Dosferatu | 17.03.2013 22:26 | Hier mal der Log von Gmer: Code:
GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-17 22:12:15
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 FUJITSU_ rev.0040 298.09GB
Running: zx8t8m44.exe; Driver: C:\DOKUME~1\****\LOKALE~1\Temp\fwdiqpod.sys
---- System - GMER 2.1 ----
SSDT \??\C:\Programme\Norman\Ngs\Bin\nprosec.sys (Process Security Driver/Norman ASA) ZwCreateFile [0xA869E3C4]
SSDT \??\C:\Programme\Norman\Ngs\Bin\nprosec.sys (Process Security Driver/Norman ASA) ZwCreateProcess [0xA869CF7C]
SSDT \??\C:\Programme\Norman\Ngs\Bin\nprosec.sys (Process Security Driver/Norman ASA) ZwCreateProcessEx [0xA869CFAC]
SSDT \??\C:\Programme\Norman\Ngs\Bin\nprosec.sys (Process Security Driver/Norman ASA) ZwCreateThread [0xA869CFDC]
SSDT \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys ZwOpenProcess [0xA6866C4C]
SSDT \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys ZwOpenThread [0xA6866D3C]
SSDT \??\C:\Programme\Norman\Ngs\Bin\nprosec.sys (Process Security Driver/Norman ASA) ZwSetSystemInformation [0xA869E51C]
SSDT \??\C:\Programme\Norman\Ngs\Bin\nprosec.sys (Process Security Driver/Norman ASA) ZwTerminateProcess [0xA869DD0A]
SSDT \??\C:\Programme\Norman\Ngs\Bin\nprosec.sys (Process Security Driver/Norman ASA) ZwWriteVirtualMemory [0xA869DF60]
Code \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys KeInsertQueueApc
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!KeInsertQueueApc 804FC4E6 5 Bytes JMP A6869050 \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
.text C:\WINDOWS\system32\drivers\tos_sps32.sys section is writeable [0xB9CC1480, 0x3C939, 0xE8000020]
.dsrt C:\WINDOWS\system32\drivers\tos_sps32.sys unknown last section [0xB9D02900, 0x3CA, 0x48000040]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[1188] ntdll.dll!DbgBreakPoint 7C91120E 1 Byte [90]
.text C:\WINDOWS\system32\SearchIndexer.exe[3008] kernel32.dll!WriteFile 7C8112FF 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
---- Devices - GMER 2.1 ----
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Udfs.SYS (UDF File System Driver/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip tdi_nf.sys (Firewall TDIL driver/Norman ASA)
Device \Driver\iaStor \Device\Dev_ffffffff8ac8a030 8533079A
AttachedDevice \Driver\Tcpip \Device\Tcp tdi_nf.sys (Firewall TDIL driver/Norman ASA)
AttachedDevice \Driver\Tcpip \Device\Udp tdi_nf.sys (Firewall TDIL driver/Norman ASA)
AttachedDevice \Driver\Tcpip \Device\RawIp tdi_nf.sys (Firewall TDIL driver/Norman ASA)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
---- Modules - GMER 2.1 ----
Module (noname) (*** hidden *** ) 852F0000-853BE000 (843776 bytes)
---- Threads - GMER 2.1 ----
Thread System [4:2080] 853339F2
---- EOF - GMER 2.1 ---- Der Log von OLT folgt
Und hier noch die OTL Logs:
OTL: Code:
OTL logfile created on: 18.03.2013 08:23:27 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
2.87 Gb Total Physical Memory | 2.14 Gb Available Physical Memory | 74.70% Memory free
5.64 Gb Paging File | 5.05 Gb Available in Paging File | 89.59% Paging File free
Paging file location(s): C:\pagefile.sys 3000 4000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 298.09 Gb Total Space | 209.11 Gb Free Space | 70.15% Space Free | Partition Type: NTFS
Computer Name: LAPWOLFGANG | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.03.17 20:13:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
PRC - [2013.02.04 11:20:31 | 000,350,560 | ---- | M] (Norman ASA) -- C:\Programme\Norman\Npm\Bin\zlh.exe
PRC - [2013.01.20 20:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe
PRC - [2012.12.03 08:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
PRC - [2012.09.18 04:15:02 | 000,041,352 | ---- | M] (Mindjet) -- C:\Programme\Mindjet\MindManager 11\MmReminderService.exe
PRC - [2012.06.28 12:08:14 | 000,287,312 | ---- | M] (Norman ASA) -- C:\Programme\Norman\nvc\bin\nvcoas.exe
PRC - [2012.06.26 10:08:46 | 000,288,104 | ---- | M] (Norman ASA) -- C:\Programme\Norman\Nse\Bin\nsesvc.exe
PRC - [2012.05.14 14:11:20 | 000,356,904 | ---- | M] (Norman ASA) -- C:\Programme\Norman\Npf\Bin\npfsvc32.exe
PRC - [2012.05.10 09:17:05 | 000,793,520 | ---- | M] () -- C:\Programme\Norman\nvc\bin\nhs.exe
PRC - [2012.02.13 16:01:55 | 000,431,320 | ---- | M] (Norman ASA) -- C:\Programme\Norman\Npm\Bin\zanda.exe
PRC - [2012.02.03 10:13:36 | 000,116,056 | ---- | M] () -- C:\Programme\Norman\Npm\Bin\njeeves.exe
PRC - [2012.01.18 13:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2011.11.14 10:27:02 | 000,231,216 | ---- | M] (Norman ASA) -- C:\Programme\Norman\Ngs\Bin\nnf.exe
PRC - [2011.10.24 10:59:21 | 000,076,232 | ---- | M] (Norman ASA) -- C:\Programme\Norman\Npm\Bin\elogsvc.exe
PRC - [2011.10.19 12:07:18 | 000,100,936 | ---- | M] (Norman ASA) -- C:\Programme\Norman\Npm\Bin\nvoy.exe
PRC - [2011.09.30 14:32:08 | 000,090,144 | ---- | M] (Norman ASA) -- C:\Programme\Norman\Ngs\Bin\nprosec.exe
PRC - [2011.04.11 13:42:33 | 000,084,392 | ---- | M] () -- C:\Programme\Norman\Npc\Bin\nuaa.exe
PRC - [2011.04.11 13:34:34 | 000,074,592 | ---- | M] (Norman ASA) -- C:\Programme\Norman\nvc\bin\cclaw.exe
PRC - [2011.04.11 10:38:22 | 000,099,312 | ---- | M] (Norman ASA) -- C:\Programme\Norman\Npm\Bin\scheduler.exe
PRC - [2008.09.03 15:20:14 | 003,152,384 | ---- | M] (Arachnoid Biometrics Identification Group) -- C:\Programme\TrueSuite Access Manager\PwdBank.exe
PRC - [2008.09.03 12:47:00 | 000,712,704 | ---- | M] (AuthenTec, Inc) -- C:\Programme\TrueSuite Access Manager\FpNotifier.exe
PRC - [2008.09.03 12:47:00 | 000,131,072 | ---- | M] (AuthenTec,Inc) -- C:\WINDOWS\system32\FpLogonServ.exe
PRC - [2008.09.02 06:06:00 | 000,049,152 | ---- | M] (AuthenTec Inc.) -- C:\WINDOWS\system32\TAMSvr.exe
PRC - [2008.07.25 14:41:56 | 000,094,208 | ---- | M] () -- C:\Programme\TrueSuite Access Manager\usbnotify.exe
PRC - [2008.06.10 08:35:50 | 000,872,448 | ---- | M] (Sage Schweiz AG) -- C:\CashMan\CashMan Salary\Prog\LiveUpdTray.exe
PRC - [2008.06.10 08:35:40 | 000,172,032 | ---- | M] (Sage Schweiz AG) -- C:\CashMan\CashMan Salary\Prog\LiveUpdService.exe
PRC - [2008.06.04 16:06:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008.05.27 12:12:44 | 000,451,944 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\TPHM\TPCHWMsg.exe
PRC - [2008.05.27 12:12:18 | 000,628,072 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\TPHM\TPCHSrv.exe
PRC - [2008.05.19 11:01:38 | 000,086,016 | ---- | M] (TOSHIBA) -- C:\Programme\Toshiba\TME3\TMERzCtl.exe
PRC - [2008.05.08 09:11:58 | 004,787,712 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
PRC - [2008.05.05 14:19:16 | 000,552,312 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\ThpSrv.exe
