Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: PWS:WIN32/Zbot.gen!AM

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 26.07.2013, 21:07   #1
nah
 
PWS:WIN32/Zbot.gen!AM - Standard

PWS:WIN32/Zbot.gen!AM



Hallo allerseits,
Essentials zeigt mir seit heute diese Datei an.
Nach dem Entfernen + Neustarten ist sie jedoch immerwieder da.

Wäre froh um jede Hilfe!

Werde gleich die Logs posten..
Grüße Niko

Alt 26.07.2013, 21:14   #2
M-K-D-B
/// TB-Ausbilder
 
PWS:WIN32/Zbot.gen!AM - Standard

PWS:WIN32/Zbot.gen!AM






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Bei Anzeichen von illegaler Software wird der Support ohne Diskussion eingestellt.
  • Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
    Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
    Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.




Zitat:
Werde gleich die Logs posten..
Von welchen Logdateien sprichst du denn?
__________________

__________________

Alt 26.07.2013, 21:19   #3
nah
 
PWS:WIN32/Zbot.gen!AM - Standard

PWS:WIN32/Zbot.gen!AM



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 26.07.2013 22:08:39 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Laptop\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,90 Gb Total Physical Memory | 2,29 Gb Available Physical Memory | 58,55% Memory free
7,80 Gb Paging File | 5,93 Gb Available in Paging File | 75,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 96,84 Gb Total Space | 20,89 Gb Free Space | 21,57% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP-TOSHIBA | User Name: Laptop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.07.26 22:07:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Laptop\Downloads\OTL.exe
PRC - [2013.07.03 13:49:09 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013.05.10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.08.09 02:39:32 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.08.09 02:39:26 | 000,325,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011.08.08 22:43:58 | 000,690,072 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2011.08.08 22:36:58 | 000,087,960 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2011.07.22 00:23:04 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2011.07.07 01:24:00 | 000,184,320 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\irstrtsv.exe
PRC - [2011.06.16 17:54:56 | 000,305,080 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2011.06.07 12:07:58 | 000,063,432 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2011.06.07 12:07:28 | 000,047,032 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2011.05.10 01:06:02 | 002,750,376 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2010.12.26 01:05:54 | 001,716,144 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe
PRC - [2010.09.07 01:18:00 | 000,746,384 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2010.05.21 05:00:00 | 000,275,984 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtAvAC.exe
PRC - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.07.03 13:48:17 | 003,285,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013.05.27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2013.01.27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013.01.27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011.09.22 22:22:46 | 000,582,064 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2011.08.23 02:08:16 | 000,294,848 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2011.08.11 00:59:04 | 000,833,464 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2011.06.10 06:10:00 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2011.06.01 21:38:30 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011.06.01 21:23:40 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011.06.01 21:19:58 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2009.07.29 01:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2007.11.08 02:11:22 | 004,466,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2013.07.18 19:49:17 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.07.03 13:49:07 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.10.19 16:33:26 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.08.09 02:39:32 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.08.09 02:39:26 | 000,325,912 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011.07.22 00:23:04 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2011.07.12 02:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2011.07.07 01:24:00 | 000,184,320 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysWOW64\irstrtsv.exe -- (irstrtsv)
SRV - [2011.06.07 12:08:26 | 000,250,296 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2011.06.07 12:07:28 | 000,047,032 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2011.04.02 02:42:56 | 000,198,064 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2011.02.10 09:25:36 | 000,112,080 | ---- | M] (Toshiba Europe GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService)
SRV - [2010.10.12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010.08.20 22:08:46 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.01.20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.09 19:45:00 | 000,060,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011.11.15 01:13:00 | 000,327,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011.10.25 18:57:38 | 000,213,504 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011.10.25 18:57:38 | 000,096,768 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011.08.31 21:53:20 | 012,306,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.08.30 22:48:48 | 000,286,080 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd)
DRV:64bit: - [2011.08.23 19:41:00 | 000,342,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2011.07.13 05:08:02 | 000,019,904 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2011.06.22 00:19:14 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011.06.22 00:19:12 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011.05.26 02:23:00 | 000,101,888 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdxc64.sys -- (risdxc)
DRV:64bit: - [2011.05.01 23:33:06 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.09 04:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011.02.04 04:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.01.28 00:27:04 | 000,067,384 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2011.01.13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.11.29 20:47:00 | 000,082,224 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tosrfcom.sys -- (Tosrfcom)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.11 19:27:00 | 000,050,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV:64bit: - [2010.10.20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.15 10:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.08.30 19:48:00 | 000,094,528 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV:64bit: - [2010.08.20 22:08:46 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2010.04.26 20:48:00 | 000,063,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV:64bit: - [2009.07.31 06:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009.07.24 20:33:00 | 000,026,472 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfnds.sys -- (tosrfnds)
DRV:64bit: - [2009.07.14 21:25:14 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ.SYS -- (TVALZ)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.25 00:36:48 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009.06.20 04:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009.06.17 21:01:00 | 000,054,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosporte.sys -- (tosporte)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{1304F7FA-2EA8-4E1C-A351-6B628B4E8868}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA;
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{1304F7FA-2EA8-4E1C-A351-6B628B4E8868}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA;
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{1304F7FA-2EA8-4E1C-A351-6B628B4E8868}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA_deDE490
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: stealthyextension%40gmail.com:2.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..network.proxy.ftp: "176.34.71.158"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.http: "176.34.71.158"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "176.34.71.158"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "176.34.71.158"
FF - prefs.js..network.proxy.ssl_port: 80
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.11.04 21:10:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laptop\AppData\Roaming\mozilla\Extensions
[2013.07.24 18:08:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laptop\AppData\Roaming\mozilla\Firefox\Profiles\apm8f1pt.default\extensions
[2013.02.13 16:48:58 | 000,185,839 | ---- | M] () (No name found) -- C:\Users\Laptop\AppData\Roaming\mozilla\firefox\profiles\apm8f1pt.default\extensions\stealthyextension@gmail.com.xpi
[2013.07.24 18:08:35 | 000,824,431 | ---- | M] () (No name found) -- C:\Users\Laptop\AppData\Roaming\mozilla\firefox\profiles\apm8f1pt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.07.03 13:48:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013.07.03 13:49:09 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://hbmwww.da.hbm.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [BatteryManager] C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayIcon.EXE (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [TOSDCR] C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe ()
O4 - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)
O4 - HKCU..\Run: [Anheif] C:\Users\Laptop\AppData\Roaming\Ytodop\anheif.exe ()
O4 - HKCU..\Run: [FDPRO-516] C:\Program Files (x86)\Fighters\FighterLauncher.exe FDPRO File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8:64bit: - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8 - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1580ECE5-D9A0-4F1C-A944-5CA8628B9D0A}: DhcpNameServer = 10.15.0.1 10.15.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25252FCE-7DE2-4452-A90E-1CFDA2D2206E}: NameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{70832CFB-1097-41FC-883F-0CC2B4A5622F}: DhcpNameServer = 192.168.2.10
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.18 19:54:17 | 000,000,000 | ---D | C] -- C:\Users\Laptop\Desktop\fertige Folien
[2013.07.06 13:13:02 | 000,000,000 | ---D | C] -- C:\Users\Laptop\Documents\MATLAB
[2013.07.06 13:12:55 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Roaming\MathWorks
[2013.07.06 12:15:20 | 000,000,000 | ---D | C] -- C:\Program Files\MATLAB
[2013.07.04 19:32:37 | 000,000,000 | ---D | C] -- C:\Users\Laptop\Desktop\MM_R2013a
[2013.07.04 18:07:55 | 000,000,000 | ---D | C] -- C:\Users\Laptop\Desktop\Hochzeit_Fotograf
[2013.07.04 18:02:18 | 000,000,000 | ---D | C] -- C:\Users\Laptop\Desktop\Hochzeit
[2013.07.03 13:48:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.06.28 17:10:16 | 000,000,000 | ---D | C] -- C:\Users\Laptop\restore
[2013.06.28 17:05:06 | 000,000,000 | ---D | C] -- C:\ProgramData\tmp
[2013.06.28 17:05:06 | 000,000,000 | ---D | C] -- C:\ProgramData\hps
[2013.06.28 16:57:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\dm
[5 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.26 22:05:30 | 000,000,000 | ---- | M] () -- C:\Users\Laptop\defogger_reenable
[2013.07.26 21:50:00 | 000,001,124 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.07.26 21:49:13 | 000,024,400 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.26 21:49:13 | 000,024,400 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.26 21:47:28 | 001,655,186 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013.07.26 21:47:28 | 000,714,918 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013.07.26 21:47:28 | 000,665,892 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013.07.26 21:47:28 | 000,154,934 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013.07.26 21:47:28 | 000,125,146 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013.07.26 21:42:08 | 000,001,120 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.07.26 21:42:05 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.07.26 21:42:02 | 3143,012,352 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.26 21:28:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.07.26 19:29:53 | 000,000,956 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
[2013.07.14 15:59:27 | 000,416,448 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013.06.27 20:02:59 | 000,158,510 | ---- | M] () -- C:\Users\Laptop\Desktop\Busfahrt.png
[5 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.07.26 22:05:30 | 000,000,000 | ---- | C] () -- C:\Users\Laptop\defogger_reenable
[2013.06.28 17:16:47 | 001,035,193 | ---- | C] () -- C:\Users\Laptop\Desktop\mama1.png
[2013.06.27 20:02:59 | 000,158,510 | ---- | C] () -- C:\Users\Laptop\Desktop\Busfahrt.png
[2013.02.18 19:36:37 | 000,000,850 | ---- | C] () -- C:\Users\Laptop\AppData\Local\recently-used.xbel
[2012.12.18 00:56:31 | 000,237,568 | ---- | C] () -- C:\windows\SysWow64\glut32.dll
[2012.11.21 18:43:07 | 000,000,098 | ---- | C] () -- C:\Users\Laptop\.gtk-bookmarks
[2012.10.29 12:34:02 | 000,000,316 | ---- | C] () -- C:\windows\ODBC.INI
[2012.08.28 16:09:57 | 000,007,607 | ---- | C] () -- C:\Users\Laptop\AppData\Local\Resmon.ResmonCfg
[2012.08.15 20:11:25 | 000,004,096 | -H-- | C] () -- C:\Users\Laptop\AppData\Local\keyfile3.drm
[2012.07.01 13:25:45 | 001,675,596 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011.10.16 22:30:31 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2011.08.31 21:51:14 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011.08.31 21:51:14 | 000,216,000 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011.08.31 21:51:14 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011.08.31 21:45:58 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2011.08.31 21:26:18 | 013,903,872 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
 
