Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Wechseldatenträger können nicht mehr verwendet werden, Recycler kann nicht gefunden werden (https://www.trojaner-board.de/129939-wechseldatentraeger-mehr-verwendet-recycler-gefunden.html)

momo2408 22.01.2013 20:42
Wechseldatenträger können nicht mehr verwendet werden, Recycler kann nicht gefunden werden
 
Liste der Anhänge anzeigen (Anzahl: 2)
Hallo Trojaner-board

Ich habe ein riesiges Problem mit verschiedenen Wechseldatenträgern vorallem mit meiner externen Festplatte und meinem Smartphone. Habe die Suchfunktion und Google auch schon berfragt aber nichts konnte mir weiter helfen. Mein Problem ist folgendes:

1. Externe Festplatte:

Wenn ich die Festplatte anschließe und den Ordner öffne sind alle Ordner auf der Festplatte nur noch Verknüpfungen die ich aber etwas umständlich öffnen kann. Ich Doppelklicke auf irgend einen Ordner und es kommt ein Fester. (Im Anhang Fehlermeldung). Danach öffnet sich kurz die Eingabeaufforderung aber dort steht nichts drin und schließt sich auch gleich wieder. Nun öffnet sich der Ordner und ich kann auf die Datei zugreifen. Das wäre mein erstes Problem.

2.Smartphone:

Nun wenn ich mein Handy anstecke und z.B. den Ordner DCIM öffnen will kommt die Fehlermeldung die im Anhang unter Fehlermeldung 2 zu finden ist. Auf meinem Handy sind nicht nur Bilder sondern auch wichtige Daten die ich dringend sichern müsste. Falls es etwas hilft es handelt sich um ein HTC Sensation XL.

Ich habe schon alles mögliche ausprobiert trotzdem findet jegliche Software keine Viren bzw. es erscheinen keine Meldungen. Ich hoffe ihr könnt mir helfen. :confused:

Lg momo

cosinus 23.01.2013 17:06
Hallo und :hallo:

Hast du Virenscanner-Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

momo2408 23.01.2013 18:40
Gleich mal danke für die schnelle Antwort

Hier sind mal die Logs die ich gefunden habe und die auf dem neuestem Stand sind.

Code:
***** DRIVE/DIRECTORY SCAN *****
Trojan Remover Ver 6.8.5.2611. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 20:02:41 22 Jan 2013
Using Database v7958
Operating System:  Windows 7 x64 Professional (SP1) [Build: 6.1.7601]
File System:      NTFS
UAC is ENABLED [default level]
UserData directory: C:\Users\Schüler\AppData\Roaming\Simply Super Software\Trojan Remover\
Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\
Logfile directory:  C:\Users\Schüler\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory:  C:\Program Files (x86)\Trojan Remover\
Running with Administrator privileges

************************************************************
Carrying out scan on E:\
(including subdirectories)
Archive files will be EXCLUDED.
------------------------------
E:\DCIM\.thumbnails\HtcPhotoGridWidget3D\EEB7B6D1\0-AE38E192-800.jpg - this file cannot be found (on unconnected removable drive)
E:\DCIM\.thumbnails\HtcPhotoGridWidget3D\EEB7B6D1\0-A1B40A87-800.jpg - this file cannot be found (on unconnected removable drive)
E:\DCIM\.thumbnails\HtcPhotoGridWidget3D\EEB7B6D1\0-AE2ACA11-800.jpg - this file cannot be found (on unconnected removable drive)
E:\DCIM\.thumbnails\HtcPhotoGridWidget3D\EEB7B6D1\0-A1A5F306-800.jpg - this file cannot be found (on unconnected removable drive)
E:\DCIM\.thumbnails\HtcPhotoGridWidget3D\EEB7B6D1\0-100119FB-800.jpg - this file cannot be found (on unconnected removable drive)
E:\DCIM\.thumbnails\HtcPhotoGridWidget3D\EEB7B6D1\0-B8D71225-800.jpg - this file cannot be found (on unconnected removable drive)
E:\DCIM\.thumbnails\HtcPhotoGridWidget3D\EEB7B6D1\0-B8C8FAA4-800.jpg - this file cannot be found (on unconnected removable drive)
E:\DCIM\.thumbnails\HtcPhotoGridWidget3D\EEB7B6D1\0-AE46F913-800.jpg - this file cannot be found (on unconnected removable drive)
E:\DCIM\.thumbnails\HtcPhotoGridWidget3D\EEB7B6D1\0-B8BAE323-800.jpg - this file cannot be found (on unconnected removable drive)
E:\DCIM\.thumbnails\HtcPhotoGridWidget3D\EEB7B6D1\0-69CCEDAE-800.jpg - this file cannot be found (on unconnected removable drive)
E:\DCIM\.thumbnails\HtcPhotoGridWidget3D\EEB7B6D1\0-69BED62D-800.jpg - this file cannot be found (on unconnected removable drive)
E:\DCIM\.thumbnails\HtcPhotoGridWidget3D\EEB7B6D1\0-69B0BEAC-800.jpg - this file cannot be found (on unconnected removable drive)
E:\DCIM\.thumbnails\HtcPhotoGridWidget3D\EEB7B6D1\0-80D3C64A-800.jpg - this file cannot be found (on unconnected removable drive)
E:\DCIM\.thumbnails\HtcPhotoGridWidget3D\EEB7B6D1\0-80C5AEC9-800.jpg - this file cannot be found (on unconnected removable drive)
E:\DCIM\.thumbnails\HtcPhotoGridWidget3D\EEB7B6D1\0-AE551094-800.jpg - this file cannot be found (on unconnected removable drive)
E:\DCIM\.thumbnails\HtcPhotoGridWidget3D\EEB7B6D1\0-7914096A-800.jpg - this file cannot be found (on unconnected removable drive)
E:\DCIM\.thumbnails\HtcPhotoGridWidget3D\EEB7B6D1\0-7162640B-800.jpg - this file cannot be found (on unconnected removable drive)
E:\DCIM\.thumbnails\HtcPhotoGridWidget3D\EEB7B6D1\0-88856BA9-800.jpg - this file cannot be found (on unconnected removable drive)
E:\DCIM\.thumbnails\HtcPhotoGridWidget3D\EEB7B6D1\0-AE8D6E98-800.jpg - this file cannot be found (on unconnected removable drive)
E:\DCIM\.thumbnails\HtcPhotoGridWidget3D\EEB7B6D1\0-88775428-800.jpg - this file cannot be found (on unconnected removable drive)
E:\DCIM\.thumbnails\10-19DA5BAC-555630-800.jpg - this file cannot be found (on unconnected removable drive)
E:\DCIM\.thumbnails\10-A78BC837-181171-800.jpg - this file cannot be found (on unconnected removable drive)
E:\DCIM\.thumbnails\10-5547A3EC-612315-800.jpg - this file cannot be found (on unconnected removable drive)
E:\DCIM\.thumbnails\11-19DA5BAC-555630-800.jpg - this file cannot be found (on unconnected removable drive)
E:\DCIM\.thumbnails\12-19DA5BAC-555630-800.jpg - this file cannot be found (on unconnected removable drive)
E:\DCIM\.thumbnails\12-6CDE3664-1548447-800.jpg - this file cannot be found (on unconnected removable drive)
E:\DCIM\.thumbnails\1355052034886.jpg - this file cannot be found (on unconnected removable drive)
E:\DCIM\.thumbnails\101-DF7D223F-1206281-800.jpg - this file cannot be found (on unconnected removable drive)
E:\DCIM\100MEDIA - this file cannot be found (on unconnected removable drive)
E:\HTC Sync - this file cannot be found (on unconnected removable drive)
E:\Music - this file cannot be found (on unconnected removable drive)
E:\QSG - this file cannot be found (on unconnected removable drive)
E:\UM - this file cannot be found (on unconnected removable drive)
E:\Video - this file cannot be found (on unconnected removable drive)
E:\My Documents - this file cannot be found (on unconnected removable drive)
E:\tmp - this file cannot be found (on unconnected removable drive)
E:\Android - this file cannot be found (on unconnected removable drive)
E:\media - this file cannot be found (on unconnected removable drive)
E:\Navigon - this file cannot be found (on unconnected removable drive)
E:\leorc - this file cannot be found (on unconnected removable drive)
E:\temp - this file cannot be found (on unconnected removable drive)
------------------------------
1283 files scanned
Directory scan complete - no Malware files detected
Scan completed at: 20:07:04 22 Jan 2013
Total Scan time: 00:04:22
************************************************************


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.8.5.2611. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 19:58:22 22 Jan 2013
Using Database v7958
Operating System:  Windows 7 x64 Professional (SP1) [Build: 6.1.7601]
File System:      NTFS
UAC is ENABLED [default level]
UserData directory: C:\Users\Schüler\AppData\Roaming\Simply Super Software\Trojan Remover\
Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\
Logfile directory:  C:\Users\Schüler\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory:  C:\Program Files (x86)\Trojan Remover\
Running with Administrator privileges

************************************************************
19:58:22: ----- CHECKING DEFAULT FILE ASSOCIATIONS -----
No modified default file associations detected