PRC - [2008.04.29 09:33:28 | 000,417,792 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2008.04.23 13:23:48 | 000,147,456 | ---- | M] (Sage Schweiz AG) -- C:\CashMan\CashMan Salary\Servers\LicMon.exe
PRC - [2008.04.23 13:23:36 | 000,090,112 | ---- | M] (Sage Schweiz AG) -- C:\CashMan\CashMan Salary\Security\SvcCtrl.exe
PRC - [2008.04.23 13:21:42 | 000,212,992 | ---- | M] (Sage Schweiz AG) -- C:\CashMan\CashMan Salary\Security\SPISLMGR.exe
PRC - [2008.04.23 13:21:26 | 000,274,432 | ---- | M] (Sage Schweiz AG) -- C:\CashMan\CashMan Salary\Servers\LicSrv.exe
PRC - [2008.04.22 10:44:00 | 000,648,520 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2008.04.18 18:27:40 | 000,288,072 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2008.04.14 22:05:40 | 002,979,144 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.04.11 10:57:14 | 000,124,264 | ---- | M] (TOSHIBA CORPORATION) -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2008.03.31 18:08:50 | 000,083,272 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2008.03.27 08:19:44 | 000,446,464 | ---- | M] (Sage Schweiz AG) -- C:\CashMan\CashMan Salary\Servers\UsrMgmS.exe
PRC - [2008.01.16 08:28:20 | 000,262,144 | ---- | M] (Anoto AB) -- C:\Programme\C-CHANNEL\PayPen\PayPen.exe
PRC - [2008.01.15 09:28:14 | 000,049,152 | ---- | M] () -- C:\Programme\C-CHANNEL\PayPen\CPenOCR.exe
PRC - [2008.01.15 09:23:56 | 000,184,320 | ---- | M] (Anoto AB) -- C:\Programme\C-CHANNEL\PayPen\CPenDesk.exe
PRC - [2007.11.21 16:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe
PRC - [2007.11.21 09:27:28 | 000,040,960 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2007.10.05 09:08:10 | 000,172,032 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
PRC - [2007.09.28 15:03:46 | 000,075,136 | ---- | M] ( TOSHIBA CORPORATION) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
PRC - [2007.05.11 11:02:12 | 000,143,360 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe
PRC - [2007.04.26 10:49:34 | 000,495,616 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\TOSHIBA Direct Disc Writer\DDWMon.exe
PRC - [2006.08.11 06:57:00 | 000,253,952 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\00THotkey.exe
PRC - [2006.08.09 18:48:08 | 000,344,144 | ---- | M] (TOSHIBA) -- C:\Programme\Toshiba\TAudEffect\TAudEff.exe
PRC - [2006.05.19 11:13:00 | 000,798,720 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\ConfigFree\CFSServ.exe
PRC - [2006.04.10 18:14:52 | 000,622,592 | ---- | M] (TOSHIBA Corp.) -- C:\WINDOWS\system32\TFNF5.exe
PRC - [2006.03.16 12:58:00 | 000,974,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\ConfigFree\NDSTray.exe
PRC - [2006.01.19 19:51:20 | 000,118,784 | ---- | M] (TOSHIBA) -- C:\Programme\Toshiba\TME3\TMESRV31.exe
PRC - [2006.01.13 11:01:28 | 000,184,320 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\TOSHIBA Controls\TFncKy.exe
PRC - [2005.08.08 14:11:26 | 000,155,648 | ---- | M] (TOSHIBA) -- C:\Programme\Toshiba\DualPointUtility\TEDTray.exe
PRC - [2005.04.12 09:05:26 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2005.01.17 15:38:00 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2004.12.28 16:37:40 | 000,077,824 | ---- | M] (TOSHIBA) -- C:\Programme\Toshiba\TME3\TMEEJME.exe
========== Modules (No Company Name) ==========
MOD - [2013.01.10 19:23:37 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_cb2d6a3a\mscorlib.dll
MOD - [2013.01.10 19:23:35 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_72016284\system.drawing.dll
MOD - [2013.01.10 19:23:17 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_6a66b188\system.windows.forms.dll
MOD - [2013.01.10 19:22:48 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_9ddab92b\system.dll
MOD - [2013.01.10 19:22:27 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2013.01.10 19:22:25 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2013.01.10 19:22:21 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2012.09.18 04:14:22 | 000,151,408 | ---- | M] () -- C:\Programme\Mindjet\MindManager 11\zlib.dll
MOD - [2012.05.10 09:17:05 | 000,793,520 | ---- | M] () -- C:\Programme\Norman\nvc\bin\nhs.exe
MOD - [2012.02.03 10:13:36 | 000,116,056 | ---- | M] () -- C:\Programme\Norman\Npm\Bin\njeeves.exe
MOD - [2011.09.02 12:37:13 | 000,235,888 | ---- | M] () -- C:\Programme\Norman\Npm\Bin\noemrc.dll
MOD - [2011.04.11 13:42:33 | 000,084,392 | ---- | M] () -- C:\Programme\Norman\Npc\Bin\nuaa.exe
MOD - [2011.04.11 08:23:56 | 000,169,376 | ---- | M] () -- C:\Programme\Norman\nvc\bin\ndlg.dll
MOD - [2011.02.14 09:35:39 | 001,069,048 | ---- | M] () -- C:\Programme\Norman\Npm\Bin\libxml2.dll
MOD - [2010.10.18 11:05:24 | 010,896,384 | ---- | M] () -- C:\Programme\Norman\Npm\Bin\nqtcore4.dll
MOD - [2009.09.03 12:10:48 | 000,210,432 | ---- | M] () -- C:\Programme\Norman\Npm\Bin\lua.dll
MOD - [2009.03.02 10:33:58 | 003,144,192 | ---- | M] () -- C:\Programme\PixiePack Codec Pack\ffdshow.ax
MOD - [2008.07.25 14:41:56 | 000,094,208 | ---- | M] () -- C:\Programme\TrueSuite Access Manager\usbnotify.exe
MOD - [2008.07.21 13:39:07 | 000,233,472 | ---- | M] () -- c:\windows\assembly\gac\mscorlib.resources\1.0.5000.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008.05.08 09:11:58 | 004,787,712 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
MOD - [2008.04.14 13:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll
MOD - [2008.04.14 13:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008.01.15 09:28:14 | 000,049,152 | ---- | M] () -- C:\Programme\C-CHANNEL\PayPen\CPenOCR.exe
MOD - [2008.01.15 09:28:12 | 000,114,688 | ---- | M] () -- C:\Programme\C-CHANNEL\PayPen\CPenOCR.dll
MOD - [2006.01.11 11:26:28 | 000,897,099 | ---- | M] () -- C:\Programme\C-CHANNEL\PayPen\RFFTW2dll.dll
MOD - [2005.07.22 20:30:18 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\TosCommAPI.dll
MOD - [2005.01.06 17:33:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll
MOD - [2001.09.16 13:43:01 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL
========== Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- C:\Programme\Norman\Npm\bin\NVCSCHED.EXE -- (NVCScheduler)
SRV - [2013.02.05 16:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.06.28 12:08:14 | 000,287,312 | ---- | M] (Norman ASA) [On_Demand | Stopped] -- C:\Programme\Norman\nvc\bin\nvcoas.exe -- (nvcoas)
SRV - [2012.06.26 10:08:46 | 000,288,104 | ---- | M] (Norman ASA) [On_Demand | Running] -- C:\Programme\Norman\Nse\Bin\nsesvc.exe -- (nsesvc)
SRV - [2012.05.14 14:11:20 | 000,356,904 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Programme\Norman\Npf\Bin\npfsvc32.exe -- (NPFSvc32)
SRV - [2012.05.10 09:17:05 | 000,793,520 | ---- | M] () [Auto | Running] -- C:\Programme\Norman\nvc\bin\nhs.exe -- (NHS)
SRV - [2012.02.13 16:01:55 | 000,431,320 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Programme\Norman\Npm\Bin\zanda.exe -- (Norman ZANDA)