========== ZeroAccess Check ==========
 
[2012.11.06 15:45:28 | 000,004,708 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1790683167-3938220168-2910082845-1000\$RNB3387.1\Source\cmCommandArgumentLexer.in.l
[2012.11.06 15:45:28 | 000,005,569 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1790683167-3938220168-2910082845-1000\$RNB3387.1\Source\cmDependsFortranLexer.in.l
[2012.11.06 15:45:30 | 000,006,485 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1790683167-3938220168-2910082845-1000\$RNB3387.1\Source\cmDependsJavaLexer.in.l
[2012.11.06 15:45:30 | 000,002,136 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1790683167-3938220168-2910082845-1000\$RNB3387.1\Source\cmExprLexer.in.l
[2012.11.06 15:45:30 | 000,011,165 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1790683167-3938220168-2910082845-1000\$RNB3387.1\Source\cmListFileLexer.in.l
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.10.28 20:14:18 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\DAEMON Tools Lite
[2012.10.29 11:26:03 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\e-academy Inc
[2012.10.11 23:07:45 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\EPSON
[2012.11.20 11:04:59 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\Fighters
[2012.08.15 20:58:25 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\FreePDF
[2012.10.29 12:06:59 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\psychopy2
[2012.11.20 11:32:03 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\Subversion
[2012.07.01 16:31:13 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\Swiss Academic Software
[2012.11.21 22:32:29 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\TeamViewer
[2012.07.01 15:02:39 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\Toshiba
[2012.07.01 12:16:29 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\WinBatch
[2012.07.05 16:02:21 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\Ytodop
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 26.07.2013 22:08:39 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Laptop\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,90 Gb Total Physical Memory | 2,29 Gb Available Physical Memory | 58,55% Memory free
7,80 Gb Paging File | 5,93 Gb Available in Paging File | 75,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 96,84 Gb Total Space | 20,89 Gb Free Space | 21,57% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP-TOSHIBA | User Name: Laptop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A83063F-5AD8-4478-9C71-F58E44EA0A40}" = lport=139 | protocol=6 | dir=in | app=system | 
"{19D966F3-5ABE-435A-8FB8-B2749FFB5F4E}" = lport=138 | protocol=17 | dir=in | app=system | 
"{1D43B496-2874-4B45-B865-C1D2948CB505}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2122A7C2-0273-436F-9FBA-F8E0FAFC567F}" = rport=445 | protocol=6 | dir=out | app=system | 
"{2867CC3E-061C-4510-935B-273A12E78510}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{287B7AA1-1C1D-492C-B13A-ED6252DBE913}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{29A48408-808D-470A-B7DF-089B8DC5ADB7}" = lport=4995 | protocol=6 | dir=in | name=tcp 4995 | 
"{2C5310D7-F26D-4650-B37C-19AF28E7C59B}" = rport=138 | protocol=17 | dir=out | app=system | 
"{39483AEA-92F3-4189-A568-77086F2C72B9}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{48E69A72-A734-432D-9C78-C37118B8121C}" = lport=5263 | protocol=17 | dir=in | name=udp 5263 | 
"{4D3D6C3F-A945-4168-9458-3398D500F170}" = lport=137 | protocol=17 | dir=in | app=system | 
"{5DD2D58A-7757-4B2C-A036-4294FD584955}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{64A3F410-B8AD-4DA1-B1F6-FCF1722F550D}" = rport=137 | protocol=17 | dir=out | app=system | 
"{6C263AF8-7B41-43C1-987B-2E0A52D5BE12}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6C493174-2CC1-4D11-8B70-1CDCD0486FD3}" = lport=5263 | protocol=17 | dir=in | name=udp 5263 | 
"{7A42D586-5F50-4114-A6E6-D281EDE41B0E}" = lport=8413 | protocol=17 | dir=in | name=udp 8413 | 
"{7B5AB657-D93C-45A4-A127-25B351926E9A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7C2B9A16-5AAD-466F-BAB1-75013C825BDE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{7E657A6E-618B-4ABD-8580-C37CB436D146}" = lport=2961 | protocol=6 | dir=in | name=tcp 2961 | 
"{82415D83-E8BF-41A6-AB4D-170DC70611CA}" = lport=8413 | protocol=17 | dir=in | name=udp 8413 | 
"{92F42EB6-A5EA-4C9C-AF13-AC1BAAF079E9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{94A731CA-BF9D-4BD1-B42B-8E6B19A09618}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9FBB6880-E498-4B07-8175-80674A36E1CA}" = rport=139 | protocol=6 | dir=out | app=system | 
"{A1826AC4-24C4-4CD3-9941-76D659CDE176}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{A43D7DDE-00B6-4E63-B3CE-CBA8BA021711}" = lport=2961 | protocol=6 | dir=in | name=tcp 2961 | 
"{A63236B6-B143-4230-AB04-F74E76C8C44F}" = lport=445 | protocol=6 | dir=in | app=system | 
"{B5C00B57-A2BE-45DD-A48F-5020B16EE248}" = lport=4995 | protocol=6 | dir=in | name=tcp 4995 | 
"{BE434EDA-DC4B-4CB8-85DA-C26D61BD5E0C}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{DC4F6625-442E-49C6-AD47-D51B1D909036}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{FFEF8566-E9D9-4BB1-AEF5-BE9301001277}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0295949C-4A79-4010-858E-5ECC306DA869}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{04096A80-4383-4E78-B326-0D9BB3B21FA3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0C1A713A-5671-4072-821E-4DE053D0BB0B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{0FFECA26-A4C2-498E-AE03-897FF3D54C18}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{1FAE072D-FEE0-4FBA-B5B1-788D6A338657}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{20C53CCD-BCD3-481D-A179-A22971CDD3A8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{25A39508-0214-4012-B6ED-A31B449DF6C1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{335B0A17-69D6-4857-8182-4E04334FF0D7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{36F10202-3495-4B4D-A720-B412A8484270}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{40F4402C-0397-4A9F-955B-3E4013E2F549}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{4984EE3F-9F5F-44F2-A610-A85EDAC925AA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{55813600-D5E4-4FD2-AB2A-3C4FE5CE9EB6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5863B17A-473D-4B23-86DD-D87425ED35BC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{591D10CA-D8D0-4F28-A72C-C8474701D496}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{5D0ACCFF-B2FF-48EA-9908-A19774C19211}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{69E343FB-7F34-46CF-8DF2-8C8770DE62C8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6BAA149D-1F07-4E81-B50F-CAF2E805472F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{758DFB35-0A30-4ADB-BADA-EAE95F9B0BA8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7F02EBC6-4D63-48EF-A164-5B3E6168490A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8B6ECB12-8AD8-4DE8-B880-BABA1C0F03B7}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe | 
"{947E5FC2-3262-4CF7-AD70-17B00C12F5D0}" = protocol=6 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool10\eneasyapp.exe | 
"{95B71AD5-D768-4109-93A8-69F503E418CD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{97161D18-28D9-4362-87F3-4E6A25DA1C45}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{9F805222-50DD-47D2-A8F7-7A9B70A79921}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A04918D0-5454-4C31-B9FF-C15B851E7F2E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{C20685E1-0ECA-46C2-BC05-FEC8715E4037}" = protocol=6 | dir=out | app=system | 
"{D57079A1-4CAE-4F46-8A32-412DD859B32A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E177FDDE-BDAF-4DEB-B557-A335591E4AA0}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{EBE445BF-C6A2-4B2A-8B0E-02C963FB5989}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{F91A6656-3833-40A2-9E18-20002EF69FD3}" = protocol=17 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool10\eneasyapp.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board
"{1D5F34D0-6329-4D92-B81A-E24E9028910C}" = Crystal Reports Basic Runtime German Language Pack for Visual Studio 2008 (x64)
"{1FBEA8BA-D40B-48BC-85BC-EE2D5575F27C}" = Microsoft SQL Server VSS Writer
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{26A24AE4-039D-4CA4-87B4-2F86417006FF}" = Java 7 Update 6 (64-bit)
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}" = Crystal Reports Basic Runtime for Visual Studio 2008 (x64)
"{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Intel(R) PROSet/Wireless WiFi Software
"{41C2B21A-63BB-4377-9567-A97B15F21E59}" = TOSHIBA eco Utility
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{62EED300-E841-4083-A1D6-60B906271804}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{7C39E0D1-E138-42B1-B083-213EC2CF7692}" = Microsoft SQL Server Native Client
"{7ECA1AEA-2B61-3DE6-8276-6A9A2693F111}" = Microsoft Device Emulator (64 Bit) Version 3.0 - DEU
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9aa5f39c-a8de-46b0-919a-0248f8bc8490}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A992BBAA-723D-4574-A07F-983BF8FAA3E1}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{AC888A60-9557-3B74-B52B-F353D01BD544}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{ACD875CC-A146-3125-8F99-D3766F46FD86}" = Visual Studio .NET Prerequisites - English
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C31A4909-9C18-3121-AAD4-EAD92013B6E5}" = Microsoft Visual Studio 2008 Remote Debugger - DEU
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"EPSON BX525WD Series" = EPSON BX525WD Series Printer Uninstall
"GIMP-2_is1" = GIMP 2.8.2
"GPL Ghostscript 9.06" = GPL Ghostscript
"Matlab R2013a" = MATLAB R2013a
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Visual Studio 2008 Remote Debugger - DEU" = Microsoft Visual Studio 2008 Remote Debugger - DEU
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel(R) Network Connections Drivers
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{159098AF-4EB8-4C10-B0C6-24CDA32B45F9}" = Microsoft SQL Server Compact 3.5 DEU
"{18E1FD72-60FA-3E10-A66B-640970B5559F}" = Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1C3ADB5F-750E-4453-AC98-B75C5323845C}" = Microsoft SQL Server Compact 3.5 for Devices DEU
"{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}" = TOSHIBA Security Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2290A680-4083-410A-ADCC-7092C67FC052}" = TOSHIBA Online Product Information
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2C303EE0-A595-3543-A71A-931C7AC40EDE}" = Microsoft Primary Interoperability Assemblies 2005
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3924C3E7-C440-4B23-9740-9A9EC0545F21}" = Crystal Reports Basic German Language Pack for Visual Studio 2008
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{445174EA-3D3A-308E-84AD-446127E71441}" = Microsoft Visual Studio 2008 Professional Edition - DEU
"{461F6F0D-7173-4902-9604-AB1A29108AF2}" = TOSHIBA Places Icon Utility
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ACDC413-AF13-3934-8D8A-1F8CEF70D1A5}" = Microsoft Document Explorer 2008 Language Pack - DEU
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{5B01BCB7-A5D3-476F-AF11-E515BA206591}" = TOSHIBA Wireless LAN Indicator
"{5DB161C0-7C9C-41D7-8DA1-CB112F60946B}" = Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack
"{617773AE-ADBA-4479-BB04-65FE7758B35C}" = TOSHIBA Wireless Display Monitor
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player
"{6E579724-82F9-454C-A98E-39DDDAB167FF}" = Intel(R) Rapid Start Technology
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{721B5CF0-D220-4955-BB6F-EBCFB1096DE7}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{72CCBEA1-8D57-4981-A337-81019F28C5BA}" = Microsoft .NET Compact Framework 3.5
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{781A93CD-1608-427D-B7F0-D05C07795B25}" = Intel(R) WiDi
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0407-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (German) 2007
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{00C5525B-3CB3-467D-8100-2E6FB306CD86}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{9602841E-ECE2-1019-AAEE-906A4DE25D6B}" = Intel(R) Identity Protection Technology 1.2.18.0
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9FD58A9-7640-4E61-B166-F5FBAD8219F6}" = TOSHIBA ConfigFree
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AA57D6F1-6360-4397-B2D9-B21C69863D97}" = Secure Download Manager
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.7) MUI
"{B1060346-9388-4C5B-AA52-176C39819E43}" = Microsoft .NET Compact Framework 2.0 SP2
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}" = Dolby Advanced Audio v2
"{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3
"{DA7F48EF-5F56-45FE-9169-3B8159A7A323}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E32260E7-0B10-43C7-9B77-AB9F4184676D}" = Microsoft SQL Server Compact 3.5 Design Tools DEU
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F082CB11-4794-4259-99A1-D91BA762AD15}" = TOSHIBA TEMPRO
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH Media Driver v2.15.17.02
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CMake 2.8.10.1" = CMake 2.8, a cross-platform, open-source build system
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON BX525WD Series Manual" = EPSON BX525WD Series Handbuch
"EPSON BX525WD Series Network Guide" = EPSON BX525WD Series Netzwerk-Handbuch
"EPSON Scanner" = EPSON Scan
"Google Chrome" = Google Chrome
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft Document Explorer 2008 Language Pack - DEU" = Microsoft Document Explorer 2008 Language Pack - DEU
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack" = Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack
"Microsoft Visual Studio 2008 Professional Edition - DEU" = Microsoft Visual Studio 2008 Professional Edition - DEU
"Mozilla Firefox 22.0 (x86 en-US)" = Mozilla Firefox 22.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OpenVPN" = OpenVPN 2.1.3
"PDF Blender" = PDF Blender
"ProInst" = Intel PROSet Wireless
"PsychoPy2" = PsychoPy2 1.74.01
"Qt OpenSource 4.8.3 - C:_Qt_4.8.3" = Qt OpenSource 4.8.3
"Qt Visual Studio Add-in 1.1.11 - C:_Program Files (x86)_Digia_Qt4VSAddin" = Qt Visual Studio Add-in 1.1.11
"VirtualCloneDrive" = VirtualCloneDrive
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU" = Visual Studio-Tools für Office System 3.0 Runtime Language Pack - DEU
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 2.0.2
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 26.06.2013 04:11:13 | Computer Name = Laptop-Toshiba | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.06.2013 06:06:19 | Computer Name = Laptop-Toshiba | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.06.2013 06:39:22 | Computer Name = Laptop-Toshiba | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.06.2013 06:53:40 | Computer Name = Laptop-Toshiba | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.06.2013 07:30:51 | Computer Name = Laptop-Toshiba | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.06.2013 10:22:11 | Computer Name = Laptop-Toshiba | Source = WinMgmt | ID = 10
Description = 
 
Error - 27.06.2013 13:36:50 | Computer Name = Laptop-Toshiba | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.06.2013 10:32:17 | Computer Name = Laptop-Toshiba | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.07.2013 03:01:01 | Computer Name = Laptop-Toshiba | Source = WinMgmt | ID = 10
Description = 
 
Error - 06.07.2013 06:12:09 | Computer Name = Laptop-Toshiba | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "d:\bin\win64\VCRT_check.exe".
Die
 abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ System Events ]
Error - 11.12.2012 12:36:05 | Computer Name = Laptop-Toshiba | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.141.1493.0     Aktualisierungsquelle: 
%%859     Aktualisierungsphase: %%852     Quellpfad: Microsoft Home Page | Devices and Services     Signaturtyp: 
%%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.9002.0     Fehlercode: 0x8024402c     Fehlerbeschreibung: Unerwartetes
 Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates
 oder zur Problembehandlung finden Sie unter "Hilfe und Support". 
 