************************************************************
19:58:22: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
19:58:22: Scanning -----WINDOWS  REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [explorer.exe]
File: C:\windows\Explorer.exe
C:\windows\Explorer.exe
2871808 bytes
Created:  19.06.2011 16:02
Modified: 25.02.2011 07:19
Company:  Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\Windows\system32\userinit.exe,]
File: C:\Windows\system32\userinit.exe
C:\windows\System32\userinit.exe
30720 bytes
Created:  21.11.2010 04:24
Modified: 21.11.2010 04:24
Company:  Microsoft Corporation
----------
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: [NBAgent]
Value Data: ["C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart]
C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
1406248 bytes
Created:  07.01.2011 17:48
Modified: 07.01.2011 17:48
Company:  Nero AG
--------------------
Value Name: [TOSDCR]
Value Data: [%ProgramFiles%\TOSHIBA\PasswordUtility\TOSDCR.exe]
C:\Program Files\TOSHIBA\PasswordUtility\TOSDCR.exe - [file not found to scan]
--------------------
Value Name: [ITSecMng]
Value Data: [%ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START]
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe - [file not found to scan]
--------------------
Value Name: [TUSBSleepChargeSrv]
Value Data: [%ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe]
C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
253312 bytes
Created:  05.08.2011 08:34
Modified: 26.10.2009 10:29
Company:  TOSHIBA
--------------------
Value Name: [TWebCamera]
Value Data: ["C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun]
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
2454840 bytes
Created:  05.08.2011 08:43
Modified: 01.05.2010 16:02
Company:  TOSHIBA CORPORATION.
--------------------
Value Name: [TNRotate]
Value Data: [%ProgramFiles(x86)%\TOSHIBA\TNRotate\TNRotate.exe]
C:\Program Files (x86)\TOSHIBA\TNRotate\TNRotate.exe
607688 bytes
Created:  05.08.2011 08:45
Modified: 25.11.2010 14:00
Company:  TOSHIBA Corporation
--------------------
Value Name: [Adobe ARM]
Value Data: ["C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
937920 bytes
Created:  06.06.2011 11:55
Modified: 06.06.2011 11:55
Company:  Adobe Systems Incorporated
--------------------
Value Name: [SunJavaUpdateSched]
Value Data: ["C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
254696 bytes
Created:  09.06.2011 12:06
Modified: 09.06.2011 12:06
Company:  Sun Microsystems, Inc.
--------------------
Value Name: [AVG_TRAY]
Value Data: ["C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"]
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
2596984 bytes
Created:  31.07.2012 02:37
Modified: 31.07.2012 02:37
Company:  AVG Technologies CZ, s.r.o.
--------------------
Value Name: [BCSSync]
Value Data: ["C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices]
C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
91520 bytes
Created:  13.03.2010 13:54
Modified: 13.03.2010 13:54
Company:  Microsoft Corporation
--------------------
Value Name: [avgnt]
Value Data: ["C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min]
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
384800 bytes
Created:  11.10.2012 14:28
Modified: 11.12.2012 17:37
Company:  Avira Operations GmbH & Co. KG
--------------------
Value Name: [CanonSolutionMenuEx]
Value Data: [C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon]
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
1637496 bytes
Created:  31.10.2012 13:24
Modified: 04.08.2011 14:41
Company:  CANON INC.
--------------------
Value Name: [TrojanScanner]
Value Data: [C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot]
C:\Program Files (x86)\Trojan Remover\Trjscan.exe
1247504 bytes
Created:  22.01.2013 19:57
Modified: 14.09.2012 11:58
Company:  Simply Super Software
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: [Steam]
Value Data: ["C:\Program Files (x86)\Steam\steam.exe" -silent]
C:\Program Files (x86)\Steam\steam.exe
1354736 bytes
Created:  16.03.2011 09:47
Modified: 04.12.2012 19:44
Company:  Valve Corporation
--------------------
Value Name: [DAEMON Tools Pro Agent]
Value Data: ["C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun]
C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
3111744 bytes
Created:  26.04.2012 13:33
Modified: 26.04.2012 13:33
Company:  DT Soft Ltd
--------------------
Value Name: [SDP]
Value Data: [C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe /auto ]
C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe
201808 bytes
Created:  03.10.2012 07:22
Modified: 03.10.2012 07:22
Company:  Somoto
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty

************************************************************
19:58:25: Scanning -----WINDOWS  64 Bit  REGISTRY-----
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: [IgfxTray]
Value Data: [C:\windows\system32\igfxtray.exe]
C:\windows\System32\igfxtray.exe
162328 bytes
Created:  30.01.2011 20:14
Modified: 30.01.2011 20:14
Company:  Intel Corporation
--------------------
Value Name: [HotKeysCmds]
Value Data: [C:\windows\system32\hkcmd.exe]
C:\windows\System32\hkcmd.exe
386584 bytes
Created:  30.01.2011 20:14
Modified: 30.01.2011 20:14
Company:  Intel Corporation
--------------------
Value Name: [Persistence]
Value Data: [C:\windows\system32\igfxpers.exe]
C:\windows\System32\igfxpers.exe
417304 bytes
Created:  30.01.2011 20:14
Modified: 30.01.2011 20:14
Company:  Intel Corporation
--------------------
Value Name: [TPwrMain]
Value Data: [%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE]
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE
567720 bytes
Created:  05.11.2010 19:22
Modified: 05.11.2010 19:22
Company:  TOSHIBA Corporation
--------------------
Value Name: [HSON]
Value Data: [%ProgramFiles%\TOSHIBA\TBS\HSON.exe]
C:\Program Files\TOSHIBA\TBS\HSON.exe
296824 bytes
Created:  25.09.2010 11:01
Modified: 25.09.2010 11:01
Company:  TOSHIBA Corporation
--------------------
Value Name: [SmoothView]
Value Data: [%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe]
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
570680 bytes
Created:  13.08.2009 11:31
Modified: 13.08.2009 11:31
Company:  TOSHIBA Corporation
--------------------
Value Name: [00TCrdMain]
Value Data: [%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe]
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
915320 bytes
Created:  28.10.2010 13:27
Modified: 28.10.2010 13:27
Company:  TOSHIBA Corporation
--------------------
Value Name: [RtHDVCpl]
Value Data: [C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe  -s]
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
8305664 bytes
Created:  05.08.2011 08:28
Modified: 30.10.2009 13:16
Company:  Realtek Semiconductor
--------------------
Value Name: [Apoint]
Value Data: [C:\Program Files\Apoint2K\Apoint.exe]
C:\Program Files\Apoint2K\Apoint.exe
315392 bytes
Created:  06.01.2010 12:12
Modified: 06.01.2010 12:12
Company:  Alps Electric Co., Ltd.
--------------------
Value Name: [ThpSrv]
Value Data: [C:\windows\system32\thpsrv /logon]
C:\windows\SysWOW64\thpsrv - [file not found to scan]
--------------------
Value Name: [SmartFaceVWatcher]
Value Data: [%ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe]
C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
238080 bytes
Created:  29.07.2009 07:21
Modified: 29.07.2009 07:21
Company:  TOSHIBA Corporation
--------------------
Value Name: [Teco]
Value Data: ["%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r]
C:\Program Files\TOSHIBA\TECO\Teco.exe
1544104 bytes
Created:  07.04.2011 13:35
Modified: 07.04.2011 13:35
Company:  TOSHIBA Corporation
--------------------
Value Name: [TosSENotify]
Value Data: [C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe]
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
709976 bytes
Created:  05.02.2010 16:45
Modified: 05.02.2010 16:45
Company:  TOSHIBA Corporation
--------------------
Value Name: [TFPUPWDBankService]
Value Data: [C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe /start]
C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe
925104 bytes
Created:  02.03.2010 09:24
Modified: 02.03.2010 09:24
Company:  TOSHIBA
--------------------
Value Name: [TFPUService]
Value Data: [C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe /start]
C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe
789368 bytes
Created:  04.11.2010 10:03
Modified: 04.11.2010 10:03
Company:  TOSHIBA
--------------------
Value Name: [TosReelTimeMonitor]
Value Data: [%ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe]
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
38304 bytes
Created:  14.12.2010 16:00
Modified: 14.12.2010 16:00
Company:  TOSHIBA Corporation
--------------------
Value Name: [TosVolRegulator]
Value Data: [C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe]
C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
24376 bytes
Created:  05.08.2011 08:54
Modified: 11.11.2009 13:31
Company:  TOSHIBA Corporation
--------------------
Value Name: [Toshiba TEMPRO]
Value Data: [C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe]
C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
1546720 bytes
Created:  10.02.2011 08:25
Modified: 10.02.2011 08:25
Company:  Toshiba Europe GmbH
--------------------
Value Name: [Toshiba Registration]
Value Data: [C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe]
C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe
150992 bytes
Created:  19.06.2011 16:22
Modified: 19.06.2011 16:22
Company:  Toshiba Europe GmbH
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty

************************************************************
19:58:27: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}
Value:    Groove GFS Stub Execution Hook
File:      C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
6670496 bytes
Created:  16.08.2012 05:51
Modified: 16.08.2012 05:51
Company:  Microsoft Corporation
----------

************************************************************
19:58:27: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
19:58:27: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.

************************************************************
19:58:27: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key:  >{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
Path: %SystemRoot%\system32\unregmp2.exe /ShowWMP
C:\windows\System32\unregmp2.exe
323584 bytes
Created:  14.07.2009 01:23
Modified: 14.07.2009 02:39
Company:  Microsoft Corporation
----------
Key:  >{26923b43-4d38-484f-9b9e-de460746276c}
Path: C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
C:\Windows\SysWOW64\ie4uinit.exe
74240 bytes
Created:  19.06.2011 15:51
Modified: 19.06.2011 15:51
Company:  Microsoft Corporation
----------
Key:  {2C7339CF-2B09-4501-B3F3-F3508C9228ED}
Path: %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
C:\windows\System32\themeui.dll
2851840 bytes
Created:  21.11.2010 04:23
Modified: 21.11.2010 04:23
Company:  Microsoft Corporation
----------
Key:  {44BBA840-CC51-11CF-AAFA-00AA00B6015C}
Path: "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
C:\Program Files (x86)\Windows Mail\WinMail.exe
Key:  {6BF52A52-394A-11d3-B153-00C04F79FAA6}
Path: %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
C:\windows\System32\unregmp2.exe
323584 bytes
Created:  14.07.2009 01:23
Modified: 14.07.2009 02:39
Company:  Microsoft Corporation
----------
Key:  {89820200-ECBD-11cf-8B85-00AA005B4340}
Path: regsvr32.exe /s /n /i:U shell32.dll
C:\windows\System32\shell32.dll
14172672 bytes
Created:  02.10.2012 11:47
Modified: 09.06.2012 06:43
Company:  Microsoft Corporation
----------
Key:  {89820200-ECBD-11cf-8B85-00AA005B4383}
Path: C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
C:\Windows\SysWOW64\ie4uinit.exe
74240 bytes
Created:  19.06.2011 15:51
Modified: 19.06.2011 15:51
Company:  Microsoft Corporation
----------
Key:  {89B4C1CD-B018-4511-B0A1-5476DBF70820}
Path: C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
C:\Windows\SysWOW64\mscories.dll
80720 bytes
Created:  21.11.2010 04:24
Modified: 21.11.2010 04:24
Company:  Microsoft Corporation
----------