SRV - [2012.02.03 10:13:36 | 000,116,056 | ---- | M] () [On_Demand | Running] -- C:\Programme\Norman\Npm\Bin\njeeves.exe -- (Norman NJeeves)
SRV - [2011.11.14 10:27:02 | 000,231,216 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Programme\Norman\Ngs\Bin\nnf.exe -- (NNFSVC)
SRV - [2011.10.27 10:34:30 | 000,718,384 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011.10.24 10:59:21 | 000,076,232 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Programme\Norman\Npm\Bin\elogsvc.exe -- (eLoggerSvc6)
SRV - [2011.10.19 12:07:18 | 000,100,936 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Programme\Norman\Npm\Bin\nvoy.exe -- (NVOY)
SRV - [2011.09.30 14:32:08 | 000,090,144 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Programme\Norman\Ngs\Bin\nprosec.exe -- (NPROSECSVC)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.04.11 13:42:33 | 000,084,392 | ---- | M] () [On_Demand | Running] -- C:\Programme\Norman\Npc\Bin\nuaa.exe -- (NUAA)
SRV - [2011.04.11 10:38:22 | 000,099,312 | ---- | M] (Norman ASA) [On_Demand | Running] -- C:\Programme\Norman\Npm\Bin\scheduler.exe -- (Scheduler)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.01.29 16:54:44 | 000,102,400 | ---- | M] (PacketVideo) [Auto | Stopped] -- C:\Programme\Nokia\Nokia Home Media Server\Media Server\twonkymedia.exe -- (TwonkyMedia)
SRV - [2008.09.03 12:47:00 | 000,131,072 | ---- | M] (AuthenTec,Inc) [Auto | Running] -- C:\WINDOWS\system32\FpLogonServ.exe -- (FingerprintServer)
SRV - [2008.09.02 06:06:00 | 000,049,152 | ---- | M] (AuthenTec Inc.) [Auto | Running] -- C:\WINDOWS\system32\TAMSvr.exe -- (Authentec memory manager)
SRV - [2008.06.10 08:35:40 | 000,172,032 | ---- | M] (Sage Schweiz AG) [Auto | Running] -- C:\CashMan\CashMan Salary\Prog\LiveUpdService.exe -- (Sesam LiveUpdate Service)
SRV - [2008.06.04 16:06:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008.05.27 12:12:18 | 000,628,072 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\Toshiba\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV - [2008.05.05 14:19:16 | 000,552,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\ThpSrv.exe -- (Thpsrv)
SRV - [2008.04.23 13:23:36 | 000,090,112 | ---- | M] (Sage Schweiz AG) [Auto | Running] -- C:\CashMan\CashMan Salary\Security\SvcCtrl.exe -- (SESAM Service Agent)
SRV - [2008.04.23 13:21:42 | 000,212,992 | ---- | M] (Sage Schweiz AG) [Auto | Running] -- C:\CashMan\CashMan Salary\Security\SPISLMGR.exe -- (Sesam Licence Manager)
SRV - [2008.04.23 13:21:26 | 000,274,432 | ---- | M] (Sage Schweiz AG) [Auto | Running] -- C:\CashMan\CashMan Salary\Servers\LicSrv.exe -- (Sesam Licence Server)
SRV - [2008.04.11 10:57:14 | 000,124,264 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2008.03.27 08:19:44 | 000,446,464 | ---- | M] (Sage Schweiz AG) [Auto | Running] -- C:\CashMan\CashMan Salary\Servers\UsrMgmS.exe -- (Sesam User Management Server)
SRV - [2007.11.21 16:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)
SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.01.19 19:51:20 | 000,118,784 | ---- | M] (TOSHIBA) [Auto | Running] -- C:\Programme\TOSHIBA\TME3\Tmesrv31.exe -- (Tmesrv)
SRV - [2005.01.17 15:38:00 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004.10.22 01:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HECI.sys -- (HECI)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012.08.16 10:26:03 | 000,046,816 | ---- | M] (Norman ASA) [File_System | Boot | Stopped] -- C:\WINDOWS\system32\drivers\nvcw32mf.sys -- (NvcMFlt)
DRV - [2012.02.24 10:14:42 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012.02.24 10:14:42 | 000,080,824 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2011.12.02 10:43:21 | 000,053,160 | ---- | M] (Norman ASA) [Kernel | On_Demand | Running] -- C:\Programme\Norman\Ngs\Bin\nnetsecc.sys -- (NNetSecC)
DRV - [2011.11.11 15:52:31 | 000,061,496 | ---- | M] (Norman ASA) [Kernel | Auto | Running] -- C:\Programme\Norman\Ngs\Bin\nregsec.sys -- (nregsec)
DRV - [2011.11.11 15:48:19 | 000,091,136 | ---- | M] (Norman ASA) [Kernel | System | Running] -- C:\Programme\Norman\Ngs\Bin\nprosec.sys -- (NPROSEC)
DRV - [2011.11.11 15:29:52 | 000,457,048 | ---- | M] (Norman ASA) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tdi_nf.sys -- (tdi_nf)
DRV - [2011.08.26 10:03:28 | 000,053,928 | ---- | M] (Norman ASA) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nnetsec.sys -- (nnetsec)
DRV - [2011.08.17 12:56:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011.08.17 12:56:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011.08.17 12:56:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011.08.17 12:56:22 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011.07.12 12:36:43 | 000,026,744 | ---- | M] (Norman ASA) [Kernel | System | Running] -- c:\Programme\Norman\Ngs\Bin\ngs.sys -- (NGS)
DRV - [2010.12.09 10:48:03 | 000,022,880 | ---- | M] (Norman ASA) [Kernel | Auto | Running] -- C:\Programme\Norman\Nse\Bin\ndiskio.sys -- (Ndiskio)
DRV - [2009.03.27 03:33:56 | 000,239,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress)
DRV - [2008.11.17 14:23:16 | 003,636,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.08.14 08:52:00 | 000,146,944 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV)
DRV - [2008.07.25 14:41:36 | 000,042,608 | ---- | M] (Alfa Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\AlfaFF.sys -- (AlfaFF)
DRV - [2008.07.23 22:12:14 | 000,072,232 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshgps.sys -- (toshgps)
DRV - [2008.07.08 19:04:10 | 000,402,816 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshunic.sys -- (toshunic)
DRV - [2008.07.08 19:04:08 | 000,430,080 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshmdm2.sys -- (toshmdm2)
DRV - [2008.07.08 19:04:08 | 000,385,536 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshmdm.sys -- (toshmdm)
DRV - [2008.07.08 19:04:08 | 000,376,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshcard.sys -- (toshcard)
DRV - [2008.07.08 19:04:08 | 000,300,544 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshbus.sys -- (toshbus)
DRV - [2008.07.08 19:04:08 | 000,025,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshnd5.sys -- (toshnd5)
DRV - [2008.07.08 19:04:08 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshmdfl2.sys -- (toshmdfl2)
DRV - [2008.07.08 19:04:08 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshmdfl.sys -- (toshmdfl)
DRV - [2008.07.02 10:18:18 | 000,024,232 | ---- | M] (Sony Ericsson) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshscard.sys -- (Sony_EricssonWWSC)
DRV - [2008.06.04 15:32:58 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008.04.30 20:09:24 | 000,004,992 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\TVALZFL.sys -- (TVALZFL)
