Beginner12 | 03.07.2012 20:30 | Hi
Ja, OTL.exe habe ich bereits.
Übrigens habe ich bei mir Avira Free Antivirus installiert. Das Programm hat (anscheinend) einiges gefunden und entfernt.
Hier aus dem Scan: OTL.Txt-Editor:OTL Logfile: Code:
OTL logfile created on: 03.07.2012 20:49:01 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 66,30% Memory free
6,22 Gb Paging File | 5,30 Gb Available in Paging File | 85,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139,73 Gb Total Space | 77,59 Gb Free Space | 55,53% Space Free | Partition Type: NTFS
Drive E: | 138,26 Gb Total Space | 102,69 Gb Free Space | 74,27% Space Free | Partition Type: NTFS
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.07.03 19:59:21 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.07.03 19:56:02 | 000,050,477 | ---- | M] () -- C:\Users\***\Downloads\Defogger.exe
PRC - [2012.05.08 18:04:09 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 18:04:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 18:04:09 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 18:04:09 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.18 23:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2007.05.17 20:12:30 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2007.03.29 10:39:00 | 000,427,576 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2006.11.14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2006.10.05 13:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006.05.25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
========== Modules (No Company Name) ==========
MOD - [2012.07.03 19:56:02 | 000,050,477 | ---- | M] () -- C:\Users\***\Downloads\Defogger.exe
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2012.06.25 17:12:01 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.19 07:21:47 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.08 18:04:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 18:04:09 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.05.12 20:52:00 | 000,306,432 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2008.01.18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.18 23:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.12.20 10:41:56 | 000,029,440 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2007.05.31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007.05.17 20:12:30 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2007.03.29 10:39:00 | 000,427,576 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2006.11.14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006.10.27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006.10.26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.10.05 13:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006.05.25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\TpChoice.sys -- (TpChoice)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.05.08 18:04:10 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 18:04:09 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 16:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.06.17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.10 21:42:54 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
DRV - [2008.09.25 12:33:16 | 000,044,320 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2008.07.29 05:05:04 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.04.24 18:46:48 | 000,192,768 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw47xxx.sys -- (hcw47000)
DRV - [2007.05.16 01:16:20 | 002,602,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007.04.27 20:13:58 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2007.03.12 21:47:54 | 000,011,264 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007.01.24 14:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2007.01.18 16:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N)
DRV - [2007.01.18 16:40:56 | 000,219,392 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I)
DRV - [2006.12.25 18:35:08 | 000,067,072 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006.11.28 16:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.10.18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006.10.05 22:22:14 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2006.07.28 16:25:26 | 000,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\LPCFilter.sys -- (LPCFilter)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
FF - prefs.js..network.proxy.type: 4
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Programme\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\***\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.19 07:21:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.21 20:18:18 | 000,000,000 | ---D | M]