************************************************************
19:58:29: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key:  AppHostSvc
Path: %windir%\system32\inetsrv\apphostsvc.dll
C:\windows\System32\inetsrv\apphostsvc.dll
65536 bytes
Created:  21.11.2010 04:24
Modified: 21.11.2010 04:24
Company:  Microsoft Corporation
--------------------
Key:  StorSvc
Path: %SystemRoot%\system32\storsvc.dll
C:\windows\System32\storsvc.dll
17920 bytes
Created:  14.07.2009 01:00
Modified: 14.07.2009 02:41
Company:  Microsoft Corporation
--------------------
Key:  W3SVC
Path: %windir%\system32\inetsrv\iisw3adm.dll
C:\windows\System32\inetsrv\iisw3adm.dll
453120 bytes
Created:  21.11.2010 04:24
Modified: 21.11.2010 04:24
Company:  Microsoft Corporation
--------------------
Key:  WAS
Path: %windir%\system32\inetsrv\iisw3adm.dll
C:\windows\System32\inetsrv\iisw3adm.dll
453120 bytes
Created:  21.11.2010 04:24
Modified: 21.11.2010 04:24
Company:  Microsoft Corporation
--------------------

************************************************************
19:58:31: Scanning ----- SERVICES REGISTRY KEYS -----
Key:      1394ohci
ImagePath: \SystemRoot\system32\drivers\1394ohci.sys
C:\windows\System32\drivers\1394ohci.sys
229888 bytes
Created:  21.11.2010 04:23
Modified: 21.11.2010 04:23
Company:  Microsoft Corporation
----------
Key:      ACPI
ImagePath: system32\drivers\ACPI.sys
C:\windows\System32\drivers\ACPI.sys
334208 bytes
Created:  21.11.2010 04:23
Modified: 21.11.2010 04:23
Company:  Microsoft Corporation
----------
Key:      AcpiPmi
ImagePath: \SystemRoot\system32\drivers\acpipmi.sys
C:\windows\System32\drivers\acpipmi.sys
12800 bytes
Created:  21.11.2010 04:23
Modified: 21.11.2010 04:23
Company:  Microsoft Corporation
----------
Key:      AdobeARMservice
ImagePath: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
64952 bytes
Created:  06.06.2011 11:55
Modified: 06.06.2011 11:55
Company:  Adobe Systems Incorporated
----------
Key:      adp94xx
ImagePath: \SystemRoot\system32\drivers\adp94xx.sys
C:\windows\System32\drivers\adp94xx.sys
491088 bytes
Created:  10.06.2009 21:36
Modified: 14.07.2009 02:52
Company:  Adaptec, Inc.
----------
Key:      adpahci
ImagePath: \SystemRoot\system32\drivers\adpahci.sys
C:\windows\System32\drivers\adpahci.sys
339536 bytes
Created:  13.07.2009 22:59
Modified: 14.07.2009 02:52
Company:  Adaptec, Inc.
----------
Key:      adpu320
ImagePath: \SystemRoot\system32\drivers\adpu320.sys
C:\windows\System32\drivers\adpu320.sys
182864 bytes
Created:  13.07.2009 22:59
Modified: 14.07.2009 02:52
Company:  Adaptec, Inc.
----------
Key:      AFD
ImagePath: \SystemRoot\system32\drivers\afd.sys
C:\windows\System32\drivers\afd.sys
498688 bytes
Created:  02.10.2012 11:44
Modified: 28.12.2011 04:59
Company:  Microsoft Corporation
----------
Key:      AgereSoftModem
ImagePath: system32\DRIVERS\agrsm64.sys
C:\windows\System32\DRIVERS\agrsm64.sys
1146880 bytes
Created:  10.06.2009 22:01
Modified: 10.06.2009 22:01
Company:  LSI Corp
----------
Key:      agp440
ImagePath: \SystemRoot\system32\drivers\agp440.sys
C:\windows\System32\drivers\agp440.sys
61008 bytes
Created:  14.07.2009 00:38
Modified: 14.07.2009 02:52
Company:  Microsoft Corporation
----------
Key:      ALG
ImagePath: %SystemRoot%\System32\alg.exe
C:\windows\System32\alg.exe
79360 bytes
Created:  14.07.2009 01:08
Modified: 14.07.2009 02:38
Company:  Microsoft Corporation
----------
Key:      aliide
ImagePath: \SystemRoot\system32\drivers\aliide.sys
C:\windows\System32\drivers\aliide.sys
15440 bytes
Created:  14.07.2009 00:19
Modified: 14.07.2009 02:52
Company:  Acer Laboratories Inc.
----------
Key:      amdide
ImagePath: \SystemRoot\system32\drivers\amdide.sys
C:\windows\System32\drivers\amdide.sys
15440 bytes
Created:  14.07.2009 00:19
Modified: 14.07.2009 02:52
Company:  Microsoft Corporation
----------
Key:      AmdK8
ImagePath: \SystemRoot\system32\drivers\amdk8.sys
C:\windows\System32\drivers\amdk8.sys
64512 bytes
Created:  14.07.2009 00:19
Modified: 14.07.2009 00:19
Company:  Microsoft Corporation
----------
Key:      AmdPPM
ImagePath: \SystemRoot\system32\drivers\amdppm.sys
C:\windows\System32\drivers\amdppm.sys
60928 bytes
Created:  14.07.2009 00:19
Modified: 14.07.2009 00:19
Company:  Microsoft Corporation
----------
Key:      amdsata
ImagePath: \SystemRoot\system32\drivers\amdsata.sys
C:\windows\System32\drivers\amdsata.sys
107904 bytes
Created:  19.06.2011 15:54
Modified: 11.03.2011 07:41
Company:  Advanced Micro Devices
----------
Key:      amdsbs
ImagePath: \SystemRoot\system32\drivers\amdsbs.sys
C:\windows\System32\drivers\amdsbs.sys
194128 bytes
Created:  10.06.2009 21:37
Modified: 14.07.2009 02:52
Company:  AMD Technologies Inc.
----------
Key:      amdxata
ImagePath: system32\drivers\amdxata.sys
C:\windows\System32\drivers\amdxata.sys
27008 bytes
Created:  19.06.2011 15:54
Modified: 11.03.2011 07:41
Company:  Advanced Micro Devices
----------
Key:      AntiVirSchedulerService
ImagePath: "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe"
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
85280 bytes
Created:  11.10.2012 14:28
Modified: 11.12.2012 17:40
Company:  Avira Operations GmbH & Co. KG
----------
Key:      AntiVirService
ImagePath: "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe"
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
109344 bytes
Created:  11.10.2012 14:28
Modified: 11.12.2012 17:37
Company:  Avira Operations GmbH & Co. KG
----------
Key:      ApfiltrService
ImagePath: \SystemRoot\system32\drivers\Apfiltr.sys
C:\windows\System32\drivers\Apfiltr.sys
267824 bytes
Created:  27.11.2009 21:40
Modified: 27.11.2009 21:40
Company:  Alps Electric Co., Ltd.
----------
Key:      AppID
ImagePath: \SystemRoot\system32\drivers\appid.sys
C:\windows\System32\drivers\appid.sys
61440 bytes
Created:  21.11.2010 04:24
Modified: 21.11.2010 04:24
Company:  Microsoft Corporation
----------
Key:      arc
ImagePath: \SystemRoot\system32\drivers\arc.sys
C:\windows\System32\drivers\arc.sys
87632 bytes
Created:  13.07.2009 22:59
Modified: 14.07.2009 02:52
Company:  Adaptec, Inc.
----------
Key:      arcsas
ImagePath: \SystemRoot\system32\drivers\arcsas.sys
C:\windows\System32\drivers\arcsas.sys
97856 bytes
Created:  13.07.2009 22:59
Modified: 14.07.2009 02:52
Company:  Adaptec, Inc.
----------
Key:      aspnet_state
ImagePath: %SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
51648 bytes
Created:  08.07.2012 23:24
Modified: 08.07.2012 23:24
Company:  Microsoft Corporation
----------
Key:      AsyncMac
ImagePath: system32\DRIVERS\asyncmac.sys
C:\windows\System32\DRIVERS\asyncmac.sys
23040 bytes
Created:  14.07.2009 01:10
Modified: 14.07.2009 01:10
Company:  Microsoft Corporation
----------
Key:      atapi
ImagePath: system32\drivers\atapi.sys
C:\windows\System32\drivers\atapi.sys
24128 bytes
Created:  14.07.2009 00:19
Modified: 14.07.2009 02:52
Company:  Microsoft Corporation
----------
Key:      athr
ImagePath: system32\DRIVERS\athrx.sys
C:\windows\System32\DRIVERS\athrx.sys
1550848 bytes
Created:  05.08.2011 08:30
Modified: 06.11.2009 11:56
Company:  Atheros Communications, Inc.
----------
Key:      ATService
ImagePath: C:\Program Files\Fingerprint Sensor\ATService.exe
C:\Program Files\Fingerprint Sensor\ATService.exe
2734912 bytes
Created:  17.06.2010 17:11
Modified: 17.06.2010 17:11
Company:  AuthenTec, Inc.
----------
Key:      ATSwpWDF
ImagePath: System32\Drivers\ATSwpWDF.sys
C:\windows\System32\Drivers\ATSwpWDF.sys
770152 bytes
Created:  17.06.2010 17:30
Modified: 17.06.2010 17:30
Company:  AuthenTec, Inc.
----------
Key:      AVGIDSAgent
ImagePath: "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe"
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
