:46 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013/04/10 19:35:39 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/04/10 19:35:39 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/04/10 19:35:39 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/04/10 19:35:38 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/04/10 19:35:38 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/04/10 19:35:38 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013/05/09 22:01:05 | 000,025,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/09 22:01:05 | 000,025,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/09 21:53:31 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro64 startups.job
[2013/05/09 21:53:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/09 21:53:19 | 2133,217,279 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/09 21:50:40 | 000,628,743 | ---- | M] () -- C:\Users\A*\Desktop\adwcleaner.exe
[2013/05/09 21:32:57 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/09 18:10:08 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\A*\Desktop\tdsskiller.exe
[2013/05/09 18:03:29 | 000,000,512 | ---- | M] () -- C:\Users\A*\Desktop\MBR.dat
[2013/05/09 17:58:48 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\A*\Desktop\aswMBR.exe
[2013/05/08 10:15:50 | 000,000,000 | ---- | M] () -- C:\Users\A*\defogger_reenable
[2013/05/08 00:01:02 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013/05/08 00:00:20 | 000,002,073 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013/05/07 23:59:45 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013/05/07 23:59:45 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013/05/07 23:59:45 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013/05/07 12:50:45 | 001,500,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/07 12:50:45 | 000,654,844 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013/05/07 12:50:45 | 000,616,686 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/07 12:50:45 | 000,130,426 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013/05/07 12:50:45 | 000,106,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/02 21:30:54 | 474,134,091 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/04/29 22:01:35 | 000,025,582 | ---- | M] () -- C:\Users\Public\Documents\cc_20130429_220119.reg
[2013/04/29 21:57:52 | 000,000,829 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/04/11 16:31:28 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013/05/09 21:50:39 | 000,628,743 | ---- | C] () -- C:\Users\A*\Desktop\adwcleaner.exe
[2013/05/09 18:03:29 | 000,000,512 | ---- | C] () -- C:\Users\A*\Desktop\MBR.dat
[2013/05/08 10:15:50 | 000,000,000 | ---- | C] () -- C:\Users\A*\defogger_reenable
[2013/05/08 00:00:20 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013/05/02 21:30:54 | 474,134,091 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/04/29 22:01:30 | 000,025,582 | ---- | C] () -- C:\Users\Public\Documents\cc_20130429_220119.reg
[2013/04/29 21:57:52 | 000,000,829 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/04/07 10:11:04 | 000,000,306 | RHS- | C] () -- C:\Users\A*\ntuser.pol
[2013/03/03 12:08:01 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/02/20 14:39:03 | 004,014,540 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/11/09 10:45:38 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
--- --- ---


...und schließlich noch die Extras.Txt
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 5/9/2013 9:58:59 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\A*\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7.98 Gb Total Physical Memory | 6.30 Gb Available Physical Memory | 78.93% Memory free
15.96 Gb Paging File | 14.02 Gb Available in Paging File | 87.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 348.61 Gb Total Space | 268.33 Gb Free Space | 76.97% Space Free | Partition Type: NTFS
Drive D: | 349.64 Gb Total Space | 335.62 Gb Free Space | 95.99% Space Free | Partition Type: NTFS
 