[2008.09.17 17:02:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.06.27 17:41:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zckk6fzr.default\extensions
[2012.05.22 22:50:15 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zckk6fzr.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.06.27 17:41:57 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zckk6fzr.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.08.09 23:37:59 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zckk6fzr.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.01.11 01:07:12 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zckk6fzr.default\extensions\plugin@yontoo.com
[2010.10.31 09:27:09 | 000,000,873 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zckk6fzr.default\searchplugins\conduit.xml
[2012.06.25 17:06:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.25 17:06:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.06.19 07:21:48 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009.01.15 21:36:58 | 000,155,648 | ---- | M] (PopCap Games) -- C:\Program Files\mozilla firefox\plugins\nppopcaploader.dll
[2009.10.23 15:01:34 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2012.01.11 01:00:18 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.11 01:00:18 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.01.11 01:00:18 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.11 01:00:18 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.11 01:00:18 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.11 01:00:18 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programme\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O4 - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [iTunesHelper] E:\Programme\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Programme\TOSHIBA\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
O4 - HKCU..\Run: [TOSCDSPD] C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKCU..\Run: [wincredprovider] C:\Users\***\AppData\Local\Microsoft\Windows\1529\wincredprovider.exe ()
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game03.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} hxxp://m.boonty.com/webgames/_popcap/popcaploader_v10_de.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43997FCB-F3DB-4507-8196-670137D96136}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{972D9AB1-0E47-4E21-A4B8-E4A81835424A}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B2CB7F18-A3FB-41C9-8500-F86B3542FCCF}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CBBF5874-6D22-4EF8-B4C0-0A93C26CEF2F}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\***\Pictures\ford_f-series_super_duty_in1_11.jpg
O24 - Desktop BackupWallPaper: C:\Users\***\Pictures\ford_f-series_super_duty_in1_11.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1f4d92a1-0cf8-11df-b1f3-001eec069ddd}\Shell\1\Command - "" = D:\.\RECYCLER\Lcass.exe
O33 - MountPoints2\{1f4d92a1-0cf8-11df-b1f3-001eec069ddd}\Shell\2\Command - "" = D:\.\RECYCLER\Lcass.exe
O33 - MountPoints2\{1f4d92a1-0cf8-11df-b1f3-001eec069ddd}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\.\RECYCLER\Lcass.exe
O33 - MountPoints2\{558bb9e3-848c-11df-88a3-001eec069ddd}\Shell\AutoRun\command - "" = H:\PMBP_Win.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012.07.03 19:59:09 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.07.03 08:01:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum
[2012.07.03 07:57:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\hellomoto
[2012.07.03 07:55:26 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D562BF056D71555DB516DC570F1C8B
[2012.06.13 07:44:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Macromedia
[2012.06.11 22:24:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Unity
[2012.06.11 18:07:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Real
[2012.06.11 18:03:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Google
[2012.06.11 18:03:50 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[5 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.07.03 20:15:22 | 000,021,886 | ---- | M] () -- C:\Users\***\Desktop\4QPj4eHK.html.part.html
[2012.07.03 20:11:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.03 19:59:21 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.07.03 19:58:22 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.07.03 19:48:36 | 000,003,952 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.03 19:48:36 | 000,003,952 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.03 17:48:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.03 17:48:25 | 3219,177,472 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.03 08:01:10 | 000,001,047 | ---- | M] () -- C:\Users\***\Desktop\Live Security Platinum.lnk