5167736 bytes
Created:  13.08.2012 02:24
Modified: 13.08.2012 02:24
Company:  AVG Technologies CZ, s.r.o.
----------
Key:      AVGIDSDriver
ImagePath: system32\DRIVERS\avgidsdrivera.sys
C:\windows\System32\DRIVERS\avgidsdrivera.sys
124496 bytes
Created:  23.12.2011 12:31
Modified: 23.12.2011 12:31
Company:  AVG Technologies CZ, s.r.o.
----------
Key:      AVGIDSFilter
ImagePath: system32\DRIVERS\avgidsfiltera.sys
C:\windows\System32\DRIVERS\avgidsfiltera.sys
29776 bytes
Created:  23.12.2011 12:32
Modified: 23.12.2011 12:32
Company:  AVG Technologies CZ, s.r.o.
----------
Key:      AVGIDSHA
ImagePath: system32\DRIVERS\avgidsha.sys
C:\windows\System32\DRIVERS\avgidsha.sys
28480 bytes
Created:  19.04.2012 03:50
Modified: 19.04.2012 03:50
Company:  AVG Technologies CZ, s.r.o.
----------
Key:      Avgldx64
ImagePath: system32\DRIVERS\avgldx64.sys
C:\windows\System32\DRIVERS\avgldx64.sys
291680 bytes
Created:  26.07.2012 02:21
Modified: 26.07.2012 02:21
Company:  AVG Technologies CZ, s.r.o.
----------
Key:      Avgmfx64
ImagePath: system32\DRIVERS\avgmfx64.sys
C:\windows\System32\DRIVERS\avgmfx64.sys
47696 bytes
Created:  23.12.2011 12:32
Modified: 23.12.2011 12:32
Company:  AVG Technologies CZ, s.r.o.
----------
Key:      avgntflt
ImagePath: system32\DRIVERS\avgntflt.sys
C:\windows\System32\DRIVERS\avgntflt.sys
99912 bytes
Created:  11.10.2012 14:28
Modified: 11.12.2012 17:42
Company:  Avira Operations GmbH & Co. KG
----------
Key:      Avgrkx64
ImagePath: system32\DRIVERS\avgrkx64.sys
C:\windows\System32\DRIVERS\avgrkx64.sys
36944 bytes
Created:  31.01.2012 03:46
Modified: 31.01.2012 03:46
Company:  AVG Technologies CZ, s.r.o.
----------
Key:      Avgtdia
ImagePath: system32\DRIVERS\avgtdia.sys
C:\windows\System32\DRIVERS\avgtdia.sys
384352 bytes
Created:  24.08.2012 14:43
Modified: 24.08.2012 14:43
Company:  AVG Technologies CZ, s.r.o.
----------
Key:      avgwd
ImagePath: "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe"
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
193288 bytes
Created:  14.02.2012 03:53
Modified: 14.02.2012 03:53
Company:  AVG Technologies CZ, s.r.o.
----------
Key:      avipbb
ImagePath: system32\DRIVERS\avipbb.sys
C:\windows\System32\DRIVERS\avipbb.sys
129216 bytes
Created:  11.10.2012 14:28
Modified: 11.12.2012 17:42
Company:  Avira Operations GmbH & Co. KG
----------
Key:      avkmgr
ImagePath: system32\DRIVERS\avkmgr.sys
C:\windows\System32\DRIVERS\avkmgr.sys
27800 bytes
Created:  11.10.2012 14:28
Modified: 24.09.2012 08:58
Company:  Avira Operations GmbH & Co. KG
----------
Key:      b06bdrv
ImagePath: \SystemRoot\system32\drivers\bxvbda.sys
C:\windows\System32\drivers\bxvbda.sys
468480 bytes
Created:  10.06.2009 21:34
Modified: 10.06.2009 21:34
Company:  Broadcom Corporation
----------
Key:      b57nd60a
ImagePath: system32\DRIVERS\b57nd60a.sys
C:\windows\System32\DRIVERS\b57nd60a.sys
270848 bytes
Created:  10.06.2009 21:34
Modified: 10.06.2009 21:34
Company:  Broadcom Corporation
----------
Key:      blbdrive
ImagePath: \SystemRoot\system32\drivers\blbdrive.sys
C:\windows\System32\drivers\blbdrive.sys
45056 bytes
Created:  14.07.2009 00:35
Modified: 14.07.2009 00:35
Company:  Microsoft Corporation
----------
Key:      bowser
ImagePath: system32\DRIVERS\bowser.sys
C:\windows\System32\DRIVERS\bowser.sys
90624 bytes
Created:  19.06.2011 16:02
Modified: 23.02.2011 05:55
Company:  Microsoft Corporation
----------
Key:      BrFiltLo
ImagePath: \SystemRoot\system32\drivers\BrFiltLo.sys
C:\windows\System32\drivers\BrFiltLo.sys
18432 bytes
Created:  14.07.2009 02:19
Modified: 10.06.2009 21:41
Company:  Brother Industries, Ltd.
----------
Key:      BrFiltUp
ImagePath: \SystemRoot\system32\drivers\BrFiltUp.sys
C:\windows\System32\drivers\BrFiltUp.sys
8704 bytes
Created:  14.07.2009 02:20
Modified: 10.06.2009 21:41
Company:  Brother Industries, Ltd.
----------
Key:      Brserid
ImagePath: \SystemRoot\System32\Drivers\Brserid.sys
C:\windows\System32\Drivers\Brserid.sys
286720 bytes
Created:  14.07.2009 02:19
Modified: 14.07.2009 02:19
Company:  Brother Industries Ltd.
----------
Key:      BrSerWdm
ImagePath: \SystemRoot\System32\Drivers\BrSerWdm.sys
C:\windows\System32\Drivers\BrSerWdm.sys
47104 bytes
Created:  14.07.2009 02:20
Modified: 10.06.2009 21:41
Company:  Brother Industries Ltd.
----------
Key:      BrUsbMdm
ImagePath: \SystemRoot\System32\Drivers\BrUsbMdm.sys
C:\windows\System32\Drivers\BrUsbMdm.sys
14976 bytes
Created:  14.07.2009 02:20
Modified: 10.06.2009 21:41
Company:  Brother Industries Ltd.
----------
Key:      BrUsbSer
ImagePath: \SystemRoot\System32\Drivers\BrUsbSer.sys
C:\windows\System32\Drivers\BrUsbSer.sys
14720 bytes
Created:  14.07.2009 02:20
Modified: 10.06.2009 21:41
Company:  Brother Industries Ltd.
----------
Key:      BTHMODEM
ImagePath: \SystemRoot\system32\drivers\bthmodem.sys
C:\windows\System32\drivers\bthmodem.sys
72192 bytes
Created:  14.07.2009 01:06
Modified: 14.07.2009 01:06
Company:  Microsoft Corporation
----------
Key:      cdfs
ImagePath: system32\DRIVERS\cdfs.sys
C:\windows\System32\DRIVERS\cdfs.sys
92160 bytes
Created:  14.07.2009 00:19
Modified: 14.07.2009 00:19
Company:  Microsoft Corporation
----------
Key:      cdrom
ImagePath: system32\DRIVERS\cdrom.sys
C:\windows\System32\DRIVERS\cdrom.sys
147456 bytes
Created:  21.11.2010 04:23
Modified: 21.11.2010 04:23
Company:  Microsoft Corporation
----------
Key:      cfWiMAXService
ImagePath: "C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe"
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
249200 bytes
Created:  28.01.2010 15:44
Modified: 28.01.2010 15:44
Company:  TOSHIBA CORPORATION
----------
Key:      circlass
ImagePath: \SystemRoot\system32\drivers\circlass.sys
C:\windows\System32\drivers\circlass.sys
45568 bytes
Created:  14.07.2009 01:06
Modified: 14.07.2009 01:06
Company:  Microsoft Corporation
----------
Key:      CLFS
ImagePath: System32\CLFS.sys
C:\windows\System32\CLFS.sys
367696 bytes
Created:  14.07.2009 00:19
Modified: 14.07.2009 02:52
Company:  Microsoft Corporation
----------
Key:      clr_optimization_v2.0.50727_32
ImagePath: %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
66384 bytes
Created:  13.07.2009 21:46
Modified: 10.06.2009 22:23
Company:  Microsoft Corporation
----------
Key:      clr_optimization_v2.0.50727_64
ImagePath: %systemroot%\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
89920 bytes
Created:  13.07.2009 21:37
Modified: 10.06.2009 21:39
Company:  Microsoft Corporation
----------
Key:      clr_optimization_v4.0.30319_32
ImagePath: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
104912 bytes
Created:  09.07.2012 00:40
Modified: 09.07.2012 00:40
Company:  Microsoft Corporation
----------
Key:      clr_optimization_v4.0.30319_64
ImagePath: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
123856 bytes
Created:  08.07.2012 23:24
Modified: 08.07.2012 23:24
Company:  Microsoft Corporation
----------
Key:      CmBatt
ImagePath: \SystemRoot\system32\drivers\CmBatt.sys
C:\windows\System32\drivers\CmBatt.sys
17664 bytes
Created:  14.07.2009 00:31
Modified: 14.07.2009 00:31
Company:  Microsoft Corporation
----------
Key:      cmdide
ImagePath: \SystemRoot\system32\drivers\cmdide.sys
C:\windows\System32\drivers\cmdide.sys
17488 bytes
Created:  14.07.2009 00:19
Modified: 14.07.2009 02:52
Company:  CMD Technology, Inc.
----------
Key:      CNG
ImagePath: System32\Drivers\cng.sys
C:\windows\System32\Drivers\cng.sys
458704 bytes
Created:  02.10.2012 11:47
Modified: 02.06.2012 06:50
Company:  Microsoft Corporation
----------
Key:      Compbatt
ImagePath: system32\drivers\compbatt.sys
C:\windows\System32\drivers\compbatt.sys
21584 bytes
Created:  14.07.2009 00:31
Modified: 14.07.2009 02:52