Error - 12.12.2012 05:02:26 | Computer Name = Laptop-Toshiba | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.141.1493.0     Aktualisierungsquelle: 
%%859     Aktualisierungsphase: %%852     Quellpfad: Microsoft Home Page | Devices and Services     Signaturtyp: 
%%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.9002.0     Fehlercode: 0x8024402c     Fehlerbeschreibung: Unerwartetes
 Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates
 oder zur Problembehandlung finden Sie unter "Hilfe und Support". 
 
Error - 13.12.2012 09:56:14 | Computer Name = Laptop-Toshiba | Source = DCOM | ID = 10010
Description = 
 
Error - 19.12.2012 11:23:31 | Computer Name = Laptop-Toshiba | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Wlansvc erreicht.
 
Error - 20.12.2012 06:48:40 | Computer Name = Laptop-Toshiba | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Wlansvc erreicht.
 
Error - 29.12.2012 07:53:47 | Computer Name = Laptop-Toshiba | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?22.?12.?2012 um 17:28:54 unerwartet heruntergefahren.
 
Error - 29.12.2012 07:53:57 | Computer Name = Laptop-Toshiba | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.141.2443.0     Aktualisierungsquelle: 
%%859     Aktualisierungsphase: %%852     Quellpfad: Microsoft Home Page | Devices and Services     Signaturtyp: 
%%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.9002.0     Fehlercode: 0x8024402c     Fehlerbeschreibung: Unerwartetes
 Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates
 oder zur Problembehandlung finden Sie unter "Hilfe und Support". 
 
Error - 29.12.2012 07:53:57 | Computer Name = Laptop-Toshiba | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.141.2443.0     Aktualisierungsquelle: 
%%851     Aktualisierungsphase: %%852     Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.9002.0&avdelta=1.141.2443.0&asdelta=1.141.2443.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

	Signaturtyp:
 %%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\NETZWERKDIENST     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.9002.0     Fehlercode: 0x80072ee7     Fehlerbeschreibung: Der
 Servername oder die Serveradresse konnte nicht verarbeitet werden. 
 
Error - 29.12.2012 07:53:57 | Computer Name = Laptop-Toshiba | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.141.2443.0     Aktualisierungsquelle: 
%%851     Aktualisierungsphase: %%852     Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.9002.0&avdelta=1.141.2443.0&asdelta=1.141.2443.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

	Signaturtyp:
 %%801     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\NETZWERKDIENST     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.9002.0     Fehlercode: 0x80072ee7     Fehlerbeschreibung: Der
 Servername oder die Serveradresse konnte nicht verarbeitet werden. 
 
Error - 03.01.2013 14:43:10 | Computer Name = Laptop-Toshiba | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         
--- --- ---

Hallo Matthias,
die beiden OTL Logdateien.
Habe ich in der Anleitung zum erstellen eines Themas gelesen..
Würde jetzt mit GMER weitermachen.
Odersoll ich etwas anderes machen?

Grüße
__________________

Alt 26.07.2013, 21:20   #4
M-K-D-B
/// TB-Ausbilder
 
PWS:WIN32/Zbot.gen!AM - Standard

PWS:WIN32/Zbot.gen!AM



Servus,







Lesestoff:
Banking-Trojaner
Wenn du mit diesem Computer beispielsweise Onlinebanking machst, dann solltest du zumindest dein Passwort von deiner Bank ändern lassen, wenn du ein ansonsten sicheres Verfahren wie beispielsweise "chip-TAN-comfort" nutzt. Hast du noch alte TAN-Bögen auf Papierbasis? Dann ist es höchste Zeit dich bei deiner Bank zu melden und notfalls das Konto temporär sperren zu lassen. Der Sperrnotruf 116 116 von www.sperr-notruf.de kann Tag und Nacht dafür benutzt werden.







Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 26.07.2013, 21:28   #5
nah
 
PWS:WIN32/Zbot.gen!AM - Standard

PWS:WIN32/Zbot.gen!AM



GMER Logfile:
Code:
ATTFilter
GMER 2.1.19163 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-07-26 22:27:39
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.AJTA 119,24GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Laptop\AppData\Local\Temp\awloafod.sys