[2012.06.21 20:18:18 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2012.06.13 03:31:22 | 000,398,048 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.06.13 03:10:37 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.13 03:10:37 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.13 03:10:37 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.13 03:10:37 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[5 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.07.03 20:15:21 | 000,021,886 | ---- | C] () -- C:\Users\***\Desktop\4QPj4eHK.html.part.html
[2012.07.03 19:58:22 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.07.03 08:01:10 | 000,001,047 | ---- | C] () -- C:\Users\***\Desktop\Live Security Platinum.lnk
[2012.07.03 08:00:36 | 000,001,696 | ---- | C] () -- C:\Users\***\AppData\Local\{324328b3-18f6-fe81-cd82-329763ca9a20}\U\00000001.@
[2012.01.13 00:21:28 | 000,002,772 | ---- | C] () -- C:\Users\***\.recently-used.xbel
[2012.01.11 08:02:14 | 000,002,048 | -HS- | C] () -- C:\Users\***\AppData\Local\{324328b3-18f6-fe81-cd82-329763ca9a20}\@
[2010.03.22 11:46:18 | 000,001,074 | RH-- | C] () -- C:\Users\***\XrxWm.ini
[2010.03.22 11:46:18 | 000,000,522 | RH-- | C] () -- C:\Users\***\xw45cpdy.dyc
[2009.08.25 21:15:29 | 000,000,143 | ---- | C] () -- C:\Users\***\AppData\Roaming\default.rss
[2009.05.24 21:55:19 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2008.10.08 03:48:15 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2008.07.21 17:34:25 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.04.19 20:48:31 | 000,000,016 | -H-- | C] () -- C:\ProgramData\mxfilerelatedcache.mxc2
[2008.04.13 17:29:23 | 000,000,016 | -H-- | C] () -- C:\Users\***\AppData\Roaming\mxfilerelatedcache.mxc2
[2008.04.13 17:29:23 | 000,000,016 | -H-- | C] () -- C:\Users\***\AppData\Local\mxfilerelatedcache.mxc2
[2008.04.13 17:29:10 | 000,000,016 | -H-- | C] () -- C:\Users\***\mxfilerelatedcache.mxc2
[2008.04.13 11:36:36 | 000,029,696 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== LOP Check ==========
[2011.05.31 22:24:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Boomzap
[2011.08.09 23:38:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2011.08.09 23:37:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.09.19 11:27:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo
[2012.01.13 00:15:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2012.07.03 07:57:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\hellomoto
[2009.01.30 00:42:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JewelMatch2
[2009.12.18 21:51:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Toshiba
[2009.05.07 21:25:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2008.10.11 14:01:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ulead Systems
[2011.12.12 18:44:28 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job
[2012.07.03 08:20:55 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 24 bytes -> C:\Windows:D0E9857FE6CC8E5A
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:8BE7A048
< End of report > --- --- --- Und hier das Ergebnis im Extras.Txt-Editor:OTL Logfile: Code:
OTL Extras logfile created on: 03.07.2012 20:49:01 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 66,30% Memory free
6,22 Gb Paging File | 5,30 Gb Available in Paging File | 85,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139,73 Gb Total Space | 77,59 Gb Free Space | 55,53% Space Free | Partition Type: NTFS
Drive E: | 138,26 Gb Total Space | 102,69 Gb Free Space | 74,27% Space Free | Partition Type: NTFS
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D86B670-FE03-4752-B966-BBEA9AB64766}" = rport=139 | protocol=6 | dir=out | app=system |
"{146493D6-5C0D-411D-B4E3-DFECD401D471}" = rport=137 | protocol=17 | dir=out | app=system |
"{157D8492-3981-4404-A71A-4051B2E8853D}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{18E92ABB-6633-4BC2-A736-659FDBF46B04}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1B7C1B50-C320-4CA8-9446-3D76FF8E52E0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{1D951FF7-CA82-413F-9878-5C4DD3D96037}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{51E291F2-54F2-46EB-AA42-A24B7F0CD7DA}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{53789A85-0769-4432-B73C-2F87F3204E8A}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{6AB1A5D6-2C9D-4B41-AE74-4CFB02DEF717}" = rport=445 | protocol=6 | dir=out | app=system |
"{74BFC21A-5769-44D9-9460-B2A2DEA233D0}" = lport=137 | protocol=17 | dir=in | app=system |