Company:  Microsoft Corporation
----------
Key:      CompositeBus
ImagePath: \SystemRoot\system32\drivers\CompositeBus.sys
C:\windows\System32\drivers\CompositeBus.sys
38912 bytes
Created:  21.11.2010 04:23
Modified: 21.11.2010 04:23
Company:  Microsoft Corporation
----------
Key:      COMSysApp
ImagePath: %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
C:\windows\System32\dllhost.exe
9728 bytes
Created:  14.07.2009 00:59
Modified: 14.07.2009 02:39
Company:  Microsoft Corporation
----------
Key:      ConfigFree Service
ImagePath: "C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe"
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
46448 bytes
Created:  10.03.2009 17:51
Modified: 10.03.2009 17:51
Company:  TOSHIBA CORPORATION
----------
Key:      crcdisk
ImagePath: \SystemRoot\system32\drivers\crcdisk.sys
C:\windows\System32\drivers\crcdisk.sys
24144 bytes
Created:  14.07.2009 01:01
Modified: 14.07.2009 02:47
Company:  Microsoft Corporation
----------
Key:      CSC
ImagePath: system32\drivers\csc.sys
C:\windows\System32\drivers\csc.sys
514560 bytes
Created:  21.11.2010 04:24
Modified: 21.11.2010 04:24
Company:  Microsoft Corporation
----------
Key:      DfsC
ImagePath: System32\Drivers\dfsc.sys
C:\windows\System32\Drivers\dfsc.sys
102400 bytes
Created:  21.11.2010 04:24
Modified: 21.11.2010 04:24
Company:  Microsoft Corporation
----------
Key:      discache
ImagePath: System32\drivers\discache.sys
C:\windows\System32\drivers\discache.sys
40448 bytes
Created:  14.07.2009 00:37
Modified: 14.07.2009 00:37
Company:  Microsoft Corporation
----------
Key:      Disk
ImagePath: system32\drivers\disk.sys
C:\windows\System32\drivers\disk.sys
73280 bytes
Created:  14.07.2009 00:19
Modified: 14.07.2009 02:47
Company:  Microsoft Corporation
----------
Key:      dmvsc
ImagePath: \SystemRoot\system32\drivers\dmvsc.sys
C:\windows\System32\drivers\dmvsc.sys
71168 bytes
Created:  21.11.2010 08:00
Modified: 21.11.2010 04:23
Company:  Microsoft Corporation
----------
Key:      drmkaud
ImagePath: system32\drivers\drmkaud.sys
C:\windows\System32\drivers\drmkaud.sys
5632 bytes
Created:  14.07.2009 01:06
Modified: 14.07.2009 01:06
Company:  Microsoft Corporation
----------
Key:      dtsoftbus01
ImagePath: system32\DRIVERS\dtsoftbus01.sys
C:\windows\System32\DRIVERS\dtsoftbus01.sys
283200 bytes
Created:  15.10.2012 20:04
Modified: 15.10.2012 20:04
Company:  DT Soft Ltd
----------
Key:      DXGKrnl
ImagePath: \SystemRoot\System32\drivers\dxgkrnl.sys
C:\windows\System32\drivers\dxgkrnl.sys
982912 bytes
Created:  21.11.2010 04:24
Modified: 21.11.2010 04:24
Company:  Microsoft Corporation
----------
Key:      e1kexpress
ImagePath: system32\DRIVERS\e1k62x64.sys
C:\windows\System32\DRIVERS\e1k62x64.sys
342704 bytes
Created:  20.07.2011 15:58
Modified: 20.07.2011 15:58
Company:  Intel Corporation
----------
Key:      ebdrv
ImagePath: \SystemRoot\system32\drivers\evbda.sys
C:\windows\System32\drivers\evbda.sys
3286016 bytes
Created:  10.06.2009 21:34
Modified: 10.06.2009 21:34
Company:  Broadcom Corporation
----------
Key:      EFS
ImagePath: %SystemRoot%\System32\lsass.exe
C:\windows\System32\lsass.exe
31232 bytes
Created:  02.10.2012 11:47
Modified: 17.11.2011 07:33
Company:  Microsoft Corporation
----------
Key:      ehRecvr
ImagePath: %systemroot%\ehome\ehRecvr.exe
C:\windows\ehome\ehRecvr.exe
696832 bytes
Created:  21.11.2010 04:24
Modified: 21.11.2010 04:24
Company:  Microsoft Corporation
----------
Key:      ehSched
ImagePath: %systemroot%\ehome\ehsched.exe
C:\windows\ehome\ehsched.exe
127488 bytes
Created:  14.07.2009 01:24
Modified: 14.07.2009 02:39
Company:  Microsoft Corporation
----------
Key:      elxstor
ImagePath: \SystemRoot\system32\drivers\elxstor.sys
C:\windows\System32\drivers\elxstor.sys
530496 bytes
Created:  10.06.2009 21:36
Modified: 14.07.2009 02:47
Company:  Emulex
----------
Key:      ErrDev
ImagePath: \SystemRoot\system32\drivers\errdev.sys
C:\windows\System32\drivers\errdev.sys
9728 bytes
Created:  14.07.2009 00:31
Modified: 14.07.2009 00:31
Company:  Microsoft Corporation
----------
Key:      Fax
ImagePath: %systemroot%\system32\fxssvc.exe
C:\windows\System32\fxssvc.exe
689152 bytes
Created:  21.11.2010 04:25
Modified: 21.11.2010 04:25
Company:  Microsoft Corporation
----------
Key:      fdc
ImagePath: \SystemRoot\system32\drivers\fdc.sys
C:\windows\System32\drivers\fdc.sys
29696 bytes
Created:  14.07.2009 01:00
Modified: 14.07.2009 01:00
Company:  Microsoft Corporation
----------
Key:      FileInfo
ImagePath: system32\drivers\fileinfo.sys
C:\windows\System32\drivers\fileinfo.sys
70224 bytes
Created:  14.07.2009 00:34
Modified: 14.07.2009 02:47
Company:  Microsoft Corporation
----------
Key:      Filetrace
ImagePath: system32\drivers\filetrace.sys
C:\windows\System32\drivers\filetrace.sys
34304 bytes
Created:  14.07.2009 00:25
Modified: 14.07.2009 00:25
Company:  Microsoft Corporation
----------
Key:      flpydisk
ImagePath: \SystemRoot\system32\drivers\flpydisk.sys
C:\windows\System32\drivers\flpydisk.sys
24576 bytes
Created:  14.07.2009 01:00
Modified: 14.07.2009 01:00
Company:  Microsoft Corporation
----------
Key:      FltMgr
ImagePath: system32\drivers\fltmgr.sys
C:\windows\System32\drivers\fltmgr.sys
289664 bytes
Created:  21.11.2010 04:24
Modified: 21.11.2010 04:24
Company:  Microsoft Corporation
----------
Key:      FontCache3.0.0.0
ImagePath: %systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
42856 bytes
Created:  21.11.2010 04:24
Modified: 21.11.2010 04:24
Company:  Microsoft Corporation
----------
Key:      FsDepends
ImagePath: System32\drivers\FsDepends.sys
C:\windows\System32\drivers\FsDepends.sys
55376 bytes
Created:  14.07.2009 00:26
Modified: 14.07.2009 02:47
Company:  Microsoft Corporation
----------
Key:      fvevol
ImagePath: System32\DRIVERS\fvevol.sys
C:\windows\System32\DRIVERS\fvevol.sys
223248 bytes
Created:  21.11.2010 04:24
Modified: 21.11.2010 04:24
Company:  Microsoft Corporation
----------
Key:      gagp30kx
ImagePath: \SystemRoot\system32\drivers\gagp30kx.sys
C:\windows\System32\drivers\gagp30kx.sys
65088 bytes
Created:  14.07.2009 00:38
Modified: 14.07.2009 02:47
Company:  Microsoft Corporation
----------
Key:      hcw85cir
ImagePath: \SystemRoot\system32\drivers\hcw85cir.sys
C:\windows\System32\drivers\hcw85cir.sys
31232 bytes
Created:  13.07.2009 23:53
Modified: 10.06.2009 21:31
Company:  Hauppauge Computer Works, Inc.
----------
Key:      HdAudAddService
ImagePath: system32\drivers\HdAudio.sys
C:\windows\System32\drivers\HdAudio.sys
350208 bytes
Created:  21.11.2010 04:23
Modified: 21.11.2010 04:23
Company:  Microsoft Corporation
----------
Key:      HDAudBus
ImagePath: \SystemRoot\system32\drivers\HDAudBus.sys
C:\windows\System32\drivers\HDAudBus.sys
122368 bytes
Created:  21.11.2010 04:23
Modified: 21.11.2010 04:23
Company:  Microsoft Corporation
----------
Key:      HECIx64
ImagePath: \SystemRoot\system32\drivers\HECIx64.sys
C:\windows\System32\drivers\HECIx64.sys
56344 bytes
Created:  05.08.2011 08:19
Modified: 17.09.2009 11:54
Company:  Intel Corporation
----------
Key:      HidBatt
ImagePath: \SystemRoot\system32\drivers\HidBatt.sys
C:\windows\System32\drivers\HidBatt.sys
26624 bytes
Created:  14.07.2009 00:31
Modified: 14.07.2009 00:31
Company:  Microsoft Corporation
----------
Key:      HidBth
ImagePath: \SystemRoot\system32\drivers\hidbth.sys
C:\windows\System32\drivers\hidbth.sys
100864 bytes
Created:  14.07.2009 01:06
Modified: 14.07.2009 01:06
Company:  Microsoft Corporation
----------
Key:      HidIr
ImagePath: \SystemRoot\system32\drivers\hidir.sys
C:\windows\System32\drivers\hidir.sys
46592 bytes
Created:  14.07.2009 01:06
Modified: 14.07.2009 01:06
Company:  Microsoft Corporation
----------
Key:      HidUsb