DRV - [2008.04.23 16:15:26 | 000,131,712 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2008.04.09 17:01:16 | 004,703,744 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008.03.25 12:54:02 | 000,041,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2008.03.19 10:38:24 | 000,074,112 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2008.02.15 17:01:18 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008.01.25 12:28:48 | 000,039,040 | ---- | M] (Anoto AB) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pendfu.sys -- (pendfu)
DRV - [2008.01.22 19:57:48 | 000,054,144 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2008.01.14 10:33:46 | 000,018,536 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PayPen.sys -- (PayPen)
DRV - [2008.01.11 21:58:00 | 000,021,120 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\thpdrv.sys -- (Thpdrv)
DRV - [2007.12.24 08:18:48 | 000,068,696 | ---- | M] (O2Micro) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2007.12.17 10:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007.11.29 08:45:44 | 000,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2007.10.18 13:25:00 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007.10.02 10:43:22 | 000,064,128 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007.09.04 09:14:00 | 000,006,528 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\Thpevm.sys -- (Thpevm)
DRV - [2007.07.30 10:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.07.30 09:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.07.24 06:59:12 | 000,041,216 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2007.03.26 11:22:18 | 000,105,856 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tdudf.sys -- (tdudf)
DRV - [2007.02.22 14:10:30 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007.02.21 17:20:36 | 000,435,072 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TEchoCan.sys -- (TEchoCan)
DRV - [2007.02.19 11:15:32 | 000,134,016 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\trudf.sys -- (trudf)
DRV - [2007.02.15 15:44:06 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TVALZ.SYS -- (TVALZ)
DRV - [2006.11.28 15:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.02 06:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006.10.23 15:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2005.01.07 04:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004.06.16 10:08:48 | 000,005,888 | ---- | M] (Toshiba Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TMEI3E.sys -- (TMEI3E)
DRV - [2004.05.08 20:38:06 | 000,101,833 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003.01.29 13:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={8DFF64ED-47D8-4660-B00C-49BBD0C2F2E8}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = file://C:/Dokumente und Einstellungen/***/Eigene Dateien/Radiotracker/Temp/RT/WebRip/profile/rrproxy_ie_4ac791bf.pac
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = file://C:/Dokumente und Einstellungen/***/Eigene Dateien/Radiotracker/Temp/RT/WebRip/profile/rrproxy_ie_4ac791bf.pac
IE - HKU\S-1-5-21-3184340849-2263771899-475112938-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
IE - HKU\S-1-5-21-3184340849-2263771899-475112938-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx?ocid=iehp
IE - HKU\S-1-5-21-3184340849-2263771899-475112938-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch
IE - HKU\S-1-5-21-3184340849-2263771899-475112938-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 92 FA 73 45 D5 D0 CB 01 [binary data]
IE - HKU\S-1-5-21-3184340849-2263771899-475112938-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3184340849-2263771899-475112938-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3184340849-2263771899-475112938-1005\..\SearchScopes\{8AF9746C-0668-4031-8E11-E1BD10755C97}: "URL" =
IE - HKU\S-1-5-21-3184340849-2263771899-475112938-1005\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = hxxp://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80772&lng=de
IE - HKU\S-1-5-21-3184340849-2263771899-475112938-1005\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={8DFF64ED-47D8-4660-B00C-49BBD0C2F2E8}
IE - HKU\S-1-5-21-3184340849-2263771899-475112938-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic ES Customized Web Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "iMesh Web Search"
FF - prefs.js..browser.search.selectedEngine: "SweetIM Search"
FF - prefs.js..browser.startup.homepage: "hxxp://home.sweetim.com/?barid={8DFF64ED-47D8-4660-B00C-49BBD0C2F2E8}"
FF - prefs.js..extensions.enabledItems: fe_3.5@nokia.com:1.7.56.205
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {28D35620-51D9-11DE-9D13-2DB156D89593}:3.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:15.0.2
FF - prefs.js..extensions.enabledItems: {c2ed826e-8903-4a9d-b0df-3a8fb8ea918a}:2.0.3.0
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.4.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "iMesh Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://search.imesh.com/"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.imesh.com/webResults.html?src=ffb&q="
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Programme\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_3.5@nokia.com: C:\Programme\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_3.5 [2012.01.05 21:08:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.03.01 20:31:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.03.01 20:31:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_7.0@nokia.com: C:\Programme\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 [2012.01.05 21:08:21 | 000,000,000 | ---D | M]
[2009.09.03 13:05:47 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions
[2013.03.01 20:34:29 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cu4tqb35.default\extensions
[2009.10.12 17:12:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cu4tqb35.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.10.12 17:08:13 | 000,000,000 | ---D | M] (Softonic ES Toolbar) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cu4tqb35.default\extensions\{c2ed826e-8903-4a9d-b0df-3a8fb8ea918a}
[2012.01.05 22:05:22 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cu4tqb35.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2009.05.07 14:30:54 | 000,000,884 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cu4tqb35.default\searchplugins\conduit.xml
[2009.07.18 00:02:48 | 000,002,456 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cu4tqb35.default\searchplugins\iMeshWebSearch.xml
[2012.01.05 22:05:26 | 000,003,915 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cu4tqb35.default\searchplugins\SweetIM Search.xml