---- User code sections - GMER 2.1 ----

.text   c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2564] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69           0000000074c11465 2 bytes [C1, 74]
.text   c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2564] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155          0000000074c114bb 2 bytes [C1, 74]
.text   ...                                                                                                                                          * 2
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3976] C:\windows\SysWOW64\ntdll.dll!NtCreateUserProcess                  0000000076fb08fc 5 bytes JMP 000000010260a8bc
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3976] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll                           0000000076fcc45a 5 bytes JMP 000000010260aa99
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3976] C:\windows\syswow64\USER32.dll!TranslateMessage                    0000000074a87809 5 bytes JMP 0000000102618e2f
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3976] C:\windows\syswow64\USER32.dll!GetClipboardData                    0000000074ac9f1d 5 bytes JMP 0000000102618e93
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3976] C:\windows\syswow64\SspiCli.dll!DeleteSecurityContext              0000000074a00bb9 5 bytes JMP 00000001026259b4
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3976] C:\windows\syswow64\SspiCli.dll!EncryptMessage                     0000000074a0124e 5 bytes JMP 00000001026259fe
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3976] C:\windows\syswow64\SspiCli.dll!DecryptMessage                     0000000074a0129d 5 bytes JMP 0000000102625a42
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3976] C:\windows\syswow64\WS2_32.dll!closesocket                         00000000765a3918 5 bytes JMP 0000000102606a4f
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3976] C:\windows\syswow64\WS2_32.dll!getaddrinfo                         00000000765a4296 5 bytes JMP 00000001026068e4
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3976] C:\windows\syswow64\WS2_32.dll!WSASend                             00000000765a4406 5 bytes JMP 0000000102606c8f
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3976] C:\windows\syswow64\WS2_32.dll!GetAddrInfoW                        00000000765a4889 5 bytes JMP 00000001026067e5
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3976] C:\windows\syswow64\WS2_32.dll!FreeAddrInfoW                       00000000765a4b1b 5 bytes JMP 000000010260695c
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3976] C:\windows\syswow64\WS2_32.dll!recv                                00000000765a6b0e 5 bytes JMP 0000000102606aa6
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3976] C:\windows\syswow64\WS2_32.dll!send                                00000000765a6f01 5 bytes JMP 0000000102606c3d
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3976] C:\windows\syswow64\WS2_32.dll!WSARecv                             00000000765a7089 5 bytes JMP 0000000102606afe
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3976] C:\windows\syswow64\WS2_32.dll!WSAGetOverlappedResult              00000000765a7489 5 bytes JMP 0000000102606d3b
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3976] C:\windows\syswow64\WS2_32.dll!gethostbyname                       00000000765b7673 5 bytes JMP 00000001026069e2
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3976] C:\windows\syswow64\CRYPT32.dll!PFXImportCertStore                 0000000076671314 5 bytes JMP 0000000102618f14
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3976] C:\windows\syswow64\WININET.dll!InternetCloseHandle                0000000076094282 5 bytes JMP 000000010261e6a9
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3976] C:\windows\syswow64\WININET.dll!HttpQueryInfoA                     0000000076097079 5 bytes JMP 000000010261fa0d
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3976] C:\windows\syswow64\WININET.dll!HttpQueryInfoW                     00000000760977c2 5 bytes JMP 000000010261fa31
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3976] C:\windows\syswow64\WININET.dll!HttpSendRequestW                   0000000076097ca6 5 bytes JMP 000000010261f193
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3976] C:\windows\syswow64\WININET.dll!InternetQueryDataAvailable         00000000760a92e9 5 bytes JMP 000000010261f972
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3976] C:\windows\syswow64\WININET.dll!InternetReadFile                   00000000760a972b 5 bytes JMP 000000010261f900
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3976] C:\windows\syswow64\WININET.dll!InternetReadFileExW                00000000760badd7 5 bytes JMP 000000010261f94c
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3976] C:\windows\syswow64\WININET.dll!InternetReadFileExA                00000000760bae2e 5 bytes JMP 000000010261f926
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3976] C:\windows\syswow64\WININET.dll!HttpSendRequestExW                 00000000760fceff 5 bytes JMP 000000010261f1d9
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3976] C:\windows\syswow64\WININET.dll!InternetWriteFile                  00000000760fd06f 5 bytes JMP 000000010261f35c
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3976] C:\windows\syswow64\WININET.dll!HttpSendRequestExA                 0000000076163222 5 bytes JMP 000000010261f1b6
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3976] C:\windows\syswow64\WININET.dll!HttpSendRequestA                   00000000761632f2 5 bytes JMP 000000010261f170
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[5076] C:\windows\SysWOW64\ntdll.dll!NtCreateUserProcess                   0000000076fb08fc 5 bytes JMP 00000001001aa8bc
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[5076] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll                            0000000076fcc45a 5 bytes JMP 00000001001aaa99
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[5076] C:\windows\syswow64\USER32.dll!TranslateMessage                     0000000074a87809 5 bytes JMP 00000001001b8e2f
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[5076] C:\windows\syswow64\USER32.dll!GetClipboardData                     0000000074ac9f1d 5 bytes JMP 00000001001b8e93
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[5076] C:\windows\syswow64\SspiCli.dll!DeleteSecurityContext               0000000074a00bb9 5 bytes JMP 00000001001c59b4
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[5076] C:\windows\syswow64\SspiCli.dll!EncryptMessage                      0000000074a0124e 5 bytes JMP 00000001001c59fe
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[5076] C:\windows\syswow64\SspiCli.dll!DecryptMessage                      0000000074a0129d 5 bytes JMP 00000001001c5a42
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[5076] C:\windows\syswow64\CRYPT32.dll!PFXImportCertStore                  0000000076671314 5 bytes JMP 00000001001b8f14
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[5076] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69             0000000074c11465 2 bytes [C1, 74]
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[5076] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155            0000000074c114bb 2 bytes [C1, 74]
.text   ...                                                                                                                                          * 2
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[5076] C:\windows\syswow64\WS2_32.dll!closesocket                          00000000765a3918 5 bytes JMP 00000001001a6a4f
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[5076] C:\windows\syswow64\WS2_32.dll!getaddrinfo                          00000000765a4296 5 bytes JMP 00000001001a68e4
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[5076] C:\windows\syswow64\WS2_32.dll!WSASend                              00000000765a4406 5 bytes JMP 00000001001a6c8f
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[5076] C:\windows\syswow64\WS2_32.dll!GetAddrInfoW                         00000000765a4889 5 bytes JMP 00000001001a67e5
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[5076] C:\windows\syswow64\WS2_32.dll!FreeAddrInfoW                        00000000765a4b1b 5 bytes JMP 00000001001a695c
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[5076] C:\windows\syswow64\WS2_32.dll!recv                                 00000000765a6b0e 5 bytes JMP 00000001001a6aa6
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[5076] C:\windows\syswow64\WS2_32.dll!send                                 00000000765a6f01 5 bytes JMP 00000001001a6c3d
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[5076] C:\windows\syswow64\WS2_32.dll!WSARecv                              00000000765a7089 5 bytes JMP 00000001001a6afe
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[5076] C:\windows\syswow64\WS2_32.dll!WSAGetOverlappedResult               00000000765a7489 5 bytes JMP 00000001001a6d3b
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[5076] C:\windows\syswow64\WS2_32.dll!gethostbyname                        00000000765b7673 5 bytes JMP 00000001001a69e2
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[5076] C:\windows\syswow64\WININET.dll!InternetCloseHandle                 0000000076094282 5 bytes JMP 00000001001be6a9
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[5076] C:\windows\syswow64\WININET.dll!HttpQueryInfoA                      0000000076097079 5 bytes JMP 00000001001bfa0d
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[5076] C:\windows\syswow64\WININET.dll!HttpQueryInfoW                      00000000760977c2 5 bytes JMP 00000001001bfa31
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[5076] C:\windows\syswow64\WININET.dll!HttpSendRequestW                    0000000076097ca6 5 bytes JMP 00000001001bf193
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[5076] C:\windows\syswow64\WININET.dll!InternetQueryDataAvailable          00000000760a92e9 5 bytes JMP 00000001001bf972
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[5076] C:\windows\syswow64\WININET.dll!InternetReadFile                    00000000760a972b 5 bytes JMP 00000001001bf900
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[5076] C:\windows\syswow64\WININET.dll!InternetReadFileExW                 00000000760badd7 5 bytes JMP 00000001001bf94c
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[5076] C:\windows\syswow64\WININET.dll!InternetReadFileExA                 00000000760bae2e 5 bytes JMP 00000001001bf926
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[5076] C:\windows\syswow64\WININET.dll!HttpSendRequestExW                  00000000760fceff 5 bytes JMP 00000001001bf1d9
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[5076] C:\windows\syswow64\WININET.dll!InternetWriteFile                   00000000760fd06f 5 bytes JMP 00000001001bf35c
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[5076] C:\windows\syswow64\WININET.dll!HttpSendRequestExA                  0000000076163222 5 bytes JMP 00000001001bf1b6
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[5076] C:\windows\syswow64\WININET.dll!HttpSendRequestA                    00000000761632f2 5 bytes JMP 00000001001bf170
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4244] C:\windows\SysWOW64\ntdll.dll!NtCreateUserProcess                  0000000076fb08fc 5 bytes JMP 00000001001aa8bc
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4244] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll                           0000000076fcc45a 5 bytes JMP 00000001001aaa99
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4244] C:\windows\syswow64\USER32.dll!TranslateMessage                    0000000074a87809 5 bytes JMP 00000001001b8e2f
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4244] C:\windows\syswow64\USER32.dll!GetClipboardData                    0000000074ac9f1d 5 bytes JMP 00000001001b8e93
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4244] C:\windows\syswow64\SspiCli.dll!DeleteSecurityContext              0000000074a00bb9 5 bytes JMP 00000001001c59b4
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4244] C:\windows\syswow64\SspiCli.dll!EncryptMessage                     0000000074a0124e 5 bytes JMP 00000001001c59fe
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4244] C:\windows\syswow64\SspiCli.dll!DecryptMessage                     0000000074a0129d 5 bytes JMP 00000001001c5a42
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4244] C:\windows\syswow64\CRYPT32.dll!PFXImportCertStore                 0000000076671314 5 bytes JMP 00000001001b8f14
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4244] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69            0000000074c11465 2 bytes [C1, 74]
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4244] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155           0000000074c114bb 2 bytes [C1, 74]
.text   ...                                                                                                                                          * 2
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4244] C:\windows\syswow64\WS2_32.dll!closesocket                         00000000765a3918 5 bytes JMP 00000001001a6a4f
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4244] C:\windows\syswow64\WS2_32.dll!getaddrinfo                         00000000765a4296 5 bytes JMP 00000001001a68e4
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4244] C:\windows\syswow64\WS2_32.dll!WSASend                             00000000765a4406 5 bytes JMP 00000001001a6c8f
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4244] C:\windows\syswow64\WS2_32.dll!GetAddrInfoW                        00000000765a4889 5 bytes JMP 00000001001a67e5
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4244] C:\windows\syswow64\WS2_32.dll!FreeAddrInfoW                       00000000765a4b1b 5 bytes JMP 00000001001a695c
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4244] C:\windows\syswow64\WS2_32.dll!recv                                00000000765a6b0e 5 bytes JMP 00000001001a6aa6
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4244] C:\windows\syswow64\WS2_32.dll!send                                00000000765a6f01 5 bytes JMP 00000001001a6c3d
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4244] C:\windows\syswow64\WS2_32.dll!WSARecv                             00000000765a7089 5 bytes JMP 00000001001a6afe
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4244] C:\windows\syswow64\WS2_32.dll!WSAGetOverlappedResult              00000000765a7489 5 bytes JMP 00000001001a6d3b
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4244] C:\windows\syswow64\WS2_32.dll!gethostbyname                       00000000765b7673 5 bytes JMP 00000001001a69e2
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4244] C:\windows\syswow64\WININET.dll!InternetCloseHandle                0000000076094282 5 bytes JMP 00000001001be6a9
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4244] C:\windows\syswow64\WININET.dll!HttpQueryInfoA                     0000000076097079 5 bytes JMP 00000001001bfa0d
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4244] C:\windows\syswow64\WININET.dll!HttpQueryInfoW                     00000000760977c2 5 bytes JMP 00000001001bfa31
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4244] C:\windows\syswow64\WININET.dll!HttpSendRequestW                   0000000076097ca6 5 bytes JMP 00000001001bf193
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4244] C:\windows\syswow64\WININET.dll!InternetQueryDataAvailable         00000000760a92e9 5 bytes JMP 00000001001bf972
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4244] C:\windows\syswow64\WININET.dll!InternetReadFile                   00000000760a972b 5 bytes JMP 00000001001bf900
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4244] C:\windows\syswow64\WININET.dll!InternetReadFileExW                00000000760badd7 5 bytes JMP 00000001001bf94c
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4244] C:\windows\syswow64\WININET.dll!InternetReadFileExA                00000000760bae2e 5 bytes JMP 00000001001bf926
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4244] C:\windows\syswow64\WININET.dll!HttpSendRequestExW                 00000000760fceff 5 bytes JMP 00000001001bf1d9
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4244] C:\windows\syswow64\WININET.dll!InternetWriteFile                  00000000760fd06f 5 bytes JMP 00000001001bf35c
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4244] C:\windows\syswow64\WININET.dll!HttpSendRequestExA                 0000000076163222 5 bytes JMP 00000001001bf1b6
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4244] C:\windows\syswow64\WININET.dll!HttpSendRequestA                   00000000761632f2 5 bytes JMP 00000001001bf170
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtAvAC.exe[4112] C:\windows\SysWOW64\ntdll.dll!NtCreateUserProcess                 0000000076fb08fc 5 bytes JMP 00000001001aa8bc
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtAvAC.exe[4112] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll                          0000000076fcc45a 5 bytes JMP 00000001001aaa99
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtAvAC.exe[4112] C:\windows\syswow64\USER32.dll!TranslateMessage                   0000000074a87809 5 bytes JMP 00000001001b8e2f
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtAvAC.exe[4112] C:\windows\syswow64\USER32.dll!GetClipboardData                   0000000074ac9f1d 5 bytes JMP 00000001001b8e93
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtAvAC.exe[4112] C:\windows\syswow64\SspiCli.dll!DeleteSecurityContext             0000000074a00bb9 5 bytes JMP 00000001001c59b4
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtAvAC.exe[4112] C:\windows\syswow64\SspiCli.dll!EncryptMessage                    0000000074a0124e 5 bytes JMP 00000001001c59fe
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtAvAC.exe[4112] C:\windows\syswow64\SspiCli.dll!DecryptMessage                    0000000074a0129d 5 bytes JMP 00000001001c5a42
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtAvAC.exe[4112] C:\windows\syswow64\WS2_32.dll!closesocket                        00000000765a3918 5 bytes JMP 00000001001a6a4f
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtAvAC.exe[4112] C:\windows\syswow64\WS2_32.dll!getaddrinfo                        00000000765a4296 5 bytes JMP 00000001001a68e4
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtAvAC.exe[4112] C:\windows\syswow64\WS2_32.dll!WSASend                            00000000765a4406 5 bytes JMP 00000001001a6c8f
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtAvAC.exe[4112] C:\windows\syswow64\WS2_32.dll!GetAddrInfoW                       00000000765a4889 5 bytes JMP 00000001001a67e5
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtAvAC.exe[4112] C:\windows\syswow64\WS2_32.dll!FreeAddrInfoW                      00000000765a4b1b 5 bytes JMP 00000001001a695c
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtAvAC.exe[4112] C:\windows\syswow64\WS2_32.dll!recv                               00000000765a6b0e 5 bytes JMP 00000001001a6aa6
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtAvAC.exe[4112] C:\windows\syswow64\WS2_32.dll!send                               00000000765a6f01 5 bytes JMP 00000001001a6c3d
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtAvAC.exe[4112] C:\windows\syswow64\WS2_32.dll!WSARecv                            00000000765a7089 5 bytes JMP 00000001001a6afe
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtAvAC.exe[4112] C:\windows\syswow64\WS2_32.dll!WSAGetOverlappedResult             00000000765a7489 5 bytes JMP 00000001001a6d3b
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtAvAC.exe[4112] C:\windows\syswow64\WS2_32.dll!gethostbyname                      00000000765b7673 5 bytes JMP 00000001001a69e2
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtAvAC.exe[4112] C:\windows\syswow64\CRYPT32.dll!PFXImportCertStore                0000000076671314 5 bytes JMP 00000001001b8f14
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtAvAC.exe[4112] C:\windows\syswow64\WININET.dll!InternetCloseHandle               0000000076094282 5 bytes JMP 00000001001be6a9
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtAvAC.exe[4112] C:\windows\syswow64\WININET.dll!HttpQueryInfoA                    0000000076097079 5 bytes JMP 00000001001bfa0d
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtAvAC.exe[4112] C:\windows\syswow64\WININET.dll!HttpQueryInfoW                    00000000760977c2 5 bytes JMP 00000001001bfa31
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtAvAC.exe[4112] C:\windows\syswow64\WININET.dll!HttpSendRequestW                  0000000076097ca6 5 bytes JMP 00000001001bf193
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtAvAC.exe[4112] C:\windows\syswow64\WININET.dll!InternetQueryDataAvailable        00000000760a92e9 5 bytes JMP 00000001001bf972
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtAvAC.exe[4112] C:\windows\syswow64\WININET.dll!InternetReadFile                  00000000760a972b 5 bytes JMP 00000001001bf900
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtAvAC.exe[4112] C:\windows\syswow64\WININET.dll!InternetReadFileExW               00000000760badd7 5 bytes JMP 00000001001bf94c
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtAvAC.exe[4112] C:\windows\syswow64\WININET.dll!InternetReadFileExA               00000000760bae2e 5 bytes JMP 00000001001bf926
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtAvAC.exe[4112] C:\windows\syswow64\WININET.dll!HttpSendRequestExW                00000000760fceff 5 bytes JMP 00000001001bf1d9
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtAvAC.exe[4112] C:\windows\syswow64\WININET.dll!InternetWriteFile                 00000000760fd06f 5 bytes JMP 00000001001bf35c
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtAvAC.exe[4112] C:\windows\syswow64\WININET.dll!HttpSendRequestExA                0000000076163222 5 bytes JMP 00000001001bf1b6
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtAvAC.exe[4112] C:\windows\syswow64\WININET.dll!HttpSendRequestA                  00000000761632f2 5 bytes JMP 00000001001bf170
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4312] C:\windows\SysWOW64\ntdll.dll!NtCreateUserProcess                  0000000076fb08fc 5 bytes JMP 00000001001aa8bc
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4312] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll                           0000000076fcc45a 5 bytes JMP 00000001001aaa99
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4312] C:\windows\syswow64\USER32.dll!TranslateMessage                    0000000074a87809 5 bytes JMP 00000001001b8e2f
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4312] C:\windows\syswow64\USER32.dll!GetClipboardData                    0000000074ac9f1d 5 bytes JMP 00000001001b8e93
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4312] C:\windows\syswow64\SspiCli.dll!DeleteSecurityContext              0000000074a00bb9 5 bytes JMP 00000001001c59b4
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4312] C:\windows\syswow64\SspiCli.dll!EncryptMessage                     0000000074a0124e 5 bytes JMP 00000001001c59fe
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4312] C:\windows\syswow64\SspiCli.dll!DecryptMessage                     0000000074a0129d 5 bytes JMP 00000001001c5a42
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4312] C:\windows\syswow64\WS2_32.dll!closesocket                         00000000765a3918 5 bytes JMP 00000001001a6a4f
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4312] C:\windows\syswow64\WS2_32.dll!getaddrinfo                         00000000765a4296 5 bytes JMP 00000001001a68e4
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4312] C:\windows\syswow64\WS2_32.dll!WSASend                             00000000765a4406 5 bytes JMP 00000001001a6c8f
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4312] C:\windows\syswow64\WS2_32.dll!GetAddrInfoW                        00000000765a4889 5 bytes JMP 00000001001a67e5
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4312] C:\windows\syswow64\WS2_32.dll!FreeAddrInfoW                       00000000765a4b1b 5 bytes JMP 00000001001a695c
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4312] C:\windows\syswow64\WS2_32.dll!recv                                00000000765a6b0e 5 bytes JMP 00000001001a6aa6
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4312] C:\windows\syswow64\WS2_32.dll!send                                00000000765a6f01 5 bytes JMP 00000001001a6c3d
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4312] C:\windows\syswow64\WS2_32.dll!WSARecv                             00000000765a7089 5 bytes JMP 00000001001a6afe
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4312] C:\windows\syswow64\WS2_32.dll!WSAGetOverlappedResult              00000000765a7489 5 bytes JMP 00000001001a6d3b
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4312] C:\windows\syswow64\WS2_32.dll!gethostbyname                       00000000765b7673 5 bytes JMP 00000001001a69e2
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4312] C:\windows\syswow64\CRYPT32.dll!PFXImportCertStore                 0000000076671314 5 bytes JMP 00000001001b8f14
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4312] C:\windows\syswow64\WININET.dll!InternetCloseHandle                0000000076094282 5 bytes JMP 00000001001be6a9
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4312] C:\windows\syswow64\WININET.dll!HttpQueryInfoA                     0000000076097079 5 bytes JMP 00000001001bfa0d
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4312] C:\windows\syswow64\WININET.dll!HttpQueryInfoW                     00000000760977c2 5 bytes JMP 00000001001bfa31
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4312] C:\windows\syswow64\WININET.dll!HttpSendRequestW                   0000000076097ca6 5 bytes JMP 00000001001bf193
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4312] C:\windows\syswow64\WININET.dll!InternetQueryDataAvailable         00000000760a92e9 5 bytes JMP 00000001001bf972
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4312] C:\windows\syswow64\WININET.dll!InternetReadFile                   00000000760a972b 5 bytes JMP 00000001001bf900
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4312] C:\windows\syswow64\WININET.dll!InternetReadFileExW                00000000760badd7 5 bytes JMP 00000001001bf94c
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4312] C:\windows\syswow64\WININET.dll!InternetReadFileExA                00000000760bae2e 5 bytes JMP 00000001001bf926
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4312] C:\windows\syswow64\WININET.dll!HttpSendRequestExW                 00000000760fceff 5 bytes JMP 00000001001bf1d9
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4312] C:\windows\syswow64\WININET.dll!InternetWriteFile                  00000000760fd06f 5 bytes JMP 00000001001bf35c
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4312] C:\windows\syswow64\WININET.dll!HttpSendRequestExA                 0000000076163222 5 bytes JMP 00000001001bf1b6
.text   C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4312] C:\windows\syswow64\WININET.dll!HttpSendRequestA                   00000000761632f2 5 bytes JMP 00000001001bf170
.text   C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe[5748] C:\windows\SysWOW64\ntdll.dll!NtCreateUserProcess                                0000000076fb08fc 5 bytes JMP 0000000103aea8bc
.text   C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe[5748] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll                                         0000000076fcc45a 5 bytes JMP 0000000103aeaa99