ImagePath: system32\DRIVERS\hidusb.sys
C:\windows\System32\DRIVERS\hidusb.sys
30208 bytes
Created:  21.11.2010 04:23
Modified: 21.11.2010 04:23
Company:  Microsoft Corporation
----------
Key:      HpSAMD
ImagePath: \SystemRoot\system32\drivers\HpSAMD.sys
C:\windows\System32\drivers\HpSAMD.sys
78720 bytes
Created:  21.11.2010 04:23
Modified: 21.11.2010 04:23
Company:  Hewlett-Packard Company
----------
Key:      HTTP
ImagePath: system32\drivers\HTTP.sys
C:\windows\System32\drivers\HTTP.sys
753664 bytes
Created:  21.11.2010 04:23
Modified: 21.11.2010 04:23
Company:  Microsoft Corporation
----------
Key:      hwpolicy
ImagePath: System32\drivers\hwpolicy.sys
C:\windows\System32\drivers\hwpolicy.sys
14720 bytes
Created:  21.11.2010 04:24
Modified: 21.11.2010 04:24
Company:  Microsoft Corporation
----------
Key:      i8042prt
ImagePath: \SystemRoot\system32\drivers\i8042prt.sys
C:\windows\System32\drivers\i8042prt.sys
105472 bytes
Created:  14.07.2009 00:19
Modified: 14.07.2009 00:19
Company:  Microsoft Corporation
----------
Key:      iaStor
ImagePath: system32\drivers\iaStor.sys
C:\windows\System32\drivers\iaStor.sys
540696 bytes
Created:  05.08.2011 08:23
Modified: 27.04.2010 15:57
Company:  Intel Corporation
----------
Key:      iaStorV
ImagePath: \SystemRoot\system32\drivers\iaStorV.sys
C:\windows\System32\drivers\iaStorV.sys
410496 bytes
Created:  19.06.2011 15:54
Modified: 11.03.2011 07:41
Company:  Intel Corporation
----------
Key:      IB Updater
ImagePath: C:\Program Files\IB Updater\ExtensionUpdaterService.exe
C:\Program Files\IB Updater\ExtensionUpdaterService.exe
188760 bytes
Created:  24.12.2012 11:37
Modified: 26.11.2012 14:39
Company:  [no info]
----------
Key:      IBUpdaterService
ImagePath: %SystemRoot%\system32\dmwu.exe
C:\windows\System32\dmwu.exe
1261936 bytes
Created:  24.12.2012 11:37
Modified: 02.10.2012 16:20
Company: 
----------
Key:      idsvc
ImagePath: "%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe"
C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
856400 bytes
Created:  21.11.2010 04:24
Modified: 21.11.2010 04:24
Company:  Microsoft Corporation
----------
Key:      igfx
ImagePath: system32\DRIVERS\igdkmd64.sys
C:\windows\System32\DRIVERS\igdkmd64.sys
10627392 bytes
Created:  12.01.2011 09:18
Modified: 12.01.2011 09:18
Company:  Intel Corporation
----------
Key:      iirsp
ImagePath: \SystemRoot\system32\drivers\iirsp.sys
C:\windows\System32\drivers\iirsp.sys
44112 bytes
Created:  13.07.2009 22:59
Modified: 14.07.2009 02:48
Company:  Intel Corp./ICP vortex GmbH
----------
Key:      Impcd
ImagePath: \SystemRoot\system32\drivers\Impcd.sys
C:\windows\System32\drivers\Impcd.sys
158976 bytes
Created:  26.02.2010 14:32
Modified: 26.02.2010 14:32
Company:  Intel Corporation
----------
Key:      IntcAzAudAddService
ImagePath: system32\drivers\RTKVHD64.sys
C:\windows\System32\drivers\RTKVHD64.sys
2020512 bytes
Created:  05.08.2011 08:28
Modified: 30.10.2009 17:18
Company:  Realtek Semiconductor Corp.
----------
Key:      IntcDAud
ImagePath: system32\DRIVERS\IntcDAud.sys
C:\windows\System32\DRIVERS\IntcDAud.sys
317440 bytes
Created:  31.08.2010 04:07
Modified: 31.08.2010 04:07
Company:  Intel(R) Corporation
----------
Key:      intelide
ImagePath: \SystemRoot\system32\drivers\intelide.sys
C:\windows\System32\drivers\intelide.sys
16960 bytes
Created:  14.07.2009 00:19
Modified: 14.07.2009 02:48
Company:  Microsoft Corporation
----------
Key:      intelppm
ImagePath: \SystemRoot\system32\drivers\intelppm.sys
C:\windows\System32\drivers\intelppm.sys
62464 bytes
Created:  14.07.2009 00:19
Modified: 14.07.2009 00:19
Company:  Microsoft Corporation
----------
Key:      IpFilterDriver
ImagePath: system32\DRIVERS\ipfltdrv.sys
C:\windows\System32\DRIVERS\ipfltdrv.sys
82944 bytes
Created:  21.11.2010 04:24
Modified: 21.11.2010 04:24
Company:  Microsoft Corporation
----------
Key:      IPMIDRV
ImagePath: \SystemRoot\system32\drivers\IPMIDrv.sys
C:\windows\System32\drivers\IPMIDrv.sys
78848 bytes
Created:  21.11.2010 04:23
Modified: 21.11.2010 04:23
Company:  Microsoft Corporation
----------
Key:      IPNAT
ImagePath: System32\drivers\ipnat.sys
C:\windows\System32\drivers\ipnat.sys
116224 bytes
Created:  14.07.2009 01:10
Modified: 14.07.2009 01:10
Company:  Microsoft Corporation
----------
Key:      IRENUM
ImagePath: system32\drivers\irenum.sys
C:\windows\System32\drivers\irenum.sys
17920 bytes
Created:  14.07.2009 01:08
Modified: 14.07.2009 01:08
Company:  Microsoft Corporation
----------
Key:      isapnp
ImagePath: \SystemRoot\system32\drivers\isapnp.sys
C:\windows\System32\drivers\isapnp.sys
20544 bytes
Created:  14.07.2009 00:31
Modified: 14.07.2009 02:48
Company:  Microsoft Corporation
----------
Key:      iScsiPrt
ImagePath: \SystemRoot\system32\drivers\msiscsi.sys
C:\windows\System32\drivers\msiscsi.sys
273792 bytes
Created:  21.11.2010 04:23
Modified: 21.11.2010 04:23
Company:  Microsoft Corporation
----------
Key:      kbdclass
ImagePath: \SystemRoot\system32\drivers\kbdclass.sys
C:\windows\System32\drivers\kbdclass.sys
50768 bytes
Created:  14.07.2009 00:19
Modified: 14.07.2009 02:48
Company:  Microsoft Corporation
----------
Key:      kbdhid
ImagePath: \SystemRoot\system32\drivers\kbdhid.sys
C:\windows\System32\drivers\kbdhid.sys
33280 bytes
Created:  21.11.2010 04:23
Modified: 21.11.2010 04:23
Company:  Microsoft Corporation
----------
Key:      KeyIso
ImagePath: %SystemRoot%\system32\lsass.exe
C:\windows\System32\lsass.exe
31232 bytes
Created:  02.10.2012 11:47
Modified: 17.11.2011 07:33
Company:  Microsoft Corporation
----------
Key:      KSecDD
ImagePath: System32\Drivers\ksecdd.sys
C:\windows\System32\Drivers\ksecdd.sys
95600 bytes
Created:  02.10.2012 11:47
Modified: 02.06.2012 06:48
Company:  Microsoft Corporation
----------
Key:      KSecPkg
ImagePath: System32\Drivers\ksecpkg.sys
C:\windows\System32\Drivers\ksecpkg.sys
151920 bytes
Created:  02.10.2012 11:47
Modified: 02.06.2012 06:48
Company:  Microsoft Corporation
----------
Key:      ksthunk
ImagePath: \SystemRoot\system32\drivers\ksthunk.sys
C:\windows\System32\drivers\ksthunk.sys
20992 bytes
Created:  14.07.2009 01:00
Modified: 14.07.2009 01:00
Company:  Microsoft Corporation
----------
Key:      lltdio
ImagePath: system32\DRIVERS\lltdio.sys
C:\windows\System32\DRIVERS\lltdio.sys
60928 bytes
Created:  14.07.2009 01:08
Modified: 14.07.2009 01:08
Company:  Microsoft Corporation
----------
Key:      LMS
ImagePath: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
262144 bytes
Created:  05.08.2011 08:19
Modified: 30.09.2009 18:33
Company:  Intel Corporation
----------
Key:      LSI_FC
ImagePath: \SystemRoot\system32\drivers\lsi_fc.sys
C:\windows\System32\drivers\lsi_fc.sys
114752 bytes
Created:  13.07.2009 22:59
Modified: 14.07.2009 02:48
Company:  LSI Corporation
----------
Key:      LSI_SAS
ImagePath: \SystemRoot\system32\drivers\lsi_sas.sys
C:\windows\System32\drivers\lsi_sas.sys
106560 bytes
Created:  13.07.2009 22:59
Modified: 14.07.2009 02:48
Company:  LSI Corporation
----------
Key:      LSI_SAS2
ImagePath: \SystemRoot\system32\drivers\lsi_sas2.sys
C:\windows\System32\drivers\lsi_sas2.sys
65600 bytes
Created:  13.07.2009 22:59
Modified: 14.07.2009 02:48
Company:  LSI Corporation
----------
Key:      LSI_SCSI
ImagePath: \SystemRoot\system32\drivers\lsi_scsi.sys
C:\windows\System32\drivers\lsi_scsi.sys
115776 bytes
Created:  13.07.2009 22:59
Modified: 14.07.2009 02:48
Company:  LSI Corporation
----------
Key:      luafv
ImagePath: \SystemRoot\system32\drivers\luafv.sys
C:\windows\System32\drivers\luafv.sys
113152 bytes
Created:  14.07.2009 00:26
Modified: 14.07.2009 00:26
Company:  Microsoft Corporation
----------
Key:      McAfee SiteAdvisor Service