[2012.01.05 22:05:18 | 000,003,915 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cu4tqb35.default\searchplugins\sweetim.xml
[2013.01.21 20:24:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.10.24 19:50:32 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2009.09.03 15:15:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
[2012.06.26 17:45:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\***\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\CU4TQB35.DEFAULT\EXTENSIONS\{28D35620-51D9-11DE-9D13-2DB156D89593}
[2012.06.26 17:44:46 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012.01.05 21:08:20 | 000,000,000 | ---D | M] (Firefox Synchronisation Extension) -- C:\PROGRAMME\NOKIA\NOKIA SUITE\CONNECTORS\BOOKMARKS CONNECTOR\FIREFOXEXTENSION_3.5
[2009.07.30 23:59:14 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2009.07.30 23:59:14 | 000,002,344 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2009.07.18 00:02:48 | 000,002,456 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\iMeshWebSearch.xml
[2009.07.30 23:59:14 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2009.07.30 23:59:14 | 000,000,986 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2009.07.30 23:59:14 | 000,000,801 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://google.ch/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\25.0.1364.172\gcswf32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Programme\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.150.3 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U15 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Programme\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Google Update (Enabled) = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Programme\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Programme\Microsoft\Office Live\npOLW.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Skype Click to Call = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2008.04.14 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Programme\Mindjet\MindManager 11\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3184340849-2263771899-475112938-1005\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKU\S-1-5-21-3184340849-2263771899-475112938-1005\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [000StTHK] C:\WINDOWS\System32\000StTHK.exe ()
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Programme\Gemeinsame Dateien\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Programme\Gemeinsame Dateien\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [CFSServ.exe] CFSServ.exe -NoClient File not found
O4 - HKLM..\Run: [DDWMon] C:\Programme\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe ()
O4 - HKLM..\Run: [DpUtil] C:\Programme\Toshiba\DualPointUtility\TEDTray.exe (TOSHIBA)
O4 - HKLM..\Run: [FingerPrintNotifer] C:\Programme\TrueSuite Access Manager\FpNotifier.exe (AuthenTec, Inc)
O4 - HKLM..\Run: [ITSecMng] C:\Programme\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [MMReminderService] C:\Programme\Mindjet\MindManager 11\MmReminderService.exe (Mindjet)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [Norman ZANDA] C:\Programme\Norman\Npm\Bin\ZLH.EXE (Norman ASA)
O4 - HKLM..\Run: [NPCTray] C:\Programme\Norman\npc\bin\npc_tray.exe (Norman ASA)
O4 - HKLM..\Run: [PwdBank] C:\Programme\TrueSuite Access Manager\PwdBank.exe (Arachnoid Biometrics Identification Group)
O4 - HKLM..\Run: [SmoothView] C:\Programme\Toshiba\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TAudEffect] C:\Programme\TOSHIBA\TAudEffect\TAudEff.exe (TOSHIBA)
O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found
O4 - HKLM..\Run: [TFNF5] C:\WINDOWS\System32\TFNF5.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [ThpSrv] C:\WINDOWS\System32\thpsrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TMERzCtl.EXE] C:\Programme\TOSHIBA\TME3\TMERzCtl.EXE (TOSHIBA)
O4 - HKLM..\Run: [TMESRV.EXE] C:\Programme\TOSHIBA\TME3\TMESRV31.EXE (TOSHIBA)
O4 - HKLM..\Run: [topi] C:\Programme\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [TOSDCR] C:\WINDOWS\System32\TOSDCR.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [TPCHWMsg] C:\Programme\Toshiba\TPHM\TPCHWMsg.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSODDCtl] C:\WINDOWS\System32\TPSODDCtl.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [UsbMonitor] C:\Programme\TrueSuite Access Manager\usbnotify.exe ()
O4 - HKU\S-1-5-21-3184340849-2263771899-475112938-1005..\Run: [] C:\DOKUME~1\***\LOKALE~1\Temp\bejwbkqnzillsoeewxtgdspx.exe File not found
O4 - HKU\S-1-5-21-3184340849-2263771899-475112938-1005..\Run: [Software Informer] "C:\Programme\Software Informer\softinfo.exe" -autorun File not found
O4 - HKU\S-1-5-21-3184340849-2263771899-475112938-1005..\Run: [TOSCDSPD] C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth Manager.lnk = C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\C-CHANNEL OnlineUpdate.lnk = C:\Programme\C-CHANNEL\OnlineUpdate\PeOnlineUpdate.exe (C-Channel AG, 6331 Hünenberg ZG)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\LicMon.exe.lnk = C:\CashMan\CashMan Salary\Servers\LicMon.exe (Sage Schweiz AG)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\LiveUpdTray.exe.lnk = C:\CashMan\CashMan Salary\Prog\LiveUpdTray.exe (Sage Schweiz AG)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\PayPen.lnk = C:\Programme\C-CHANNEL\PayPen\PayPen.exe (Anoto AB)
O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3184340849-2263771899-475112938-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Bild an Mindjetsenden - C:\Programme\Mindjet\MindManager 11\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: Link an Mindjetsenden - C:\Programme\Mindjet\MindManager 11\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: Seite an Mindjetsenden - C:\Programme\Mindjet\MindManager 11\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: Text an Mindjet senden - C:\Programme\Mindjet\MindManager 11\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: Web-Suche - C:\Programme\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9 - Extra Button: An Mindjet senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Programme\Mindjet\MindManager 11\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} hxxp://www.ifolor.ch/ORDERINGGENERAL/LowRes/app_support/_2_1_7/ActiveX/IfolorUploader_chkr.cab (IfolorUploader Control)
O16 - DPF: {48580E34-E37A-454A-8EC4-FC7598B01D77} hxxp://order.ifolor.ch/GENERAL/LowRes/app_support/1/ActiveX/IfolorUploader_chkr.cab (IfolorUploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ATFUS: DllName - (C:\WINDOWS\system32\FpWinLogonNp.dll) - C:\WINDOWS\system32\FpWinlogonNp.dll (AuthenTec,Inc)