---- Threads - GMER 2.1 ----

Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2176:2304]                                                      0000000076fe3e45
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2176:2340]                                                      0000000076fe2e25
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2176:2380]                                                      0000000072cd29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2176:2384]                                                      0000000072cd29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2176:2396]                                                      0000000072cd29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2176:2408]                                                      0000000072cd29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2176:2412]                                                      0000000072cd29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2176:2432]                                                      0000000072cd29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2176:2436]                                                      0000000072cd29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2176:2460]                                                      0000000072cd29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2176:2484]                                                      0000000072cd29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2176:2492]                                                      0000000072cd29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2176:2852]                                                      0000000072cd29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2176:2856]                                                      0000000072cd29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2176:2884]                                                      0000000072cd29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2176:2552]                                                      0000000072cd29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2176:2244]                                                      0000000072cd29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2176:2076]                                                      0000000072cd29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2176:2580]                                                      0000000072cd29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2176:2536]                                                      0000000072cd29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2176:3232]                                                      0000000072cd29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2176:3236]                                                      0000000072cd29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2176:3580]                                                      0000000076fe3e45
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2176:3624]                                                      0000000072cd29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2176:3772]                                                      0000000072cd29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2176:4784]                                                      0000000072cd29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2176:4780]                                                      0000000072cd29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2176:5580]                                                      0000000072cd29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2176:5584]                                                      0000000072cd29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2176:5588]                                                      0000000072cd29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2176:5592]                                                      0000000072cd29e1

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{96078B18-58B6-4CD8-ABAC-9A69FF89FB3A}\Connection@Name  isatap.{D01FE7F1-80C0-4EE0-87FB-CBF20339F9BB}
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind     \Device\{96078B18-58B6-4CD8-ABAC-9A69FF89FB3A}?\Device\{1BD0792B-12C3-4973-A61A-880323529D06}?\Device\{6A0A686D-2363-42DE-B12C-0FAD587606A8}?\Device\{4465247A-3602-46BF-B8BE-D4CA916C0294}?\Device\{456BE7D5-A055-433A-8402-A9610EF53E7E}?
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route    "{96078B18-58B6-4CD8-ABAC-9A69FF89FB3A}"?"{1BD0792B-12C3-4973-A61A-880323529D06}"?"{6A0A686D-2363-42DE-B12C-0FAD587606A8}"?"{4465247A-3602-46BF-B8BE-D4CA916C0294}"?"{456BE7D5-A055-433A-8402-A9610EF53E7E}"?
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export   \Device\TCPIP6TUNNEL_{96078B18-58B6-4CD8-ABAC-9A69FF89FB3A}?\Device\TCPIP6TUNNEL_{1BD0792B-12C3-4973-A61A-880323529D06}?\Device\TCPIP6TUNNEL_{6A0A686D-2363-42DE-B12C-0FAD587606A8}?\Device\TCPIP6TUNNEL_{4465247A-3602-46BF-B8BE-D4CA916C0294}?\Device\TCPIP6TUNNEL_{456BE7D5-A055-433A-8402-A9610EF53E7E}?
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\88532ec8b021                                                                  
Reg     HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{96078B18-58B6-4CD8-ABAC-9A69FF89FB3A}@InterfaceName                       isatap.{D01FE7F1-80C0-4EE0-87FB-CBF20339F9BB}
Reg     HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{96078B18-58B6-4CD8-ABAC-9A69FF89FB3A}@ReusableType                        0
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\88532ec8b021 (not active ControlSet)                                              

---- EOF - GMER 2.1 ----
         
--- --- ---


Alt 26.07.2013, 21:30   #6
M-K-D-B
/// TB-Ausbilder
 
PWS:WIN32/Zbot.gen!AM - Standard

PWS:WIN32/Zbot.gen!AM



Servus,



so, und nun lies dir meinen letzten Post durch und dann kanns losgehen.
__________________
--> PWS:WIN32/Zbot.gen!AM

Alt 26.07.2013, 21:56   #7
nah
 
PWS:WIN32/Zbot.gen!AM - Standard

PWS:WIN32/Zbot.gen!AM



Combofix Logfile:
Code:
ATTFilter
ComboFix 13-07-25.02 - Laptop 26.07.2013  22:42:18.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3997.2151 [GMT 2:00]
ausgeführt von:: c:\users\Laptop\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\Roaming
c:\users\Laptop\4.0
c:\users\Laptop\AppData\Local\assembly\tmp
c:\users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp7571.tmp
c:\users\Laptop\AppData\Roaming\Ytodop
c:\users\Laptop\AppData\Roaming\Ytodop\anheif.exe
c:\windows\SysWow64\html
c:\windows\SysWow64\html\calendar.html
c:\windows\SysWow64\html\calendarbottom.html
c:\windows\SysWow64\html\calendartop.html
c:\windows\SysWow64\html\crystalexportdialog.htm
c:\windows\SysWow64\html\crystalprinthost.html
c:\windows\SysWow64\images
c:\windows\SysWow64\images\toolbar\calendar.gif
c:\windows\SysWow64\images\toolbar\crlogo.gif
c:\windows\SysWow64\images\toolbar\export.gif
c:\windows\SysWow64\images\toolbar\export_over.gif
c:\windows\SysWow64\images\toolbar\exportd.gif
c:\windows\SysWow64\images\toolbar\First.gif
c:\windows\SysWow64\images\toolbar\first_over.gif
c:\windows\SysWow64\images\toolbar\Firstd.gif
c:\windows\SysWow64\images\toolbar\gotopage.gif
c:\windows\SysWow64\images\toolbar\gotopage_over.gif
c:\windows\SysWow64\images\toolbar\gotopaged.gif
c:\windows\SysWow64\images\toolbar\grouptree.gif
c:\windows\SysWow64\images\toolbar\grouptree_over.gif
c:\windows\SysWow64\images\toolbar\grouptreed.gif
c:\windows\SysWow64\images\toolbar\grouptreepressed.gif
c:\windows\SysWow64\images\toolbar\Last.gif
c:\windows\SysWow64\images\toolbar\last_over.gif
c:\windows\SysWow64\images\toolbar\Lastd.gif
c:\windows\SysWow64\images\toolbar\Next.gif
c:\windows\SysWow64\images\toolbar\next_over.gif
c:\windows\SysWow64\images\toolbar\Nextd.gif
c:\windows\SysWow64\images\toolbar\Prev.gif
c:\windows\SysWow64\images\toolbar\prev_over.gif
c:\windows\SysWow64\images\toolbar\Prevd.gif
c:\windows\SysWow64\images\toolbar\print.gif
c:\windows\SysWow64\images\toolbar\print_over.gif
c:\windows\SysWow64\images\toolbar\printd.gif
c:\windows\SysWow64\images\toolbar\Refresh.gif
c:\windows\SysWow64\images\toolbar\refresh_over.gif
c:\windows\SysWow64\images\toolbar\refreshd.gif
c:\windows\SysWow64\images\toolbar\Search.gif
c:\windows\SysWow64\images\toolbar\search_over.gif
c:\windows\SysWow64\images\toolbar\searchd.gif
c:\windows\SysWow64\images\toolbar\up.gif
c:\windows\SysWow64\images\toolbar\up_over.gif
c:\windows\SysWow64\images\toolbar\upd.gif
c:\windows\SysWow64\images\tree\begindots.gif
c:\windows\SysWow64\images\tree\beginminus.gif
c:\windows\SysWow64\images\tree\beginplus.gif
c:\windows\SysWow64\images\tree\blank.gif
c:\windows\SysWow64\images\tree\blankdots.gif
c:\windows\SysWow64\images\tree\dots.gif
c:\windows\SysWow64\images\tree\lastdots.gif
c:\windows\SysWow64\images\tree\lastminus.gif
c:\windows\SysWow64\images\tree\lastplus.gif
c:\windows\SysWow64\images\tree\Magnify.gif
c:\windows\SysWow64\images\tree\minus.gif
c:\windows\SysWow64\images\tree\minusbox.gif
c:\windows\SysWow64\images\tree\plus.gif
c:\windows\SysWow64\images\tree\plusbox.gif
c:\windows\SysWow64\images\tree\singleminus.gif
c:\windows\SysWow64\images\tree\singleplus.gif
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-06-26 bis 2013-07-26  ))))))))))))))))))))))))))))))
.
.
2013-07-26 20:47 . 2013-07-26 20:47	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-07-26 19:44 . 2013-07-02 08:34	9460976	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C0189277-E515-4FDB-BA43-D48E57967DFB}\mpengine.dll
2013-07-24 16:16 . 2013-07-02 08:34	9460976	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-17 12:57 . 2013-07-17 12:56	941720	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{418BEE06-5D30-4FAE-9E15-2918D9190BA5}\gapaengine.dll
2013-07-17 12:45 . 2013-07-17 12:47	--------	d-----w-	c:\program files (x86)\GUM3467.tmp
2013-07-14 13:46 . 2013-06-11 23:25	19238912	----a-w-	c:\windows\system32\mshtml.dll
2013-07-11 13:57 . 2013-05-27 05:50	1011712	----a-w-	c:\program files\Windows Defender\MpSvc.dll
2013-07-11 13:57 . 2013-05-27 05:50	571904	----a-w-	c:\program files\Windows Defender\MpClient.dll
2013-07-11 13:57 . 2013-05-27 05:50	314880	----a-w-	c:\program files\Windows Defender\MpCommu.dll
2013-07-11 13:57 . 2013-05-27 04:57	4608	----a-w-	c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-07-11 13:57 . 2013-05-27 04:57	54784	----a-w-	c:\program files (x86)\Windows Defender\MpOAV.dll
2013-07-11 13:57 . 2013-05-27 04:57	392704	----a-w-	c:\program files (x86)\Windows Defender\MpClient.dll
2013-07-11 13:57 . 2013-05-27 03:15	9216	----a-w-	c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-07-11 13:57 . 2013-06-04 06:00	624128	----a-w-	c:\windows\system32\qedit.dll
2013-07-11 13:57 . 2013-06-04 04:53	509440	----a-w-	c:\windows\SysWow64\qedit.dll
2013-07-11 13:57 . 2013-05-06 06:03	1887744	----a-w-	c:\windows\system32\WMVDECOD.DLL
2013-07-11 13:57 . 2013-05-06 04:56	1620480	----a-w-	c:\windows\SysWow64\WMVDECOD.DLL
2013-07-11 13:56 . 2013-06-05 03:34	3153920	----a-w-	c:\windows\system32\win32k.sys
2013-07-11 13:56 . 2013-04-10 05:48	1732608	----a-w-	c:\program files\Windows Journal\NBDoc.DLL
2013-07-11 13:56 . 2013-04-10 05:46	1402880	----a-w-	c:\program files\Windows Journal\JNWDRV.dll
2013-07-11 13:56 . 2013-04-10 05:46	1393152	----a-w-	c:\program files\Windows Journal\JNTFiltr.dll
2013-07-11 13:56 . 2013-04-10 05:46	1367040	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 13:56 . 2013-04-10 05:03	936448	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 13:56 . 2013-04-09 23:34	1247744	----a-w-	c:\windows\SysWow64\DWrite.dll
2013-07-11 13:56 . 2013-04-02 22:51	1643520	----a-w-	c:\windows\system32\DWrite.dll
2013-07-06 11:12 . 2013-07-06 11:12	--------	d-----w-	c:\users\Laptop\AppData\Roaming\MathWorks
2013-07-06 10:15 . 2013-07-06 10:15	--------	d-----w-	c:\program files\MATLAB
2013-06-28 15:10 . 2013-06-28 15:10	--------	d-----w-	c:\users\Laptop\restore
2013-06-28 15:05 . 2013-07-01 13:26	--------	d-----w-	c:\programdata\tmp
2013-06-28 15:05 . 2013-06-28 15:05	--------	d-----w-	c:\programdata\hps
2013-06-28 14:57 . 2013-06-28 14:57	--------	d-----w-	c:\program files (x86)\dm
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-18 17:49 . 2012-07-01 12:11	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-18 17:49 . 2012-07-01 12:11	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-14 13:50 . 2012-07-01 18:45	78185248	----a-w-	c:\windows\system32\MRT.exe
2013-06-22 09:50 . 2012-07-03 14:16	964552	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-06-19 14:28 . 2013-01-14 14:28	9089416	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-05-13 05:51 . 2013-06-17 06:38	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-17 06:38	1464320	----a-w-	c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-17 06:38	139776	----a-w-	c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-17 06:38	52224	----a-w-	c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-17 06:38	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-17 06:38	1160192	----a-w-	c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-17 06:38	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-17 06:38	1192448	----a-w-	c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-17 06:38	903168	----a-w-	c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-17 06:38	43008	----a-w-	c:\windows\SysWow64\certenc.dll
2013-05-10 05:49 . 2013-06-17 06:38	30720	----a-w-	c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-17 06:38	24576	----a-w-	c:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39 . 2013-06-17 06:38	1910632	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-05-02 15:29 . 2010-11-21 03:27	278800	------w-	c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dolby Advanced Audio v2"="c:\program files (x86)\Dolby Advanced Audio v2\pcee4.exe" [2011-06-01 506712]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2011-04-02 80840]
"TOSDCR"="c:\program files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe" [2007-08-28 169296]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2011-5-10 2750376]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-2 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe;c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]
S2 irstrtsv;Intel(R) Rapid Start Technology Service;c:\windows\system32\irstrtsv.exe;c:\windows\SYSNATIVE\irstrtsv.exe [x]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys;c:\windows\SYSNATIVE\DRIVERS\risdxc64.sys [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - AWLOAFOD
*Deregistered* - awloafod
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-14 13:44	1173456	----a-w-	c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-01 17:49]
.
2013-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-16 20:40]
.
2013-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-16 20:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-09 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-09 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-09 416024]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-09-10 12856936]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-06-01 1935120]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Toshiba Registration"="c:\program files\TOSHIBA\Registration\ToshibaReminder.exe" [2011-10-16 150992]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Citavi Picker... - file://c:\programdata\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Zu TOSHIBA Bulletin Board hinzufügen - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
TCP: DhcpNameServer = 192.168.2.10
TCP: Interfaces\{25252FCE-7DE2-4452-A90E-1CFDA2D2206E}: NameServer = 192.168.178.1
FF - ProfilePath - c:\users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\apm8f1pt.default\
FF - prefs.js: network.proxy.ftp - 176.34.71.158
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.http - 176.34.71.158
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 176.34.71.158
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 176.34.71.158
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-FDPRO-516 - c:\program files (x86)\Fighters\FighterLauncher.exe
Wow6432Node-HKCU-Run-Anheif - c:\users\Laptop\AppData\Roaming\Ytodop\anheif.exe
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-BatteryManager - c:\program files (x86)\TOSHIBA\Power Saver\TBatmgrTrayIcon.EXE
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-07-26  22:52:04
ComboFix-quarantined-files.txt  2013-07-26 20:52
.
Vor Suchlauf: 9 Verzeichnis(se), 27.280.240.640 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 28.294.316.032 Bytes frei
.
- - End Of File - - 0AB89DEBE7924A62750C434C823D7DA4
         