ImagePath: c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe - [file not found to scan]
----------
Key:      megasas
ImagePath: \SystemRoot\system32\drivers\megasas.sys
C:\windows\System32\drivers\megasas.sys
35392 bytes
Created:  10.06.2009 21:37
Modified: 14.07.2009 02:48
Company:  LSI Corporation
----------
Key:      MegaSR
ImagePath: \SystemRoot\system32\drivers\MegaSR.sys
C:\windows\System32\drivers\MegaSR.sys
284736 bytes
Created:  13.07.2009 22:59
Modified: 14.07.2009 02:48
Company:  LSI Corporation, Inc.
----------
Key:      Microsoft SharePoint Workspace Audit Service
ImagePath: "C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE" /auditservice
C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
30785672 bytes
Created:  20.09.2012 13:28
Modified: 20.09.2012 13:28
Company:  Microsoft Corporation
----------
Key:      Modem
ImagePath: system32\drivers\modem.sys
C:\windows\System32\drivers\modem.sys
40448 bytes
Created:  14.07.2009 01:10
Modified: 14.07.2009 01:10
Company:  Microsoft Corporation
----------
Key:      monitor
ImagePath: system32\DRIVERS\monitor.sys
C:\windows\System32\DRIVERS\monitor.sys
30208 bytes
Created:  14.07.2009 00:38
Modified: 14.07.2009 00:38
Company:  Microsoft Corporation
----------
Key:      mouclass
ImagePath: system32\DRIVERS\mouclass.sys
C:\windows\System32\DRIVERS\mouclass.sys
49216 bytes
Created:  14.07.2009 00:19
Modified: 14.07.2009 02:48
Company:  Microsoft Corporation
----------
Key:      mouhid
ImagePath: system32\DRIVERS\mouhid.sys
C:\windows\System32\DRIVERS\mouhid.sys
31232 bytes
Created:  14.07.2009 01:00
Modified: 14.07.2009 01:00
Company:  Microsoft Corporation
----------
Key:      mountmgr
ImagePath: System32\drivers\mountmgr.sys
C:\windows\System32\drivers\mountmgr.sys
94592 bytes
Created:  21.11.2010 04:23
Modified: 21.11.2010 04:23
Company:  Microsoft Corporation
----------
Key:      mpio
ImagePath: \SystemRoot\system32\drivers\mpio.sys
C:\windows\System32\drivers\mpio.sys
155008 bytes
Created:  21.11.2010 04:23
Modified: 21.11.2010 04:23
Company:  Microsoft Corporation
----------
Key:      mpsdrv
ImagePath: System32\drivers\mpsdrv.sys
C:\windows\System32\drivers\mpsdrv.sys
77312 bytes
Created:  14.07.2009 01:08
Modified: 14.07.2009 01:08
Company:  Microsoft Corporation
----------
Key:      MRxDAV
ImagePath: \SystemRoot\system32\drivers\mrxdav.sys
C:\windows\System32\drivers\mrxdav.sys
140800 bytes
Created:  21.11.2010 04:24
Modified: 21.11.2010 04:24
Company:  Microsoft Corporation
----------
Key:      mrxsmb
ImagePath: system32\DRIVERS\mrxsmb.sys
C:\windows\System32\DRIVERS\mrxsmb.sys
158208 bytes
Created:  21.09.2011 12:28
Modified: 27.04.2011 03:40
Company:  Microsoft Corporation
----------
Key:      mrxsmb10
ImagePath: system32\DRIVERS\mrxsmb10.sys
C:\windows\System32\DRIVERS\mrxsmb10.sys
288768 bytes
Created:  21.09.2011 12:28
Modified: 09.07.2011 03:46
Company:  Microsoft Corporation
----------
Key:      mrxsmb20
ImagePath: system32\DRIVERS\mrxsmb20.sys
C:\windows\System32\DRIVERS\mrxsmb20.sys
128000 bytes
Created:  21.09.2011 12:28
Modified: 27.04.2011 03:39
Company:  Microsoft Corporation
----------
Key:      msahci
ImagePath: \SystemRoot\system32\drivers\msahci.sys
C:\windows\System32\drivers\msahci.sys
31104 bytes
Created:  21.11.2010 04:23
Modified: 21.11.2010 04:23
Company:  Microsoft Corporation
----------
Key:      msdsm
ImagePath: \SystemRoot\system32\drivers\msdsm.sys
C:\windows\System32\drivers\msdsm.sys
140672 bytes
Created:  21.11.2010 04:23
Modified: 21.11.2010 04:23
Company:  Microsoft Corporation
----------
Key:      MSDTC
ImagePath: %SystemRoot%\System32\msdtc.exe
C:\windows\System32\msdtc.exe
141824 bytes
Created:  14.07.2009 00:59
Modified: 14.07.2009 02:39
Company:  Microsoft Corporation
----------
Key:      mshidkmdf
ImagePath: \SystemRoot\System32\drivers\mshidkmdf.sys
C:\windows\System32\drivers\mshidkmdf.sys
8192 bytes
Created:  14.07.2009 01:06
Modified: 14.07.2009 01:06
Company:  Microsoft Corporation
----------
Key:      msisadrv
ImagePath: system32\drivers\msisadrv.sys
C:\windows\System32\drivers\msisadrv.sys
15424 bytes
Created:  14.07.2009 00:19
Modified: 14.07.2009 02:48
Company:  Microsoft Corporation
----------
Key:      msiserver
ImagePath: %systemroot%\system32\msiexec.exe /V
C:\windows\System32\msiexec.exe
128000 bytes
Created:  21.11.2010 04:24
Modified: 21.11.2010 04:24
Company:  Microsoft Corporation
----------
Key:      MSKSSRV
ImagePath: system32\drivers\MSKSSRV.sys
C:\windows\System32\drivers\MSKSSRV.sys
11136 bytes
Created:  14.07.2009 01:00
Modified: 14.07.2009 01:00
Company:  Microsoft Corporation
----------
Key:      MSPCLOCK
ImagePath: system32\drivers\MSPCLOCK.sys
C:\windows\System32\drivers\MSPCLOCK.sys
7168 bytes
Created:  14.07.2009 01:00
Modified: 14.07.2009 01:00
Company:  Microsoft Corporation
----------
Key:      MSPQM
ImagePath: system32\drivers\MSPQM.sys
C:\windows\System32\drivers\MSPQM.sys
6784 bytes
Created:  14.07.2009 01:00
Modified: 14.07.2009 01:00
Company:  Microsoft Corporation
----------
Key:      mssmbios
ImagePath: \SystemRoot\system32\drivers\mssmbios.sys
C:\windows\System32\drivers\mssmbios.sys
32320 bytes
Created:  14.07.2009 00:31
Modified: 14.07.2009 02:48
Company:  Microsoft Corporation
----------
Key:      MSTEE
ImagePath: system32\drivers\MSTEE.sys
C:\windows\System32\drivers\MSTEE.sys
8064 bytes
Created:  14.07.2009 01:00
Modified: 14.07.2009 01:00
Company:  Microsoft Corporation
----------
Key:      MTConfig
ImagePath: \SystemRoot\system32\drivers\MTConfig.sys
C:\windows\System32\drivers\MTConfig.sys
15360 bytes
Created:  14.07.2009 01:02
Modified: 14.07.2009 01:02
Company:  Microsoft Corporation
----------
Key:      Mup
ImagePath: System32\Drivers\mup.sys
C:\windows\System32\Drivers\mup.sys
60496 bytes
Created:  14.07.2009 00:23
Modified: 14.07.2009 02:48
Company:  Microsoft Corporation
----------
Key:      NativeWifiP
ImagePath: system32\DRIVERS\nwifi.sys
C:\windows\System32\DRIVERS\nwifi.sys
318976 bytes
Created:  14.07.2009 01:07
Modified: 14.07.2009 01:07
Company:  Microsoft Corporation
----------
Key:      NAUpdate
ImagePath: "C:\Program Files (x86)\Nero\Update\NASvc.exe"
C:\Program Files (x86)\Nero\Update\NASvc.exe
572712 bytes
Created:  14.01.2011 10:55
Modified: 14.01.2011 10:55
Company:  Nero AG
----------
Key:      NDIS
ImagePath: system32\drivers\ndis.sys
C:\windows\System32\drivers\ndis.sys
950128 bytes
Created:  02.10.2012 11:47
Modified: 22.08.2012 19:12
Company:  Microsoft Corporation
----------
Key:      NdisCap
ImagePath: system32\DRIVERS\ndiscap.sys
C:\windows\System32\DRIVERS\ndiscap.sys
35328 bytes
Created:  14.07.2009 01:08
Modified: 14.07.2009 01:08
Company:  Microsoft Corporation
----------
Key:      NdisTapi
ImagePath: system32\DRIVERS\ndistapi.sys
C:\windows\System32\DRIVERS\ndistapi.sys
24064 bytes
Created:  14.07.2009 01:10
Modified: 14.07.2009 01:10
Company:  Microsoft Corporation
----------
Key:      Ndisuio
ImagePath: system32\DRIVERS\ndisuio.sys
C:\windows\System32\DRIVERS\ndisuio.sys
56832 bytes
Created:  21.11.2010 04:24
Modified: 21.11.2010 04:24
Company:  Microsoft Corporation
----------
Key:      NdisWan
ImagePath: system32\DRIVERS\ndiswan.sys
C:\windows\System32\DRIVERS\ndiswan.sys
164352 bytes
Created:  21.11.2010 04:24
Modified: 21.11.2010 04:24
Company:  Microsoft Corporation
----------
Key:      NetBIOS
ImagePath: system32\DRIVERS\netbios.sys
C:\windows\System32\DRIVERS\netbios.sys
44544 bytes
Created:  14.07.2009 01:09
Modified: 14.07.2009 01:09
Company:  Microsoft Corporation
----------
Key:      NetBT
ImagePath: System32\DRIVERS\netbt.sys
C:\windows\System32\DRIVERS\netbt.sys
261632 bytes
Created:  21.11.2010 04:23
Modified: 21.11.2010 04:23
Company:  Microsoft Corporation
----------