O20 - Winlogon\Notify\TosBtNP: DllName - (TosBtNP.dll) - C:\WINDOWS\System32\TosBtNP.dll (TOSHIBA CORPORATION)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.07.21 13:21:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{938083f1-cafb-11de-bc6f-0022fad3f038}\Shell - "" = AutoRun
O33 - MountPoints2\{938083f1-cafb-11de-bc6f-0022fad3f038}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{938083f1-cafb-11de-bc6f-0022fad3f038}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{9c59e376-06be-11df-bc9c-0022fad3f038}\Shell - "" = AutoRun
O33 - MountPoints2\{9c59e376-06be-11df-bc9c-0022fad3f038}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9c59e376-06be-11df-bc9c-0022fad3f038}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start_Windows-Live-Suite.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: nslohost - (C:\WINDOWS\system32\cmmotify.dll) - File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013.03.17 20:13:20 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2013.03.17 20:12:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
[2013.03.17 18:07:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2013.03.17 18:07:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\mbar
[2013.03.08 17:41:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Mindjet
[2013.03.08 17:38:52 | 000,005,632 | ---- | C] (Tracker Software) -- C:\WINDOWS\System32\pxc25pm.dll
[2013.03.08 17:38:51 | 000,258,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\unicows.dll
[2013.03.08 17:38:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\PDF-XChange 3
[2013.03.08 17:38:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Eigene Maps
[2013.03.08 17:38:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mindjet
[2013.03.08 17:38:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mindjet
[2013.03.08 17:37:38 | 000,000,000 | ---D | C] -- C:\Programme\Mindjet
[2013.03.08 17:36:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\{F1ED2C98-6F11-409D-8A95-1AB3FA82B23A}
[2013.03.01 20:36:45 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\***\Recent
[2013.03.01 20:35:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2013.03.01 19:16:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\McAfee Security Scan Plus
[2013.02.24 19:01:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\McAfee Security Scan
[2013.02.24 19:01:27 | 000,000,000 | ---D | C] -- C:\Programme\McAfee Security Scan
[2013.02.24 19:01:25 | 000,691,568 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013.02.24 19:01:24 | 000,071,024 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012.04.06 11:17:42 | 000,301,640 | ---- | C] (Softonic) -- C:\Programme\SoftonicDownloader_fuer_samsung-kies.exe
[2010.12.28 12:17:51 | 002,488,448 | ---- | C] (Microsoft ) -- C:\Programme\RAWViewerSetupLite.exe
[2010.12.18 19:53:47 | 020,810,120 | ---- | C] (Skype Technologies S.A.) -- C:\Programme\SkypeSetupFull50.exe
[2010.10.16 20:17:28 | 001,668,096 | ---- | C] (Irfan Skiljan) -- C:\Programme\iview427g_setup.exe
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.03.18 08:19:16 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.03.18 08:17:47 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.18 08:17:45 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3184340849-2263771899-475112938-1005.job
[2013.03.18 08:17:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.03.18 08:17:02 | 3079,852,032 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.17 22:33:00 | 000,001,222 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3184340849-2263771899-475112938-1005UA.job
[2013.03.17 22:00:16 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.17 20:14:03 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\***\defogger_reenable
[2013.03.17 20:13:44 | 000,049,344 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Defogger.exe
[2013.03.17 20:13:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
[2013.03.17 20:12:53 | 000,377,856 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\zx8t8m44.exe
[2013.03.17 18:55:41 | 000,572,904 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.03.17 18:55:41 | 000,522,350 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.03.17 18:55:41 | 000,123,784 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.03.17 18:55:41 | 000,096,340 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.03.17 18:38:37 | 000,002,503 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Microsoft Office Word 2007.lnk
[2013.03.17 13:33:00 | 000,001,170 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3184340849-2263771899-475112938-1005Core.job
[2013.03.17 11:11:27 | 000,000,187 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2013.03.17 10:22:42 | 000,002,545 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Microsoft Office PowerPoint 2007.lnk
[2013.03.17 02:00:01 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-LAP***-***.job
[2013.03.10 10:16:03 | 003,586,584 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.03.09 08:34:39 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for ***.job
[2013.03.08 17:41:12 | 000,002,415 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mindjet.lnk
[2013.03.04 20:03:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3184340849-2263771899-475112938-1005.job
[2013.03.01 19:16:49 | 000,001,760 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\McAfee Security Scan Plus.lnk
[2013.03.01 03:28:11 | 006,011,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013.02.24 19:01:25 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013.02.24 19:01:24 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.03.17 20:14:03 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***\defogger_reenable
[2013.03.17 20:12:27 | 000,377,856 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\zx8t8m44.exe
[2013.03.17 20:11:42 | 000,049,344 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Defogger.exe
[2013.03.08 17:38:10 | 000,002,415 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mindjet.lnk
[2013.02.24 19:01:27 | 000,001,760 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\McAfee Security Scan Plus.lnk
[2012.06.24 19:17:05 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db
[2012.04.06 09:10:08 | 004,589,096 | ---- | C] () -- C:\Programme\MyPhoneExplorer_Setup_1.8.2.exe
[2012.02.15 18:36:08 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.01.31 00:15:42 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2012.01.31 00:15:42 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2012.01.31 00:15:42 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2012.01.31 00:15:42 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2012.01.20 15:10:52 | 000,311,296 | ---- | C] () -- C:\WINDOWS\System32\EMRegSys.dll