"{7CBBEA91-3D8E-4D9D-B39C-7B6802280B4E}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7D350E87-B1E9-4157-8253-1D62C75A5A2B}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{8C1DA647-6605-409B-B6E3-EC50115AD51F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{934C7654-FFAF-4DDB-87B3-E34D87C87F99}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{95B6F370-D739-4880-8AE9-683EBF2C2917}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{95F15D96-6B42-48C0-98A8-626822311667}" = lport=138 | protocol=17 | dir=in | app=system |
"{9C810B85-A442-4AB5-AB06-6BF87EA55F87}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9D823EFC-D98D-467F-ADF3-0AE7E56F6C44}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{9F41C277-0916-4990-9953-04B97C2E77FE}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A02CCE39-A11D-430A-9BCC-8B10E86AD30C}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{A57E6842-628A-4C3B-914D-D7FE4B2225A4}" = lport=139 | protocol=6 | dir=in | app=system |
"{A88CAE07-0C8D-4940-89DA-650F47BD2770}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CFAE908F-6953-4C94-B740-5F30FCA3EF4B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{EA534335-AF6C-4039-B9CC-EE3D3E50007C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EB99A55C-C2B8-462A-B677-9DB9F99C55A0}" = lport=445 | protocol=6 | dir=in | app=system |
"{F0DB07B5-ABC6-4BB0-9071-6B704B48F9F7}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F1348304-9192-4814-B2D6-FCDDA0B96874}" = rport=138 | protocol=17 | dir=out | app=system |
"{F44B8A67-3462-4FB1-8443-6628F6E1FE40}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F5E68027-D8A1-46FC-AC77-2FAFFE7A612E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{FB9473E6-B2CD-46EF-9EF2-7A530FB6E78C}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FBD32EC1-1BD7-4F4A-91E7-A2178E200E86}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E155275-AC06-466F-B0BB-B6A9657D4B52}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2A9C9295-C46A-42F4-930F-00DE64E1379A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2CBFA1F8-43EE-4811-8BF2-0ED862CC9E6F}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4A68207E-7D84-4BB8-939C-F3FBB87108A8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{539AFA29-E623-4D98-BF79-62B9F415E97B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{57A508D5-268A-48E9-8125-8EB02B0728CC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{5F4DF54E-4BF2-4F4D-9DB2-06558B2C97E0}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6EBDCAAF-A58B-4298-B1CE-D9D88A235B08}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{70B6A17B-CA4D-4177-9333-A3AF3B42E79A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{77DE4009-678E-4CB0-827E-F49A5D659AD2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7BE4F7DF-0D0F-4A92-9C8C-547B33E70053}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{86C0A5D4-A59A-423A-998A-FFCB49E9C498}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{86F33FCA-D1C8-427F-9576-448470068467}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9335B734-E952-4D99-B457-A88F523E7992}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A6426957-01F2-437B-94ED-4888FBF7FE56}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{AC22C8A5-EE8A-4242-A845-58D55050D891}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{AE7A7D6E-C3FD-4A2B-8DA9-EBB9E9B518D3}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B2A5456D-E2AD-4DFF-B91D-3430F5647BD9}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{BBE6B446-A726-4A59-9CFF-AC7C66A7F0F9}" = protocol=6 | dir=in | app=e:\programme\itunes.exe |
"{C02F710B-FB49-438A-AEE8-66F4509AA116}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C30FC9D3-367E-43B8-A098-87986051F117}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CA56BA3D-F6A6-4783-89BD-1C31E2593E4A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{CBFBE7F1-B19B-4FC0-A2C7-5D87BE530045}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{CD22DD20-48DA-4F1B-9526-1F56D8FCED70}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DE4FC755-58D7-4E51-B0F0-B0E95C1BA72A}" = protocol=17 | dir=in | app=e:\programme\itunes.exe |