--- --- ---
D41D8CD98F00B204E9800998ECF8427E

Das war, was du noch haben wolltest oder?

Alt 26.07.2013, 21:58   #8
M-K-D-B
/// TB-Ausbilder
 
PWS:WIN32/Zbot.gen!AM - Standard

PWS:WIN32/Zbot.gen!AM



Servus,



sieht gut aus, ComboFix hat Zbot entfernt.


Wie läuft dein Rechner?




Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 26.07.2013, 22:09   #9
nah
 
PWS:WIN32/Zbot.gen!AM - Standard

PWS:WIN32/Zbot.gen!AM



FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2013 01
Ran by Laptop (administrator) on 26-07-2013 23:04:30
Running from C:\Users\Laptop\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TOSHIBA Corporation) C:\windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayicon.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
() C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtAvAC.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(Intel Corporation) C:\windows\system32\igfxext.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12856936 2011-09-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-17] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-04] (Synaptics Incorporated)
HKLM\...\Run: [IntelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-06-01] (Intel(R) Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [598448 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] - C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2011-10-16] (Toshiba Europe GmbH)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-09-22] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [981888 2011-08-03] (TOSHIBA Corporation)
HKLM\...\Run: [BatteryManager] - C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayIcon.EXE [285608 2011-09-23] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [ITSecMng] - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-02] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TOSDCR] - C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-28] ()
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [33648 2007-08-24] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKU\Default\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-21] (Microsoft Corporation)
HKU\Default\...\Run: [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\Default User\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-21] (Microsoft Corporation)
HKU\Default User\...\Run: [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
BHO-x32: SwissAcademic.Citavi.Picker.IEPicker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.10
Tcpip\..\Interfaces\{25252FCE-7DE2-4452-A90E-1CFDA2D2206E}: [NameServer]192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\apm8f1pt.default
FF NetworkProxy: "ftp", "176.34.71.158"
FF NetworkProxy: "ftp_port", 80
FF NetworkProxy: "http", "176.34.71.158"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "176.34.71.158"
FF NetworkProxy: "socks_port", 80
FF NetworkProxy: "ssl", "176.34.71.158"
FF NetworkProxy: "ssl_port", 80
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.6.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.6.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: stealthyextension - C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\apm8f1pt.default\Extensions\stealthyextension@gmail.com.xpi
FF Extension: No Name - C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\apm8f1pt.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

Chrome: 
=======
CHR HomePage: hxxp://hbmwww.da.hbm.com/
CHR RestoreOnStartup: "hxxp://www.google.de/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U20) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File

==================== Services (Whitelisted) =================

R2 irstrtsv; C:\Windows\SysWow64\irstrtsv.exe [184320 2011-07-07] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-08] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-06-01] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [36352 2010-08-20] ()
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)

==================== Drivers (Whitelisted) ====================

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-26 23:04 - 2013-07-26 23:04 - 00000000 ____D C:\FRST
2013-07-26 23:03 - 2013-07-26 23:03 - 01780233 _____ (Farbar) C:\Users\Laptop\Desktop\FRST64.exe
2013-07-26 22:52 - 2013-07-26 22:52 - 00024846 _____ C:\ComboFix.txt
2013-07-26 22:41 - 2013-07-26 22:52 - 00000000 ____D C:\ComboFix
2013-07-26 22:41 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe
2013-07-26 22:41 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe
2013-07-26 22:41 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2013-07-26 22:41 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2013-07-26 22:41 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2013-07-26 22:41 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe
2013-07-26 22:41 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe
2013-07-26 22:41 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe
2013-07-26 22:40 - 2013-07-26 22:52 - 00000000 ____D C:\Qoobox
2013-07-26 22:40 - 2013-07-26 22:50 - 00000000 ____D C:\windows\erdnt
2013-07-26 22:37 - 2013-07-26 22:37 - 05093969 ____R (Swearware) C:\Users\Laptop\Desktop\ComboFix.exe
2013-07-26 22:27 - 2013-07-26 22:27 - 00038996 _____ C:\Users\Laptop\Desktop\GMER.log
2013-07-26 22:20 - 2013-07-26 22:20 - 00377856 _____ C:\Users\Laptop\Desktop\gmer_2.1.19163.exe
2013-07-26 22:13 - 2013-07-26 22:13 - 00082934 _____ C:\Users\Laptop\Desktop\OTL.Txt
2013-07-26 22:13 - 2013-07-26 22:13 - 00075466 _____ C:\Users\Laptop\Downloads\Extras.Txt
2013-07-26 22:13 - 2013-07-26 22:13 - 00075466 _____ C:\Users\Laptop\Desktop\Extras.Txt
2013-07-26 22:12 - 2013-07-26 22:12 - 00082934 _____ C:\Users\Laptop\Downloads\OTL.Txt
2013-07-26 22:07 - 2013-07-26 22:07 - 00602112 _____ (OldTimer Tools) C:\Users\Laptop\Downloads\OTL.exe
2013-07-26 22:05 - 2013-07-26 22:06 - 00000474 _____ C:\Users\Laptop\Downloads\defogger_disable.log
2013-07-26 22:05 - 2013-07-26 22:05 - 00050477 _____ C:\Users\Laptop\Downloads\Defogger.exe
2013-07-26 22:05 - 2013-07-26 22:05 - 00000000 _____ C:\Users\Laptop\defogger_reenable
2013-07-26 21:47 - 2013-07-26 21:47 - 00001256 _____ C:\AdwCleaner[R3].txt
2013-07-26 21:42 - 2013-07-26 21:42 - 00001195 _____ C:\AdwCleaner[R2].txt
2013-07-26 21:40 - 2013-07-26 21:40 - 00004478 _____ C:\AdwCleaner[S2].txt
2013-07-26 21:39 - 2013-07-26 21:39 - 00004362 _____ C:\AdwCleaner[R1].txt
2013-07-26 21:39 - 2013-07-26 21:39 - 00000345 _____ C:\AdwCleaner[S1].txt
2013-07-26 21:38 - 2013-07-26 21:38 - 00666633 _____ C:\Users\Laptop\Downloads\adwcleaner06.exe
2013-07-26 21:06 - 2013-07-26 21:06 - 00200795 _____ C:\Users\Laptop\Downloads\firststeps-2013-07-26.zip
2013-07-26 20:25 - 2013-07-26 21:05 - 00006638 _____ C:\Users\Laptop\Downloads\runme.m
2013-07-26 20:24 - 2013-07-26 20:24 - 00001326 _____ C:\Users\Laptop\Downloads\bdrycond_getidx.m
2013-07-26 20:21 - 2013-07-26 20:21 - 00001336 _____ C:\Users\Laptop\Downloads\bdrycond_initialise.m
2013-07-18 19:54 - 2012-07-15 22:20 - 00000000 ____D C:\Users\Laptop\Desktop\fertige Folien
2013-07-17 14:45 - 2013-07-17 14:47 - 00000000 ____D C:\Program Files (x86)\GUM3467.tmp
2013-07-14 15:49 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-07-14 15:49 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-07-14 15:49 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-07-14 15:49 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-07-14 15:49 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-07-14 15:49 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-07-14 15:49 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-07-14 15:49 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-07-14 15:49 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-07-14 15:49 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-07-14 15:49 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-07-14 15:49 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-07-14 15:49 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-07-14 15:49 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-07-14 15:49 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-07-14 15:49 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-07-14 15:49 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-07-14 15:49 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-07-14 15:49 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-07-14 15:49 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-07-14 15:49 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-07-14 15:49 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-07-14 15:49 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-07-14 15:49 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-07-14 15:49 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-07-14 15:49 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-14 15:49 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-07-14 15:49 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-07-14 15:49 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-07-14 15:46 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-07-14 15:46 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-07-11 15:57 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2013-07-11 15:57 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2013-07-11 15:57 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-07-11 15:57 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2013-07-11 15:56 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-07-11 15:56 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2013-07-11 15:56 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2013-07-06 13:13 - 2013-07-26 21:09 - 00000000 ____D C:\Users\Laptop\Documents\MATLAB
2013-07-06 13:12 - 2013-07-06 13:12 - 00000000 ____D C:\Users\Laptop\AppData\Roaming\MathWorks
2013-07-06 12:35 - 2013-07-06 12:35 - 00001455 _____ C:\Users\Laptop\Downloads\fem_edgemass.m
2013-07-06 12:23 - 2013-07-06 12:23 - 00001366 _____ C:\Users\Laptop\Downloads\fem_curlcurl.m
2013-07-06 12:16 - 2013-07-06 12:16 - 00000886 _____ C:\Users\Laptop\Downloads\fem_curl.m
2013-07-06 12:15 - 2013-07-06 12:15 - 00000000 ____D C:\Program Files\MATLAB
2013-07-06 12:12 - 2013-07-06 12:12 - 00001395 _____ C:\Users\Laptop\Downloads\feh_divgrad.m
2013-07-04 19:32 - 2013-07-04 19:37 - 00000000 ____D C:\Users\Laptop\Desktop\MM_R2013a
2013-07-04 18:07 - 2013-07-04 19:14 - 00000000 ____D C:\Users\Laptop\Desktop\Hochzeit_Fotograf
2013-07-04 18:02 - 2013-07-04 18:03 - 00000000 ____D C:\Users\Laptop\Desktop\Hochzeit
2013-07-03 13:48 - 2013-07-06 10:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-28 17:10 - 2013-06-28 17:10 - 00000000 ____D C:\Users\Laptop\restore
2013-06-28 17:05 - 2013-07-01 15:26 - 00000000 ____D C:\ProgramData\tmp
2013-06-28 17:05 - 2013-06-28 17:05 - 00000000 ____D C:\ProgramData\hps
2013-06-28 16:57 - 2013-06-28 16:57 - 00000000 ____D C:\Program Files (x86)\dm