Computer Name: A*-TOSH | User Name: A* | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3602645871-113791597-1020444511-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0128B0D9-0D47-49FA-8C33-715597C6B8AB}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{0A140113-8F02-4001-9194-0B0B122BF668}" = lport=137 | protocol=17 | dir=in | app=system | 
"{138ACB98-34AE-4B65-887A-A3715780FEEE}" = rport=138 | protocol=17 | dir=out | app=system | 
"{1777A776-96A9-4012-8584-069728A46A33}" = rport=137 | protocol=17 | dir=out | app=system | 
"{1D5795F6-D4DC-433B-B0F0-C827A1EB1CD0}" = rport=139 | protocol=6 | dir=out | app=system | 
"{2373236C-0C55-416C-B072-B6FBDD26627C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{23C72F5E-303A-4F9C-87DA-0AD2C05607BA}" = lport=139 | protocol=6 | dir=in | app=system | 
"{24076BF4-EC65-4F47-AF4D-6F3500C06949}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2ECFE1E1-65DD-4303-B788-43E987269A86}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{34B18479-5035-45BF-942E-9F7FC0EE1E6C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{4A43C8C4-2115-49EF-B3B2-44154B64F16C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{6F6D42C4-A810-4675-8987-F7143F78409D}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{7167DADF-E237-4C00-86B8-3817914D5F64}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8814D23D-30B6-448E-8515-B7A58B27D3D5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{897873CD-0D7C-432A-8472-DCFE64C610AB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A267D4B5-ED8B-425B-A856-489BAF98CCF6}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A2ECC279-CCC8-4706-9777-FB75CB5C152C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AC1A4745-A7FC-4A98-8301-8C64EB658A95}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{B6D3C495-23AC-4066-AD96-942B0DA0711C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{BBBEE72E-528D-4ABB-BE69-7E7EF658175E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{BFEF2CD2-FABB-4583-B477-66A92D00BCEF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D027E29A-FEF9-4E28-88F9-BB158397B235}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D7EDE35E-75FD-4DCC-9853-FE3225DEB287}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{E66AC5D2-F3A9-41B4-A8B0-F03FB37382F7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{F23E30C6-03A2-499B-B9FB-C32D28E6722A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C4BDA53-FFC3-4504-B89D-9B1F6330363C}" = protocol=6 | dir=out | app=system | 
"{133B49D1-7960-4070-9FD9-EFCCF5F0E8B0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{19B29CD7-9BA4-442A-9544-DD48F14BF255}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{20159E8C-8E6A-40F7-B171-52140229B036}" = protocol=6 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia 3.5\totalmedia.exe | 
"{2A4124D4-F35F-49FC-B5BA-9B9F4F32B6EB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{32799E7B-4257-4250-8FB3-DD577B29BD5B}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{36A20562-7C71-431F-8560-B41458104492}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{37AAAD2F-9248-4BD0-BDB4-305CC0D4B310}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{44B2F3F5-B1B4-4818-933D-CAECE8AD8AD8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{5DB354C9-1289-474C-8539-2D4E3B77C0E9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{68A8D5A2-0C65-4F3A-9A89-FFA38038ED46}" = protocol=6 | dir=in | app=e:\o2cd.exe | 
"{99455950-3480-46F4-9C3A-4312B1B0DC21}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A0A1EA9D-28C1-421B-A434-EA8C65DD8700}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A1A92121-CB95-4A5B-8F05-C947D4E1F9F4}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{A49694EF-39E0-46F9-AB4B-8AA22AF29C91}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A7511BF5-C888-4DEA-ACA7-DF6BD037E9A2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{B9C7EE2F-8AA1-401F-8F29-FB450B0C7011}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{BD8875FC-D8BE-4FB9-B2EA-5CC7C3ACA396}" = protocol=17 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia 3.5\totalmedia.exe | 