[2011.08.28 17:05:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2011.05.01 18:32:23 | 000,001,575 | ---- | C] () -- C:\Dokumente und Einstellungen\***\.recently-used.xbel
[2010.12.28 11:22:46 | 1052,762,623 | ---- | C] () -- C:\Programme\PhotoshopCS5.zip
[2009.09.07 09:09:02 | 000,019,968 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.03 15:20:21 | 000,148,480 | ---- | C] () -- C:\Programme\UNWISE.EXE
[2009.09.03 10:33:10 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2008.10.30 09:49:34 | 000,000,022 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\8f01a90e-7eb3-48d3-93b1-50d88fd146fb
========== ZeroAccess Check ==========
[2008.07.21 13:24:54 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009.07.18 17:03:13 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report > Extra: Code:
OTL Extras logfile created on: 18.03.2013 08:23:27 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
2.87 Gb Total Physical Memory | 2.14 Gb Available Physical Memory | 74.70% Memory free
5.64 Gb Paging File | 5.05 Gb Available in Paging File | 89.59% Paging File free
Paging file location(s): C:\pagefile.sys 3000 4000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 298.09 Gb Total Space | 209.11 Gb Free Space | 70.15% Space Free | Partition Type: NTFS
Computer Name: LAP*** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_USERS\S-1-5-21-3184340849-2263771899-475112938-1005\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Programme\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\iMesh Applications\iMesh\iMesh.exe" = C:\Programme\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh
"C:\Programme\RadioJack2006\RadioJack2006.exe" = C:\Programme\RadioJack2006\RadioJack2006.exe:*:Disabled:RadioJack2006
"C:\WINDOWS\system32\igfxsrvc.exe" = C:\WINDOWS\system32\igfxsrvc.exe:*:Disabled:igfxsrvc Module -- (Intel Corporation)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)
"C:\Programme\Toshiba\ConfigFree\NDSTray.exe" = C:\Programme\Toshiba\ConfigFree\NDSTray.exe:*:Disabled:ConfigFree(TM) Tray -- (TOSHIBA CORPORATION)
"C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Programme\TeamViewer\Version6\TeamViewer.exe" = C:\Programme\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe" = C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\Content.IE5\L9VPWXWS\SweetImSetup[1].exe" = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\Content.IE5\L9VPWXWS\SweetImSetup[1].exe:*:Enabled:SweetIM Installer
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0577A2AA-DEA0-4D40-8372-4211102D43E4}" = TOSHIBA Mic Effect
"{068B2432-7CF2-449C-97A6-95E16E7F4880}" = OZ776 SCR Driver V1.1.4.202
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0EEB3C40-2A8C-4045-B3F9-13C4A5C490C0}" = Nokia Home Media Server
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1C971EE3-B4C4-4367-9676-57549919C6CE}" = TOSHIBA Benutzerhandbücher
"{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}" = TOSHIBA Sicherheits-Assistent
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25F61E72-AAA4-4607-95D2-1E5139C98FFB}" = Nokia_Multimedia_Common_Components_2_5
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
"{2D81C4AF-72CE-47B8-86A7-9C7F4A957727}" = Sesam Version 2008.1
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3B8D9FA4-745C-47C9-962D-4ABE6ACE136B}" = TOSHIBA Mobile Extension3
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EABECB0-B86C-4206-9EAC-D1A230270A30}" = Presto! BizCard5 SE
"{400830CA-F056-4BBE-80A3-9DF9CA4FB889}" = TOSHIBA Direct Disc Writer
"{408FA92C-0766-48A1-8055-D6DFD27B7C2B}" = C-CHANNEL OnlineUpdate
"{4323A3CF-D66F-46BC-AD16-B94D7BF05CF1}" = TOSHIBA Dienstprogramm für duales Zeigegerät
"{45D4F727-43B5-49CD-B474-B9866A8F4FB8}" = Nokia Map Loader
"{489BBD5A-7B60-4166-A3A7-6494A78E8509}" = TubeBox!
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FCB1267-7380-4EBA-9A6C-69809C6E8227}" = Nokia Music Player
"{55EB7967-5BB1-4EA2-8AFF-B2F9E487E553}" = PC Connectivity Solution
"{56190F69-01D3-46CA-9861-43377C5E9B87}" = TOSHIBA Utilities
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.05
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zoom-Dienstprogramm
"{643056EF-45A6-4C45-BBF8-CCA2E0651CE1}" = Mindjet
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7862BAD8-A379-4128-8AA1-EFD5A9603C53}" = Wireless Hotkey
"{7F3B0E97-447F-4199-84E3-7745BAA2E497}" = TOSHIBA Cooling Performance Diagnostic Tool
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8528EB67-571E-4A94-988F-052D43CB0EBD}" = CrystalReports11
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CD52C41-69B2-4DE6-BFA0-E82FABE5E056}" = PayPen
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ACBDDE2-DD2D-4103-8ECE-D1A9F7F03D1A}" = TOSHIBA Power Saver
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C450606-ED24-4958-92BA-B8940C99D441}" = PixiePack Codec Pack
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A00F8237-F496-44D2-0001-E3CCF8CD58AE}" = Photomizer
"{A2075A09-28AA-4D30-9BCC-82EAD9FA51BD}" = TrueSuite Access Manager
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A36B158D-8E9D-4BD3-8BDA-4B5EDC9C2E8C}" = Norman Security Suite
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF88496B-4BBA-4922-97E9-2582D3A28358}" = Nokia Connectivity Cable Driver
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BBF5493A-05FB-4449-90DE-84A61EB78154}" = TOSHIBA SD Memory Boot Utility
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0FC3B56-E345-40CD-A5CB-7EB791CE3E74}" = TOSHIBA Password Utility
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB24A9E5-A068-43DD-88D0-B51BED3C0B99}" = Nokia Suite
"{DD304638-64D4-43C9-8B8F-48BE23564791}" = Presto! BizCard 5 SE (Deutsche Version)
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}" = TOSHIBA USB Sleep and Charge Utility
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EB938616-16BB-491E-A5A0-CA4AB4167BB4}" = Nokia Photos
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}" = Microsoft WSE 3.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F66F19DC-D0B2-4F96-A51D-D1C9438A30AA}" = CashMan Gesamtlösung
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FC4C645F-8EBC-4F1E-A517-D1505B43A374}" = TOSHIBA Wireless Key Logon
"{FF03F4E5-3269-459B-A5F3-DC0D7B2561FB}" = PayPen
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Aldi Suisse Foto Service" = Aldi Suisse Foto Service 4.12.1
"Anki" = Anki
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"B0FFC364CE14DAFAFC484A60C2BB7758BC842A8F" = Windows-Treiberpaket - Anoto AB (PayPen) Input Pen (09/28/2007 2.0.0.0)
"BC2_is1" = Beyond Compare Version 2.5
"CashMan Gesamtlösung" = CashMan Gesamtlösung
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP LaserJet 2200 Uninstaller" = HP LaserJet 2200 Deinstallationsprogramm
"ie8" = Windows Internet Explorer 8
"ifolor-OrderClient21" = ifolor Designer