==================== One Month Modified Files and Folders =======

2013-07-26 23:04 - 2013-07-26 23:04 - 00000000 ____D C:\FRST
2013-07-26 23:03 - 2013-07-26 23:03 - 01780233 _____ (Farbar) C:\Users\Laptop\Desktop\FRST64.exe
2013-07-26 23:01 - 2011-10-16 22:40 - 00001120 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-26 23:01 - 2010-11-21 05:47 - 00023522 _____ C:\windows\PFRO.log
2013-07-26 23:01 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-07-26 23:01 - 2009-07-14 06:51 - 00076594 _____ C:\windows\setupact.log
2013-07-26 23:00 - 2012-03-23 07:59 - 01622658 _____ C:\windows\WindowsUpdate.log
2013-07-26 22:52 - 2013-07-26 22:52 - 00024846 _____ C:\ComboFix.txt
2013-07-26 22:52 - 2013-07-26 22:41 - 00000000 ____D C:\ComboFix
2013-07-26 22:52 - 2013-07-26 22:40 - 00000000 ____D C:\Qoobox
2013-07-26 22:50 - 2013-07-26 22:40 - 00000000 ____D C:\windows\erdnt
2013-07-26 22:50 - 2011-10-16 22:40 - 00001124 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-26 22:49 - 2009-07-14 04:34 - 00000215 _____ C:\windows\system.ini
2013-07-26 22:47 - 2012-07-01 12:09 - 00000000 ____D C:\Users\Laptop
2013-07-26 22:37 - 2013-07-26 22:37 - 05093969 ____R (Swearware) C:\Users\Laptop\Desktop\ComboFix.exe
2013-07-26 22:28 - 2012-11-05 13:52 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-07-26 22:27 - 2013-07-26 22:27 - 00038996 _____ C:\Users\Laptop\Desktop\GMER.log
2013-07-26 22:20 - 2013-07-26 22:20 - 00377856 _____ C:\Users\Laptop\Desktop\gmer_2.1.19163.exe
2013-07-26 22:13 - 2013-07-26 22:13 - 00082934 _____ C:\Users\Laptop\Desktop\OTL.Txt
2013-07-26 22:13 - 2013-07-26 22:13 - 00075466 _____ C:\Users\Laptop\Downloads\Extras.Txt
2013-07-26 22:13 - 2013-07-26 22:13 - 00075466 _____ C:\Users\Laptop\Desktop\Extras.Txt
2013-07-26 22:12 - 2013-07-26 22:12 - 00082934 _____ C:\Users\Laptop\Downloads\OTL.Txt
2013-07-26 22:07 - 2013-07-26 22:07 - 00602112 _____ (OldTimer Tools) C:\Users\Laptop\Downloads\OTL.exe
2013-07-26 22:06 - 2013-07-26 22:05 - 00000474 _____ C:\Users\Laptop\Downloads\defogger_disable.log
2013-07-26 22:05 - 2013-07-26 22:05 - 00050477 _____ C:\Users\Laptop\Downloads\Defogger.exe
2013-07-26 22:05 - 2013-07-26 22:05 - 00000000 _____ C:\Users\Laptop\defogger_reenable
2013-07-26 21:49 - 2009-07-14 06:45 - 00024400 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-26 21:49 - 2009-07-14 06:45 - 00024400 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-26 21:47 - 2013-07-26 21:47 - 00001256 _____ C:\AdwCleaner[R3].txt
2013-07-26 21:47 - 2011-02-11 10:21 - 00714918 _____ C:\windows\system32\perfh007.dat
2013-07-26 21:47 - 2011-02-11 10:21 - 00154934 _____ C:\windows\system32\perfc007.dat
2013-07-26 21:47 - 2009-07-14 07:13 - 01655186 _____ C:\windows\system32\PerfStringBackup.INI
2013-07-26 21:42 - 2013-07-26 21:42 - 00001195 _____ C:\AdwCleaner[R2].txt
2013-07-26 21:40 - 2013-07-26 21:40 - 00004478 _____ C:\AdwCleaner[S2].txt
2013-07-26 21:39 - 2013-07-26 21:39 - 00004362 _____ C:\AdwCleaner[R1].txt
2013-07-26 21:39 - 2013-07-26 21:39 - 00000345 _____ C:\AdwCleaner[S1].txt
2013-07-26 21:38 - 2013-07-26 21:38 - 00666633 _____ C:\Users\Laptop\Downloads\adwcleaner06.exe
2013-07-26 21:27 - 2012-11-20 11:47 - 00000000 ____D C:\Users\Laptop\AppData\Local\TSVNCache
2013-07-26 21:09 - 2013-07-06 13:13 - 00000000 ____D C:\Users\Laptop\Documents\MATLAB
2013-07-26 21:06 - 2013-07-26 21:06 - 00200795 _____ C:\Users\Laptop\Downloads\firststeps-2013-07-26.zip
2013-07-26 21:06 - 2012-10-23 22:31 - 00000000 ____D C:\Users\Laptop\Documents\Niko
2013-07-26 21:05 - 2013-07-26 20:25 - 00006638 _____ C:\Users\Laptop\Downloads\runme.m
2013-07-26 20:24 - 2013-07-26 20:24 - 00001326 _____ C:\Users\Laptop\Downloads\bdrycond_getidx.m
2013-07-26 20:21 - 2013-07-26 20:21 - 00001336 _____ C:\Users\Laptop\Downloads\bdrycond_initialise.m
2013-07-18 19:51 - 2012-07-01 13:35 - 00000000 ____D C:\Users\Laptop\AppData\Local\Adobe
2013-07-18 19:49 - 2012-11-05 13:52 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-07-18 19:49 - 2012-07-01 14:11 - 00692104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-07-18 19:49 - 2012-07-01 14:11 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-17 14:47 - 2013-07-17 14:45 - 00000000 ____D C:\Program Files (x86)\GUM3467.tmp
2013-07-17 14:45 - 2011-10-16 22:40 - 00004120 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-17 14:45 - 2011-10-16 22:40 - 00003868 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-14 15:59 - 2013-03-13 23:35 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-14 15:59 - 2013-03-13 23:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-14 15:59 - 2009-07-14 06:45 - 00416448 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-14 15:57 - 2010-11-21 09:17 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-14 15:57 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-14 15:57 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-14 15:50 - 2012-07-01 20:45 - 78185248 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-07-14 15:50 - 2012-07-01 16:39 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-09 16:25 - 2012-11-04 21:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-06 13:12 - 2013-07-06 13:12 - 00000000 ____D C:\Users\Laptop\AppData\Roaming\MathWorks
2013-07-06 12:35 - 2013-07-06 12:35 - 00001455 _____ C:\Users\Laptop\Downloads\fem_edgemass.m
2013-07-06 12:23 - 2013-07-06 12:23 - 00001366 _____ C:\Users\Laptop\Downloads\fem_curlcurl.m
2013-07-06 12:16 - 2013-07-06 12:16 - 00000886 _____ C:\Users\Laptop\Downloads\fem_curl.m
2013-07-06 12:15 - 2013-07-06 12:15 - 00000000 ____D C:\Program Files\MATLAB
2013-07-06 12:12 - 2013-07-06 12:12 - 00001395 _____ C:\Users\Laptop\Downloads\feh_divgrad.m
2013-07-06 10:55 - 2013-07-03 13:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-04 19:37 - 2013-07-04 19:32 - 00000000 ____D C:\Users\Laptop\Desktop\MM_R2013a
2013-07-04 19:14 - 2013-07-04 18:07 - 00000000 ____D C:\Users\Laptop\Desktop\Hochzeit_Fotograf
2013-07-04 18:03 - 2013-07-04 18:02 - 00000000 ____D C:\Users\Laptop\Desktop\Hochzeit
2013-07-03 13:02 - 2012-10-29 11:53 - 00000000 ____D C:\Users\Laptop\Documents\Visual Studio 2008
2013-07-01 15:26 - 2013-06-28 17:05 - 00000000 ____D C:\ProgramData\tmp
2013-07-01 12:18 - 2013-03-25 11:25 - 00000000 ____D C:\Users\Laptop\AppData\Local\Paint.NET
2013-06-28 17:10 - 2013-06-28 17:10 - 00000000 ____D C:\Users\Laptop\restore
2013-06-28 17:05 - 2013-06-28 17:05 - 00000000 ____D C:\ProgramData\hps
2013-06-28 16:57 - 2013-06-28 16:57 - 00000000 ____D C:\Program Files (x86)\dm