"{E1DB15EC-F23B-46E6-A9F9-1AB2AB40C474}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E60027C8-0001-4167-8AE9-B9990CF507D2}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E784D100-B24D-44F0-A0D1-F8BD6AED91BB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E92AE48B-C48B-4A24-95DA-992822EBF8A6}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F13B2015-90D1-48D9-B689-320DB38DDBC8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F675F346-0E11-4A93-828A-E48DFE3E855F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"TCP Query User{4972F677-45B1-42C3-94EE-685A95D97E84}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{596F786B-00F2-416A-9CE8-61025F9FBF1F}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{7D9B7A04-90C0-4FE3-A2E9-5AF425FE049A}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{B31C2A69-F230-47DE-A50F-B40057C7CD88}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{D028D92E-3550-4584-A2A1-B9282E4D1806}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"TCP Query User{DF8D0819-346E-4F00-AE06-D538149ADC91}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{0A7CD4DF-5521-4163-94D3-89D578CD195D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{258311EB-8967-42D6-A5FB-8E82293822E9}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{3F5C2F82-C639-4C90-B59E-8A54438E964E}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{57A1B630-F91F-4857-B1CB-7C5BACEFE9E2}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"UDP Query User{87595D18-1186-460F-8861-2971EA0F065C}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{A7A2090C-AA3B-48E3-98BA-75ED980CF83B}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0323731F-5EFF-C9AE-B398-6077AE9C67D9}" = Catalyst Control Center Localization Chinese Standard
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{084D94A9-D67E-D41B-6B4E-B6A481384D27}" = CCC Help Finnish
"{0A8DA20B-1F01-D1C5-A24F-91EEE7A94A59}" = Catalyst Control Center Localization Korean
"{0FEBE468-714C-9191-D5D0-9D117BAE0A55}" = Skins
"{10004416-C81D-E8DB-5E92-5990D66F0B6D}" = Catalyst Control Center Localization Danish
"{11D49772-0D06-0B31-DC09-CE413F9B0C93}" = CCC Help Chinese Traditional
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
"{22721B8E-8D36-C102-8C79-925C221DD9B4}" = Catalyst Control Center Localization Russian
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{24A9C9A9-9749-0206-1E7E-BD32AA946D35}" = Catalyst Control Center Graphics Full New
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 33
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2D1B9BD2-C430-C5D6-6A40-BD00956F9CA4}" = Catalyst Control Center Graphics Previews Vista
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{34E2872D-1493-25E6-FBD8-98FCC1A96645}" = CCC Help Portuguese
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3BF34856-1A5F-2AD8-7D50-66BE8A82B5C1}" = CCC Help Spanish
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{45F00029-0A50-43AA-497A-67EFFF1E06F7}" = CCC Help Swedish
"{478A4948-C6E9-E3BE-6353-ECCA1DD65CF4}" = Catalyst Control Center Localization Czech
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5034E4E7-A8E7-7BCA-0014-1534C77A7A5C}" = Catalyst Control Center Localization Turkish
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{52EC92CA-771A-F8C8-95A2-37AFB43798B7}" = Catalyst Control Center Localization Spanish
"{56995235-B76E-44A6-BA17-8FF13D3F907A}" = TOSHIBA Benutzerhandbücher
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5980B928-1C95-4B3E-957B-B02D8147FF9E}" = Desktop SMS
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{64FA2F4C-F61D-9A7C-318D-711C63308A61}" = CCC Help German
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6DA9102E-199F-43A0-A36B-6EF48081A658}" = Systemsteuerung "MobileMe"
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72E710CD-51E2-D3BA-108C-F00C54E5B7B0}" = CCC Help Japanese
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{796A8F45-C24A-F0C7-2114-FAABC5DA8367}" = Catalyst Control Center Graphics Full Existing
"{79A4C5D0-EF1A-752A-43F9-C4E79341628A}" = Catalyst Control Center Localization Italian
"{7AC09EE2-08B0-7C97-B8ED-961C58AA9E96}" = Catalyst Control Center Localization Greek
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BD0D8F8-A13C-48D2-B201-4AD29A48AF34}" = Google SketchUp 7
"{7BD5E0A6-DB75-B763-CE09-0D883E97F5DF}" = Catalyst Control Center Localization Thai
"{7CF70E3E-BDC7-5F46-F806-49D8D104A0E3}" = CCC Help Danish
"{7D61830A-1867-6DFA-11FE-A64752B4658D}" = CCC Help Greek
"{80FEE630-084D-50F6-9FC8-75757A87F015}" = Catalyst Control Center Localization Polish
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8E8780B8-2924-B51D-976B-59EE97713659}" = CCC Help Russian
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{95AEBA1F-23F4-3751-73FA-CFCFB962F789}" = CCC Help Polish
"{977D59F6-C638-B0AC-5CE4-D6A615D62033}" = Catalyst Control Center Localization Dutch
"{98FB128F-1462-6AF5-471C-4512232E9478}" = ccc-core-static
"{9954B400-AEB7-638D-E753-BB4ECE1064EE}" = CCC Help English
"{9A1EFCBB-5E3C-7E13-2AAD-7AFA4FD9DBD9}" = Catalyst Control Center Localization Swedish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6D4234C-CB02-4048-AC3E-AD09404FA35A}" = Emdedded IR Driver
"{A73730D7-1D88-3DAB-9A3B-3959093347CC}" = CCC Help Chinese Standard