"InstallShield_{068B2432-7CF2-449C-97A6-95E16E7F4880}" = OZ776 SCR Driver V1.1.4.202
"InstallShield_{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC-Diagnose-Tool
"InstallShield_{56190F69-01D3-46CA-9861-43377C5E9B87}" = TOSHIBA Dienstprogramme
"InstallShield_{7F3B0E97-447F-4199-84E3-7745BAA2E497}" = TOSHIBA Kühlleistungs-Diagnosetool
"InstallShield_{9ACBDDE2-DD2D-4103-8ECE-D1A9F7F03D1A}" = TOSHIBA Power Saver
"InstallShield_{C0FC3B56-E345-40CD-A5CB-7EB791CE3E74}" = TOSHIBA Passwort-Utility
"IrfanView" = IrfanView (remove only)
"Kalender-Excel-8.8.1_is1" = Kalender-Excel-8.8.1
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nokia Suite" = Nokia Suite
"NSS" = Norton Security Scan
"PDF-XChange 3_is1" = PDF-XChange 3
"PROHYBRIDR" = 2007 Microsoft Office system
"PROSet" = Intel(R) Network Connections Drivers
"RawShooter essentials 2006" = RawShooter essentials 2006
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SofTax GR 2011 NP" = SofTax GR 2011 NP
"Somax Runtime" = Somax Runtime
"TDspBtn" = TOSHIBA Utility zum Bildschirmwechsel
"TeamViewer 6" = TeamViewer 6
"TFNF5" = TOSHIBA Hotkey Utility für Anzeigegeräte
"TME" = Deinstallationsprogamm für TOSHIBA Mobile Extension3
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"TwonkyvisionUPnPTwonkyMedia" = TwonkyMedia
"Viwa" = Viwa 3.1.4
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinGimp-2.0_is1" = GIMP 2.6.7
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3184340849-2263771899-475112938-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 15.02.2013 14:12:41 | Computer Name = LAP*** | Source = COM | ID = 10023
Description = Die anwendungsspezifische Sicherheitsbeschreibung für den Zugriff
auf die COM-Serveranwendung c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
ist ungültig. Sie enthält Zugriffssteuerungseinträge mit ungültigen Berechtigungen.
Die angeforderte Aktion wurde daher nicht ausgeführt. Diese Sicherheitsberechtigung
wurde programmgesteuert von der Anwendung festgelegt. Wenn Sie die Sicherheitsberechtigung
ändern möchten, wenden Sie sich an den Hersteller der Anwendung.
Error - 15.02.2013 14:18:20 | Computer Name = LAP*** | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OUTLOOK.EXE, Version 12.0.6668.5000, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 15.02.2013 14:18:32 | Computer Name = LAP*** | Source = Microsoft Office 12 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Office Outlook.
Error - 15.02.2013 14:18:47 | Computer Name = LAP*** | Source = Application Hang | ID = 1001
Description = Fehlerhafter Speicherbereich -1042190453.
Error - 15.02.2013 14:20:46 | Computer Name = LAP*** | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OUTLOOK.EXE, Version 12.0.6668.5000, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 15.02.2013 17:23:04 | Computer Name = LAP*** | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 17.02.2013 02:48:26 | Computer Name = LAP*** | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung LiveUpdService.exe, Version 8.1.0.7, fehlgeschlagenes
Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x00019af2.
Error - 17.02.2013 12:18:31 | Computer Name = LAP*** | Source = Application Error | ID = 1004
Description = Fehlgeschlagene Anwendung LiveUpdService.exe, Version 8.1.0.7, fehlgeschlagenes
Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x00019af2.
Error - 18.02.2013 14:26:58 | Computer Name = LAP*** | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
zurückgegeben. .
Error - 18.02.2013 14:26:58 | Computer Name = LAP*** | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten
Vorgang nicht ausführen. .
[ OSession Events ]
Error - 18.09.2009 06:01:56 | Computer Name = LAP*** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 139141
seconds with 660 seconds of active time. This session ended with a crash.
Error - 24.09.2009 02:18:29 | Computer Name = LAP*** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 53569
seconds with 1500 seconds of active time. This session ended with a crash.
Error - 02.11.2009 05:12:36 | Computer Name = LAP*** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.
Error - 20.05.2010 09:33:49 | Computer Name = LAP*** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 72318
seconds with 360 seconds of active time. This session ended with a crash.
Error - 27.07.2012 16:28:25 | Computer Name = LAP*** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 10253
seconds with 120 seconds of active time. This session ended with a crash.
Error - 12.02.2013 04:35:02 | Computer Name = LAP*** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 153
seconds with 120 seconds of active time. This session ended with a crash.
Error - 13.02.2013 13:50:39 | Computer Name = LAP*** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 273
seconds with 180 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 17.03.2013 17:18:26 | Computer Name = LAP*** | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
atapi PCIIde
Error - 18.03.2013 03:19:11 | Computer Name = LAP*** | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
atapi PCIIde
Error - 18.03.2013 03:19:53 | Computer Name = LAP*** | Source = Service Control Manager | ID = 7016
Description = Der Dienst "Norman Scanner Engine Service" hat einen ungültigen aktuellen
Status gemeldet: 0
Error - 18.03.2013 03:20:17 | Computer Name = LAP*** | Source = Service Control Manager | ID = 7016
Description = Der Dienst "Norman Scanner Engine Service" hat einen ungültigen aktuellen
Status gemeldet: 0
Error - 18.03.2013 03:20:48 | Computer Name = LAP*** | Source = Service Control Manager | ID = 7016
Description = Der Dienst "Norman Scanner Engine Service" hat einen ungültigen aktuellen
Status gemeldet: 0
Error - 18.03.2013 03:20:48 | Computer Name = LAP*** | Source = Service Control Manager | ID = 7016
Description = Der Dienst "Norman Scanner Engine Service" hat einen ungültigen aktuellen
Status gemeldet: 0
Error - 18.03.2013 03:20:58 | Computer Name = LAP*** | Source = Service Control Manager | ID = 7016
Description = Der Dienst "Norman Scanner Engine Service" hat einen ungültigen aktuellen
Status gemeldet: 0
Error - 18.03.2013 03:21:15 | Computer Name = LAP*** | Source = Service Control Manager | ID = 7016
Description = Der Dienst "Norman Scanner Engine Service" hat einen ungültigen aktuellen
Status gemeldet: 0
Error - 18.03.2013 03:21:30 | Computer Name = LAP*** | Source = Service Control Manager | ID = 7016
Description = Der Dienst "Norman Scanner Engine Service" hat einen ungültigen aktuellen
Status gemeldet: 0
Error - 18.03.2013 03:21:46 | Computer Name = LAP*** | Source = Service Control Manager | ID = 7016
Description = Der Dienst "Norman Scanner Engine Service" hat einen ungültigen aktuellen
Status gemeldet: 0
< End of report > |