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-06 21:26

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---


FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-07-2013 01
Ran by Laptop at 2013-07-26 23:05:07
Running from C:\Users\Laptop\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
2007 Microsoft Office Suite Service Pack 1 (SP1) (x32)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader X (10.1.7) MUI (x32 Version: 10.1.7)
Bluetooth Stack for Windows by Toshiba (Version: v8.00.13(T))
Citavi (x32 Version: 3.2.0.0)
CMake 2.8, a cross-platform, open-source build system (x32 Version: 2.8.10.1)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2)
Crystal Reports Basic for Visual Studio 2008 (x32 Version: 10.5.0.0)
Crystal Reports Basic German Language Pack for Visual Studio 2008 (x32 Version: 10.5.0.0)
Crystal Reports Basic Runtime for Visual Studio 2008 (x64) (Version: 10.5.0.0)
Crystal Reports Basic Runtime German Language Pack for Visual Studio 2008 (x64) (Version: 10.5.0.0)
Dolby Advanced Audio v2 (x32 Version: 7.2.7000.7)
EPSON BX525WD Series Handbuch (x32)
EPSON BX525WD Series Netzwerk-Handbuch (x32)
EPSON Scan (x32)
EpsonNet Print (x32 Version: 2.5.00)
EpsonNet Setup 3.3 (x32 Version: 3.3b)
GIMP 2.8.2 (Version: 2.8.2)
Google Chrome (x32 Version: 28.0.1500.72)
Google Update Helper (x32 Version: 1.3.21.153)
GPL Ghostscript (Version: 9.06)
Hotfix für Microsoft Visual Studio 2008 Professional Edition - DEU (KBKB971091) (x32 Version: 1)
Hotfix für Microsoft Visual Studio 2008 Professional Edition - DEU (KBKB973674) (x32 Version: 1)
Intel PROSet Wireless
Intel PROSet Wireless (x32)
Intel(R) Identity Protection Technology 1.2.18.0 (x32 Version: 1.2.18.0)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144)
Intel(R) Network Connections Drivers (Version: 16.5)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2509)
Intel(R) PROSet/Wireless WiFi Software (Version: 14.01.1000)
Intel(R) Rapid Start Technology (x32 Version: 1.0.0.1008)
Intel(R) Rapid Storage Technology (x32 Version: 10.1.2.1004)
Intel(R) WiDi (x32 Version: 2.1.41.0)
Intel(R) Wireless Display
Java 7 Update 6 (64-bit) (Version: 7.0.60)
Java Auto Updater (x32 Version: 2.0.2.1)
Java(TM) 6 Update 20 (x32 Version: 6.0.200)
MATLAB R2013a (Version: 8.1)
Microsoft .NET Compact Framework 2.0 SP2 (x32 Version: 2.0.7045)
Microsoft .NET Compact Framework 3.5 (x32 Version: 3.5.7283)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Device Emulator (64 Bit) Version 3.0 - DEU (Version: 9.0.21022)
Microsoft Document Explorer 2008 (x32 Version: 9.0.21022)
Microsoft Document Explorer 2008 (x32)
Microsoft Document Explorer 2008 Language Pack - DEU (x32 Version: 9.0.21022)
Microsoft Document Explorer 2008 Language Pack - DEU (x32)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6215.1000)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6215.1000)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6215.1000)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6215.1000)
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6215.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6215.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6215.1000)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6215.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6215.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6213.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6213.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6213.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6213.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6215.1000)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6215.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6215.1000)
Microsoft Office Visual Web Developer 2007 (x32 Version: 12.0.4518.1066)
Microsoft Office Visual Web Developer MUI (German) 2007 (x32 Version: 12.0.4518.1066)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6215.1000)
Microsoft Primary Interoperability Assemblies 2005 (x32 Version: 9.0.21022)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (x32 Version: 12.0.4518.1014)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 (x32)
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) (x32 Version: 9.4.5000.00)
Microsoft SQL Server Compact 3.5 Design Tools DEU (x32 Version: 3.5.5386.0)
Microsoft SQL Server Compact 3.5 DEU (x32 Version: 3.5.5386.0)
Microsoft SQL Server Compact 3.5 for Devices DEU (x32 Version: 3.5.5386.0)
Microsoft SQL Server Database Publishing Wizard 1.2 (x32 Version: 1.2.0.0)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0)
Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack (x32 Version: 8.0.50727.42)
Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack (x32)
Microsoft Visual Studio 2008 Professional Edition - DEU (x32 Version: 9.0.21022)
Microsoft Visual Studio 2008 Professional Edition - DEU (x32)
Microsoft Visual Studio 2008 Remote Debugger - DEU
Microsoft Visual Studio 2008 Remote Debugger - DEU (Version: 9.0.21022)
Microsoft Visual Studio Web Authoring Component (x32 Version: 12.0.4518.1066)
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools (Version: 3.5.21022)
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (Version: 6.1.5288.17011)
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense (Version: 6.1.5288.17011)
Microsoft Windows SDK for Visual Studio 2008 Tools (Version: 6.1.5288.17011)
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools (Version: 6.1.5288.17011)
Mozilla Firefox 22.0 (x86 en-US) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
ON BX525WD Series Printer Uninstall
OpenVPN 2.1.3 (x32 Version: 2.1.3)
Paint.NET v3.5.10 (Version: 3.60.0)
PDF Blender (x32)
PDFCreator (x32 Version: 1.2.0)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PsychoPy2 1.74.01 (x32 Version: 1.74.01)
Qt OpenSource 4.8.3 (x32 Version: 4.8.3)
Qt Visual Studio Add-in 1.1.11 (x32 Version: 1.1.11)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6458)
RedMon - Redirection Port Monitor
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.28.0)
RICOH Media Driver v2.15.17.02 (x32 Version: 2.15.17.02)
Secure Download Manager (x32 Version: 3.1.0)
Skype™ 6.0 (x32 Version: 6.0.120)
Synaptics Pointing Device Driver (Version: 15.2.11.1)
Tools für Microsoft SQL Server 2005 Express Edition (x32 Version: 9.4.5000.00)
TOSHIBA Assist (x32 Version: 4.2.3.0)
TOSHIBA Bulletin Board (Version: 2.1.17.64)
TOSHIBA Bulletin Board (x32 Version: 2.1.17.64)
TOSHIBA ConfigFree (x32 Version: 8.0.42)
TOSHIBA eco Utility (Version: 1.3.7.64)
TOSHIBA Face Recognition (Version: 3.1.18.64)
TOSHIBA Face Recognition (x32 Version: 3.1.18.64)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.9)
Toshiba Manuals (x32 Version: 10.03)
TOSHIBA Media Controller (x32 Version: 1.0.87.4)
TOSHIBA Media Controller Plug-in (x32 Version: 1.0.7.6)
TOSHIBA Online Product Information (x32 Version: 4.01.0000)
TOSHIBA PC Health Monitor (Version: 1.7.11.64)
TOSHIBA Places Icon Utility (x32 Version: 1.0.2.4)
TOSHIBA Recovery Media Creator (x32 Version: 2.1.5.5109a)
TOSHIBA Recovery Media Creator Reminder (x32 Version: 1.00.0019)
TOSHIBA ReelTime (Version: 1.7.21.64)
TOSHIBA ReelTime (x32 Version: 1.7.21.64)
TOSHIBA Resolution+ Plug-in for Windows Media Player (x32 Version: 1.1.2003)
TOSHIBA Security Assist (x32 Version: 2.0.9)
TOSHIBA Service Station (x32 Version: 2.2.13)
TOSHIBA Sleep Utility (x32 Version: 1.4.2.9)
TOSHIBA TEMPRO (x32 Version: 3.35)
TOSHIBA Value Added Package (Version: 1.6.9.64)
TOSHIBA Value Added Package (x32 Version: 1.6.9.64)
TOSHIBA Web Camera Application (x32 Version: 2.0.3.29)
TOSHIBA Wireless Display Monitor (x32 Version: 1.0.1)
TOSHIBA Wireless LAN Indicator (x32 Version: 1.0.5)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (x32 Version: 9.00.5000.00)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office 2007 System (KB2539530) (x32)
Update for Microsoft Office OneNote 2007 (KB980729) (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
Update für Microsoft Visual Studio 2008 Professional Edition - DEU (KBKB972221) (x32 Version: 1)
Update Installer for WildTangent Games App (x32)
VC Runtimes MSI (x32 Version: 9.0.21022)
VirtualCloneDrive (x32)
Visual Studio .NET Prerequisites - English (Version: 9.0.21022)
Visual Studio 2005 Tools for Office Second Edition Runtime (x32)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.21022)
Visual Studio Tools for the Office system 3.0 Runtime (x32)
Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU (x32 Version: 9.0.21022)
Visual Studio-Tools für Office System 3.0 Runtime Language Pack - DEU (x32)
VLC media player 2.0.2 (x32 Version: 2.0.2)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Mobile 5.0 SDK R2 for Pocket PC (x32 Version: 5.00.1700.5.14343.06)
Windows Mobile 5.0 SDK R2 for Smartphone (x32 Version: 5.00.1700.5.14343.06)
WinRAR 4.20 (64-Bit) (Version: 4.20.0)

==================== Restore Points  =========================

10-07-2013 12:12:09 Windows Update
14-07-2013 13:37:41 Windows Update
18-07-2013 16:35:42 Windows Update
22-07-2013 15:17:20 Windows Update
26-07-2013 06:33:06 Windows Update
26-07-2013 18:31:23 Removed TortoiseSVN 1.7.10.23359 (64 bit)

==================== Hosts content: ==========================

2009-07-14 04:34 - 2013-07-26 22:49 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {3E26DDD4-10B2-477D-8DAF-C596994ACE8C} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation)
Task: {745C277F-33CE-4B9F-A6A7-17EE2D81F6B3} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-18] (Adobe Systems Incorporated)
Task: {7F608F99-39E5-452C-B0CF-DAF3CB6ACFC7} - System32\Tasks\TOSHIBA Wireless Display Monitor => C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe [2010-12-26] (TOSHIBA CORPORATION)
Task: {853D637D-E431-407D-8194-77A79D590DDD} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {B6FB86D0-F13C-4077-ABA9-DE2C53B55D46} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-16] (Google Inc.)
Task: {B8DDAD38-C251-44DC-AB7F-E24E34382C65} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-01-27] (Microsoft Corporation)
Task: {F41FA04C-6737-46E5-940B-375FEA1E3A98} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-16] (Google Inc.)
Task: {F7C7175B-A942-4008-B8BA-354F1ED183DC} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2011-06-16] (TOSHIBA CORPORATION)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/26/2013 11:01:51 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/26/2013 10:39:21 PM) (Source: Application Hang) (User: )
Description: Programm firefox.exe, Version 22.0.0.4917 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 148

Startzeit: 01ce8a3896a29e80

Endzeit: 47

Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID: 6ec3ac95-f633-11e2-aa4e-e8e0b7a49e57

Error: (07/26/2013 09:42:11 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/26/2013 09:28:40 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/26/2013 06:34:40 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/26/2013 06:18:07 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/26/2013 05:48:15 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/26/2013 08:21:09 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/25/2013 04:24:58 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/25/2013 01:31:10 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (07/26/2013 11:01:15 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst Microsoft Antimalware Service konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.

Error: (07/26/2013 11:01:11 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (07/26/2013 10:59:07 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%31

Error: (07/26/2013 10:49:43 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (07/26/2013 10:46:53 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (07/26/2013 10:44:58 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (07/26/2013 06:34:06 PM) (Source: Microsoft Antimalware) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.155.831.0

	Aktualisierungsquelle: %NT-AUTORITÄT59

	Aktualisierungsphase: 4.2.0223.00

	Quellpfad: 4.2.0223.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\SYSTEM

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (07/26/2013 06:34:06 PM) (Source: Microsoft Antimalware) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.155.831.0

	Aktualisierungsquelle: %NT-AUTORITÄT59

	Aktualisierungsphase: 4.2.0223.00

	Quellpfad: 4.2.0223.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\SYSTEM

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (07/24/2013 06:05:10 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎23.‎07.‎2013 um 12:30:35 unerwartet heruntergefahren.

Error: (07/22/2013 05:06:33 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎18.‎07.‎2013 um 20:33:56 unerwartet heruntergefahren.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-07-26 22:46:53.334
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-07-26 22:46:53.287
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 54%
Total physical RAM: 3996.55 MB
Available physical RAM: 1820.4 MB
Total Pagefile: 7991.28 MB
Available Pagefile: 5722.66 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (TI30818500C) (Fixed) (Total:96.84 GB) (Free:26.27 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 119 GB) (Disk ID: 1648E22D)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=97 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=8 GB) - (Type=84)
Partition 4: (Not Active) - (Size=13 GB) - (Type=17)

==================== End Of Log ============================
         
--- --- ---

Hey,
nach einem Neustart gerade hat Essentials noch nicht wieder run gemeckert.
Sieht wohl gut aus..

Was sagst du?
Grüße

Alt 26.07.2013, 22:11   #10
M-K-D-B
/// TB-Ausbilder
 
PWS:WIN32/Zbot.gen!AM - Standard

PWS:WIN32/Zbot.gen!AM



Servus,


wir entfernen die letzten Reste und kontrollieren nochmal alles:


Schritt 1

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread





Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.






Schritt 3

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset






Schritt 4
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von OTL,
  • die Logdatei von MBAM,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 29.07.2013, 21:15   #11
M-K-D-B
/// TB-Ausbilder
 
PWS:WIN32/Zbot.gen!AM - Standard

PWS:WIN32/Zbot.gen!AM



Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen!
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Antwort

Themen zu PWS:WIN32/Zbot.gen!AM
arten, datei, entferne, entfernen, heute, hilfe, immerwieder, neustarten, poste, pws:win32/zbot.gen!am, win, win32/zbot.gen!am



Ähnliche Themen: PWS:WIN32/Zbot.gen!AM


  1. Nach PWS:WIN32/Zbot.gen!Am jetzt PWS:WIN32/Zbot.AJB - wie werde ich diesen los
    Log-Analyse und Auswertung - 16.08.2013 (10)
  2. PWS:WIN32/Zbot.gen!AM
    Plagegeister aller Art und deren Bekämpfung - 06.08.2013 (15)
  3. Win32.ZBot (und...?)
    Log-Analyse und Auswertung - 31.05.2013 (15)
  4. PWS:Win32/Zbot.gen!AJ die x.
    Plagegeister aller Art und deren Bekämpfung - 01.05.2013 (25)
  5. PWS:WIn32/ZBOT.gen!AJ von MSE erkannt
    Log-Analyse und Auswertung - 19.04.2013 (8)
  6. PWS:Win32/Zbot.gen!AJ
    Plagegeister aller Art und deren Bekämpfung - 30.03.2013 (9)
  7. PWS:win32/zbot
    Plagegeister aller Art und deren Bekämpfung - 13.03.2013 (25)
  8. PWS:Win32/Zbot
    Plagegeister aller Art und deren Bekämpfung - 07.10.2012 (24)
  9. PWS:Win32/Zbot.gen!Y
    Log-Analyse und Auswertung - 12.01.2012 (9)
  10. Win32/Zbot.gen!Y
    Plagegeister aller Art und deren Bekämpfung - 27.06.2011 (19)
  11. MSPAPING.DLL + win32/zbot.gen!Y + Win32/Skintrim.c
    Plagegeister aller Art und deren Bekämpfung - 16.11.2010 (23)
  12. Probleme mit Scareware (Win32/Cryptor) und Trojanern (Win32/ZBot)
    Plagegeister aller Art und deren Bekämpfung - 15.08.2010 (3)
  13. Win32\Zbot.A
    Plagegeister aller Art und deren Bekämpfung - 05.08.2010 (9)
  14. Trojan-Spy.Win32.Zbot
    Log-Analyse und Auswertung - 24.01.2010 (1)
  15. Win32.Zbot
    Log-Analyse und Auswertung - 28.12.2009 (3)
  16. Win32.ZBOT
    Plagegeister aller Art und deren Bekämpfung - 19.12.2009 (12)
  17. Probleme mit Trojaner WIN32.delf -MGZ & Win32.zbot -MKK
    Plagegeister aller Art und deren Bekämpfung - 03.12.2009 (5)

Zum Thema PWS:WIN32/Zbot.gen!AM - Hallo allerseits, Essentials zeigt mir seit heute diese Datei an. Nach dem Entfernen + Neustarten ist sie jedoch immerwieder da. Wäre froh um jede Hilfe! Werde gleich die Logs posten.. - PWS:WIN32/Zbot.gen!AM...
Archiv
Du betrachtest: PWS:WIN32/Zbot.gen!AM auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.