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AAD49C89-CA9D-911E-0407-8EE0521EA24D}" = CCC Help Dutch
"{AC76BA86-7AD7-1031-7B44-A83000000003}" = Adobe Reader 8.3.1 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}" = PixiePack Codec Pack
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BF49AD34-C4F3-115A-CACE-E06EA0B59EDC}" = CCC Help Korean
"{C3075CFB-4EFE-AD80-587A-3FB74338A44D}" = Catalyst Control Center Localization Finnish
"{C705D235-051D-B65E-DAF2-E4D104F640A6}" = CCC Help Norwegian
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C985DD31-E62E-E121-D918-E7CDE78B523B}" = Catalyst Control Center Core Implementation
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CEDFF4EA-DFCF-312A-773A-4F743AAF78E2}" = Catalyst Control Center Localization Japanese
"{D55BA1E9-0517-C325-00BD-B68087923AE9}" = CCC Help Hungarian
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{DD3D3F5A-BFB9-CEC4-1A86-619E7FF83300}" = Catalyst Control Center Localization Chinese Traditional
"{DE64DACB-B8EA-BF73-EB87-67C22FFA0C52}" = ccc-utility
"{E1B530E5-3515-AC68-CA75-0932BA837A1A}" = CCC Help Thai
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E54F065A-4DCB-1875-222D-CF27620AF646}" = Catalyst Control Center Localization Portuguese
"{E6802BDF-0F93-6DB7-E542-B1B36BAA9FFF}" = Catalyst Control Center Localization French
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E858ECF5-7644-33F3-EBE5-1A6D4E606F5B}" = CCC Help Turkish
"{EA6DCFC6-BCA2-D901-7417-19261C50802A}" = Catalyst Control Center Localization Hungarian
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F6527F8D-F203-CD41-7D39-2C6FBB91DCAD}" = CCC Help Italian
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"{FBB22939-6AAD-A6EB-5AA1-BAA166F2D032}" = CCC Help Czech
"{FDC08E4B-F82B-6183-D0B5-A5F89678AB82}" = Catalyst Control Center Graphics Light
"{FE890808-EE76-63DF-6D0E-4609D2520DF0}" = Catalyst Control Center Localization German
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FEDD8B8B-6EA0-A35C-6CB4-06F1AF4D7769}" = Catalyst Control Center Localization Norwegian
"{FF62A079-FE47-C34A-AB88-C61CA838B007}" = CCC Help French
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Avira AntiVir Desktop" = Avira Free Antivirus
"BFG-Death at Fairing Point - Ein Dana Knightstone Roman" = Death at Fairing Point: Ein Dana Knightstone Roman
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"FotoMorph" = Digital Photo Software FotoMorph 12.4.5
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.7.804
"FreePDF_XP" = FreePDF XP (Remove only)
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{A6D4234C-CB02-4048-AC3E-AD09404FA35A}" = Emdedded IR Driver
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"myphotobook" = myphotobook 3.1
"NAVIGON Fresh" = NAVIGON Fresh 3.2.0
"PopCap-Browser-Plugin" = PopCap Browser Plugin
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"VistaGlazz_is1" = VistaGlazz 1.2
"VTPlus32 für WinTV (German)" = VTPlus32 für WinTV (German)
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinGimp-2.0_is1" = GIMP 2.6.11
"Zylom Games Player Plugin" = Zylom Games Player Plugin
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Live Security Platinum" = Live Security Platinum
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 30.05.2012 11:05:09 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 34977827
Error - 30.05.2012 20:52:36 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 30.05.2012 20:52:36 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1264
Error - 30.05.2012 20:52:36 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1264
Error - 30.05.2012 20:52:37 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 30.05.2012 20:52:37 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2309
Error - 30.05.2012 20:52:37 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2309
Error - 31.05.2012 12:27:21 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 31.05.2012 12:27:21 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 56086182
Error - 31.05.2012 12:27:21 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 56086182
[ Media Center Events ]
Error - 21.12.2009 16:19:38 | Computer Name = *** | Source = ehRecvr | ID = 4
Description =
[ OSession Events ]
Error - 01.03.2010 03:55:37 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 32
seconds with 0 seconds of active time. This session ended with a crash.
Error - 16.03.2010 05:21:03 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 91020
seconds with 60 seconds of active time. This session ended with a crash.
Error - 27.06.2010 03:42:42 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 90804
seconds with 420 seconds of active time. This session ended with a crash.