"{BDD424BC-775D-4E9A-A600-02AC3049C203}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{C0F2F662-1837-4C1C-B3A4-0F767B3BC7BD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CD5D2552-769F-43EC-AF1F-881B7B60931E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DE2BA504-BCD5-4380-990E-C07F82AE2FE2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E01C2382-E13D-47F2-B79B-B0CF021E54C9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E3591540-267B-4128-B05B-A3E0C8380A7C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{E4B71F57-11B8-45D5-A506-ACC36DD7760C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E783EE53-FD5B-424D-A7B2-873115AB26A9}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{FD084741-38D4-446A-8943-633BC2E996A4}" = protocol=17 | dir=in | app=e:\o2cd.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{43DBC64B-3DD1-47E2-8788-D3C3B110C574}" = TOSHIBA Bulletin Board
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{65486209-5C54-439C-8383-8AC9BBE25932}" = Atheros Bluetooth Filter Driver Package
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 268.57
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 268.57
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 268.57
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D00E997B-D651-4ec9-B02A-BC8F867CA98C}" = Canon MF4500 Series
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FF63C7-6D9E-49F4-9018-BD269A1492C9}" = ASUS Popup TV
"{02FCAA8F-59D3-4198-822E-135C61EE4F0B}" = NeroKwikMedia Help (CHM)
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}" = Nero Kwik Media
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2063D199-D79F-471A-9019-9E647296394D}" = Nero Multimedia Suite 10 Essentials
"{2290A680-4083-410A-ADCC-7092C67FC052}" = TOSHIBA Online Product Information
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2C303EE0-A595-3543-A71A-931C7AC40EDE}" = Microsoft Primary Interoperability Assemblies 2005
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{461F6F0D-7173-4902-9604-AB1A29108AF2}" = TOSHIBA Places Icon Utility
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{49804761-518A-43F5-9805-BA171E3A01D8}" = ASUS U3100 Mini Plus DVB-T TUNER
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58CB9A9A-1EFB-4EA8-B50C-3097E754AC21}" = High-Definition Video Playback
"{5CDCB19B-1C44-46EE-82D6-3FA85A531DE8}" = ArcSoft TotalMedia 3.5
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{6767DFEE-8909-453A-B553-C7693912B2EB}" = Canon MF Toolbox 4.9.1.1.mf11
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{7A529246-912F-4C40-A82A-E608DB702FD7}" = ASUS VideoSecurity Online
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.6) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B4F1C740-22FD-54E8-5B40-6A7EB5968A42}" = myphotobook.de
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C2229A1A-AC81-42E4-B514-98A71BB436F0}" = ASUS GadgeTV
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CDADE9BC-612C-42B8-B929-5C6A823E7FF9}" = TOSHIBA Wireless LAN Indicator
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D5AEEAA2-184E-4A2A-BAA3-6225EA4B9516}" = TOSHIBA ConfigFree
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{F082CB11-4794-4259-99A1-D91BA762AD15}" = TOSHIBA TEMPRO
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = myphotobook.de
"ElsterFormular" = ElsterFormular
"Fotobuch_is1" = Fotobuch
"gamesagogo_w3i" = GamesBar (W)
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{43DBC64B-3DD1-47E2-8788-D3C3B110C574}" = TOSHIBA Bulletin Board
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{7A529246-912F-4C40-A82A-E608DB702FD7}" = ASUS VideoSecurity Online
"InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Ravensburger tiptoi" = Ravensburger tiptoi
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WTA-0555b524-8a56-48c2-a5fd-6ad074c9d045" = Zuma Deluxe
"WTA-30916591-22a5-4e01-9fe7-b36c18e3aa8e" = Diner Dash 2 Restaurant Rescue
"WTA-3bcd5a54-6d1f-47bd-be7d-7d29c295929d" = Plants vs. Zombies - Game of the Year
"WTA-4537237d-a3fd-455e-9083-d9e06c6243d0" = Bejeweled 3
"WTA-56bc0010-f516-4678-9f10-92851d317b44" = Penguins!
"WTA-6be42bf6-8ee4-4dc4-b286-d18befb06429" = Polar Bowler
"WTA-6c5d55c2-2a70-4e82-80e7-995e314a3ac4" = Wedding Dash 2 - Rings Around the World
"WTA-802c7a75-875c-4c6e-8c95-18fb1b8efef8" = Slingo Deluxe
"WTA-81864432-afcb-48c9-a0a4-4d7a3ec41683" = Chuzzle Deluxe
"WTA-a997cfd1-159e-41b7-a140-b9b95304c502" = Insaniquarium Deluxe
"WTA-d1e81e31-a212-41f2-8852-9f7cd4ab529d" = Bejeweled 2 Deluxe
"WTA-deb480a3-dc43-4fb5-b5f8-c6b53e77f0f9" = Chicken Invaders 3 - Revenge of the Yolk
"WTA-e1db0ff7-288a-457b-bf27-66e073859be0" = FATE
"WTA-f98443e5-861f-450a-b5a8-6b30db1ea464" = Final Drive: Nitro
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 5/9/2013 3:55:12 PM | Computer Name = A*-TOSH | Source = WinMgmt | ID = 10
Description = 
 
 
< End of report >
         
--- --- ---


DANKE!

Alt 09.05.2013, 21:59   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Link in Mastercard Phishing mail angeklickt -Virus o. Ä. ? - Standard

Link in Mastercard Phishing mail angeklickt -Virus o. Ä. ?



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.05.2013, 00:12   #15
Katjathe
 
Link in Mastercard Phishing mail angeklickt -Virus o. Ä. ? - Standard

Link in Mastercard Phishing mail angeklickt -Virus o. Ä. ?



...das Ergebnis von Malware:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.09.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
A* :: A*-TOSH [Administrator]

Schutz: Aktiviert

09.05.2013 23:14:17
mbam-log-2013-05-09 (23-14-17).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 335806
Laufzeit: 36 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         


und hier das Ergebnis von Eset:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ce040932740a694b834027b63eeb1973
# engine=13795
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-09 10:50:07
# local_time=2013-05-10 12:50:07 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 3879 175981 0 0
# compatibility_mode=5893 16776574 100 94 6328091 119769657 0 0
# scanned=130526
# found=1
# cleaned=0
# scan_time=3119
sh=CDCB33B43693FAFD410335B168066A7B819D8914 ft=1 fh=da75baa0bbb585a4 vn="a variant of Win32/Adware.iBryte.G application" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-3602645871-113791597-1020444511-1000\$RSZDDUC.exe"
         

Antwort

Themen zu Link in Mastercard Phishing mail angeklickt -Virus o. Ä. ?
achtung, antivir, autostart, avira, avira antivir, board, code, computer, daten, eingefangen, folge, frage, link, links, mail, mails, mas, nichts, phishing, phishing mail, programme, relativ, schließen, schnell, seite, seltsam



Ähnliche Themen: Link in Mastercard Phishing mail angeklickt -Virus o. Ä. ?


  1. Phishing SMS iPhone Link angeklickt
    Alles rund um Mac OSX & Linux - 04.11.2015 (1)
  2. Phishing SMS iPhone Link angeklickt
    Smartphone, Tablet & Handy Security - 04.11.2015 (6)
  3. DHL Phishing Mail - Link angeklickt - ZIP-Datei NICHT geöffnet / gelöscht
    Plagegeister aller Art und deren Bekämpfung - 11.05.2015 (8)
  4. Phishing Mail DHL Link angeklickt
    Log-Analyse und Auswertung - 26.03.2015 (13)
  5. DHL Phishing Mail Link angeklickt
    Plagegeister aller Art und deren Bekämpfung - 15.03.2015 (7)
  6. Amazon Phishing Link angeklickt...
    Plagegeister aller Art und deren Bekämpfung - 08.02.2015 (6)
  7. Phishing-Mail-Link angeklickt (Paypal-Phishing-Mail)
    Plagegeister aller Art und deren Bekämpfung - 29.11.2014 (9)
  8. Pishing Mail zur Mastercard Verifizierung - Link angeklickt - Imac, System 10.6.8
    Plagegeister aller Art und deren Bekämpfung - 24.07.2014 (3)
  9. Amazon Phishing Mail Link angeklickt
    Plagegeister aller Art und deren Bekämpfung - 24.06.2014 (11)
  10. Phishing Link angeklickt TNT Delivery (Logfile)
    Log-Analyse und Auswertung - 14.03.2014 (5)
  11. Phishing Link angeklickt TNT Delivery
    Smartphone, Tablet & Handy Security - 13.03.2014 (6)
  12. Windows 7: Amazon Phishing-Mail Link angeklickt
    Log-Analyse und Auswertung - 16.02.2014 (11)
  13. Win7: Link in Phishing Mail zur Abmeldung von Newsletter angeklickt
    Plagegeister aller Art und deren Bekämpfung - 18.12.2013 (14)
  14. Phishing-Link von Paypal angeklickt
    Plagegeister aller Art und deren Bekämpfung - 07.10.2013 (11)
  15. Phishing Mail von WoW Link angeklickt!
    Plagegeister aller Art und deren Bekämpfung - 07.07.2013 (4)
  16. Link in Phishing-Mail angeklickt: Malware eingefangen?
    Log-Analyse und Auswertung - 21.05.2013 (5)
  17. In Phishing-Mail den Link angeklickt :( Panik
    Plagegeister aller Art und deren Bekämpfung - 19.02.2013 (34)

Zum Thema Link in Mastercard Phishing mail angeklickt -Virus o. Ä. ? - Hallo zusammen, wie schön, dass es dieses Board gibt, vielen Dank bereits vorab an alle Helfer!! Auch ich habe in einem Anfall geistiger Umnachtung einen Link in einer der bekannten - Link in Mastercard Phishing mail angeklickt -Virus o. Ä. ?...
Archiv
Du betrachtest: Link in Mastercard Phishing mail angeklickt -Virus o. Ä. ? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.