Error - 23.10.2010 03:30:14 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 66
seconds with 60 seconds of active time. This session ended with a crash.
Error - 06.12.2010 04:21:14 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 533
seconds with 60 seconds of active time. This session ended with a crash.
Error - 22.12.2010 13:45:00 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 106
seconds with 60 seconds of active time. This session ended with a crash.
Error - 03.01.2011 18:47:47 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 22196
seconds with 60 seconds of active time. This session ended with a crash.
Error - 07.09.2011 13:32:48 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 9134
seconds with 120 seconds of active time. This session ended with a crash.
Error - 06.10.2011 14:59:36 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 117
seconds with 60 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 03.07.2012 02:01:44 | Computer Name = *** | Source = DCOM | ID = 10010
Description =
Error - 03.07.2012 02:20:44 | Computer Name = *** | Source = DCOM | ID = 10010
Description =
Error - 03.07.2012 11:50:00 | Computer Name = *** | Source = DCOM | ID = 10010
Description =
Error - 03.07.2012 11:50:06 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description =
Error - 03.07.2012 11:50:06 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description =
Error - 03.07.2012 11:50:06 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description =
Error - 03.07.2012 12:11:36 | Computer Name = *** | Source = DCOM | ID = 10010
Description =
Error - 03.07.2012 14:08:35 | Computer Name = *** | Source = Print | ID = 6161
Description = Das Dokument Für alle Hilfesuchenden! Was muss ich vor der Eröffnung
eines Themas beachten? - Trojaner-Board im Besitz von *** konnte nicht
auf dem Drucker Brother HL-1430 gedruckt werden. Versuchen Sie erneut, das Dokument
zu drucken, oder starten Sie den Druckspooler erneut. Datentyp: NT EMF 1.008. Größe
der Spooldatei in Bytes: 8824360. Anzahl der gedruckten Bytes: 0. Gesamtanzahl
der Seiten des Dokuments: 6. Anzahl der gedruckten Seiten: 0. Clientcomputer: \\***.
Vom Druckprozessor zurückgegebener Win32-Fehlercode: 2. Das System kann die angegebene
Datei nicht finden.
Error - 03.07.2012 14:09:55 | Computer Name = *** | Source = Print | ID = 6161
Description = Das Dokument Für alle Hilfesuchenden! Was muss ich vor der Eröffnung
eines Themas beachten? - Trojaner-Board im Besitz von *** konnte nicht
auf dem Drucker Brother HL-1430 gedruckt werden. Versuchen Sie erneut, das Dokument
zu drucken, oder starten Sie den Druckspooler erneut. Datentyp: NT EMF 1.008. Größe
der Spooldatei in Bytes: 8824360. Anzahl der gedruckten Bytes: 0. Gesamtanzahl
der Seiten des Dokuments: 6. Anzahl der gedruckten Seiten: 0. Clientcomputer: \\***.
Vom Druckprozessor zurückgegebener Win32-Fehlercode: 2. Das System kann die angegebene
Datei nicht finden.
Error - 03.07.2012 14:48:13 | Computer Name = *** | Source = Print | ID = 6161
Description = Das Dokument Für alle Hilfesuchenden! Was muss ich vor der Eröffnung
eines Themas beachten? - Trojaner-Board im Besitz von *** konnte nicht
auf dem Drucker Brother HL-1430 gedruckt werden. Versuchen Sie erneut, das Dokument
zu drucken, oder starten Sie den Druckspooler erneut. Datentyp: NT EMF 1.008. Größe
der Spooldatei in Bytes: 10792460. Anzahl der gedruckten Bytes: 0. Gesamtanzahl
der Seiten des Dokuments: 6. Anzahl der gedruckten Seiten: 0. Clientcomputer: \\***.
Vom Druckprozessor zurückgegebener Win32-Fehlercode: 2. Das System kann die angegebene
Datei nicht finden.
< End of report > --- --- ---
Ich gehe jetzt zu Schritt 3, da ich ein 32bit System habe.
Ich habe noch eine Frage: Muß ich Defogger.exe für Schritt 3 auch schließen??? |