Key:      Netlogon
ImagePath: %systemroot%\system32\lsass.exe
C:\windows\System32\lsass.exe
31232 bytes
Created:  02.10.2012 11:47
Modified: 17.11.2011 07:33
Company:  Microsoft Corporation
----------
Key:      nfrd960
ImagePath: \SystemRoot\system32\drivers\nfrd960.sys
C:\windows\System32\drivers\nfrd960.sys
51264 bytes
Created:  13.07.2009 22:59
Modified: 14.07.2009 02:48
Company:  IBM Corporation
----------
Key:      nsiproxy
ImagePath: system32\drivers\nsiproxy.sys
C:\windows\System32\drivers\nsiproxy.sys
24576 bytes
Created:  14.07.2009 00:21
Modified: 14.07.2009 00:21
Company:  Microsoft Corporation
----------
Key:      nvraid
ImagePath: \SystemRoot\system32\drivers\nvraid.sys
C:\windows\System32\drivers\nvraid.sys
148352 bytes
Created:  19.06.2011 15:54
Modified: 11.03.2011 07:41
Company:  NVIDIA Corporation
----------
Key:      nvstor
ImagePath: \SystemRoot\system32\drivers\nvstor.sys
C:\windows\System32\drivers\nvstor.sys
166272 bytes
Created:  19.06.2011 15:54
Modified: 11.03.2011 07:41
Company:  NVIDIA Corporation
----------
Key:      nv_agp
ImagePath: \SystemRoot\system32\drivers\nv_agp.sys
C:\windows\System32\drivers\nv_agp.sys
122960 bytes
Created:  14.07.2009 00:38
Modified: 14.07.2009 02:48
Company:  Microsoft Corporation
----------
Key:      ohci1394
ImagePath: \SystemRoot\system32\drivers\ohci1394.sys
C:\windows\System32\drivers\ohci1394.sys
72832 bytes
Created:  14.07.2009 01:06
Modified: 14.07.2009 01:06
Company:  Microsoft Corporation
----------
Key:      ose
ImagePath: "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
149352 bytes
Created:  09.01.2010 20:18
Modified: 09.01.2010 20:18
Company:  Microsoft Corporation
----------
Key:      osppsvc
ImagePath: "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
4925184 bytes
Created:  09.01.2010 20:34
Modified: 09.01.2010 20:34
Company:  Microsoft Corporation
----------
Key:      Parport
ImagePath: \SystemRoot\system32\drivers\parport.sys
C:\windows\System32\drivers\parport.sys
97280 bytes
Created:  14.07.2009 01:00
Modified: 14.07.2009 01:00
Company:  Microsoft Corporation
----------
Key:      partmgr
ImagePath: System32\drivers\partmgr.sys
C:\windows\System32\drivers\partmgr.sys
75120 bytes
Created:  02.10.2012 11:46
Modified: 17.03.2012 08:58
Company:  Microsoft Corporation
----------
Key:      pci
ImagePath: system32\drivers\pci.sys
C:\windows\System32\drivers\pci.sys
184704 bytes
Created:  21.11.2010 04:23
Modified: 21.11.2010 04:23
Company:  Microsoft Corporation
----------
Key:      pciide
ImagePath: \SystemRoot\system32\drivers\pciide.sys
C:\windows\System32\drivers\pciide.sys
12352 bytes
Created:  14.07.2009 00:19
Modified: 14.07.2009 02:45
Company:  Microsoft Corporation
----------
Key:      pcmcia
ImagePath: \SystemRoot\system32\drivers\pcmcia.sys
C:\windows\System32\drivers\pcmcia.sys
220752 bytes
Created:  14.07.2009 00:31
Modified: 14.07.2009 02:45
Company:  Microsoft Corporation
----------
Key:      pcw
ImagePath: System32\drivers\pcw.sys
C:\windows\System32\drivers\pcw.sys
50768 bytes
Created:  14.07.2009 00:19
Modified: 14.07.2009 02:45
Company:  Microsoft Corporation
----------
Key:      PEAUTH
ImagePath: system32\drivers\peauth.sys
C:\windows\System32\drivers\peauth.sys
651264 bytes
Created:  14.07.2009 00:51
Modified: 14.07.2009 02:01
Company:  Microsoft Corporation
----------
Key:      PerfHost
ImagePath: %SystemRoot%\SysWow64\perfhost.exe
C:\windows\SysWow64\perfhost.exe
20992 bytes
Created:  14.07.2009 00:11
Modified: 14.07.2009 02:14
Company:  Microsoft Corporation
----------
Key:      PGEffect
ImagePath: system32\DRIVERS\pgeffect.sys
C:\windows\System32\DRIVERS\pgeffect.sys
35008 bytes
Created:  05.08.2011 08:43
Modified: 22.06.2009 16:06
Company:  TOSHIBA Corporation
----------
Key:      PptpMiniport
ImagePath: system32\DRIVERS\raspptp.sys
C:\windows\System32\DRIVERS\raspptp.sys
111104 bytes
Created:  21.11.2010 04:24
Modified: 21.11.2010 04:24
Company:  Microsoft Corporation
----------
Key:      Processor
ImagePath: \SystemRoot\system32\drivers\processr.sys
C:\windows\System32\drivers\processr.sys
60416 bytes
Created:  14.07.2009 00:19
Modified: 14.07.2009 00:19
Company:  Microsoft Corporation
----------
Key:      ProtectedStorage
ImagePath: %SystemRoot%\system32\lsass.exe
C:\windows\System32\lsass.exe
31232 bytes
Created:  02.10.2012 11:47
Modified: 17.11.2011 07:33
Company:  Microsoft Corporation
----------
Key:      Psched
ImagePath: system32\DRIVERS\pacer.sys
C:\windows\System32\DRIVERS\pacer.sys
131584 bytes
Created:  21.11.2010 04:24
Modified: 21.11.2010 04:24
Company:  Microsoft Corporation
----------
Key:      ql2300
ImagePath: \SystemRoot\system32\drivers\ql2300.sys
C:\windows\System32\drivers\ql2300.sys
1524816 bytes
Created:  10.06.2009 21:37
Modified: 14.07.2009 02:45
Company:  QLogic Corporation
----------
Key:      ql40xx
ImagePath: \SystemRoot\system32\drivers\ql40xx.sys
C:\windows\System32\drivers\ql40xx.sys
128592 bytes
Created:  13.07.2009 22:59
Modified: 14.07.2009 02:45
Company:  QLogic Corporation
----------
Key:      QWAVEdrv
ImagePath: \SystemRoot\system32\drivers\qwavedrv.sys
C:\windows\System32\drivers\qwavedrv.sys
46592 bytes
Created:  14.07.2009 01:09
Modified: 14.07.2009 01:09
Company:  Microsoft Corporation
----------
Key:      RasAcd
ImagePath: System32\DRIVERS\rasacd.sys
C:\windows\System32\DRIVERS\rasacd.sys
14848 bytes
Created:  14.07.2009 01:10
Modified: 14.07.2009 01:10
Company:  Microsoft Corporation
----------
Key:      RasAgileVpn
ImagePath: system32\DRIVERS\AgileVpn.sys
C:\windows\System32\DRIVERS\AgileVpn.sys
60416 bytes
Created:  14.07.2009 01:10
Modified: 14.07.2009 01:10
Company:  Microsoft Corporation
----------
Key:      Rasl2tp
ImagePath: system32\DRIVERS\rasl2tp.sys
C:\windows\System32\DRIVERS\rasl2tp.sys
129536 bytes
Created:  21.11.2010 04:24
Modified: 21.11.2010 04:24
Company:  Microsoft Corporation
----------
Key:      RasPppoe
ImagePath: system32\DRIVERS\raspppoe.sys
C:\windows\System32\DRIVERS\raspppoe.sys
92672 bytes
Created:  14.07.2009 01:10
Modified: 14.07.2009 01:10
Company:  Microsoft Corporation
----------
Key:      RasSstp
ImagePath: system32\DRIVERS\rassstp.sys
C:\windows\System32\DRIVERS\rassstp.sys
83968 bytes
Created:  14.07.2009 01:10
Modified: 14.07.2009 01:10
Company:  Microsoft Corporation
----------
Key:      rdbss
ImagePath: system32\DRIVERS\rdbss.sys
C:\windows\System32\DRIVERS\rdbss.sys
309248 bytes
Created:  21.11.2010 04:24
Modified: 21.11.2010 04:24
Company:  Microsoft Corporation
----------
Key:      rdpbus
ImagePath: \SystemRoot\system32\drivers\rdpbus.sys
C:\windows\System32\drivers\rdpbus.sys
24064 bytes
Created:  14.07.2009 01:17
Modified: 14.07.2009 01:17
Company:  Microsoft Corporation
----------
Key:      RDPCDD
ImagePath: System32\DRIVERS\RDPCDD.sys
C:\windows\System32\DRIVERS\RDPCDD.sys
7680 bytes
Created:  14.07.2009 01:16
Modified: 14.07.2009 01:16
Company:  Microsoft Corporation
----------
Key:      RDPDR
ImagePath: System32\drivers\rdpdr.sys
C:\windows\System32\drivers\rdpdr.sys
165888 bytes
Created:  21.11.2010 04:25
Modified: 21.11.2010 04:25
Company:  Microsoft Corporation
----------
Key:      RDPENCDD
ImagePath: system32\drivers\rdpencdd.sys
C:\windows\System32\drivers\rdpencdd.sys
7680 bytes
Created:  14.07.2009 01:16
Modified: 14.07.2009 01:16
Company:  Microsoft Corporation
----------
Key:      RDPREFMP
ImagePath: system32\drivers\rdprefmp.sys
C:\windows\System32\drivers\rdprefmp.sys
8192 bytes
Created:  14.07.2009 01:16
Modified: 14.07.2009 01:16
Company:  Microsoft Corporation
----------
Key:      rdyboost
ImagePath: System32\drivers\rdyboost.sys
C:\windows\System32\drivers\rdyboost.sys
213888 bytes
Created:  21.11.2010 04:24
Modified: 21.11.2010 04:24
Company:  Microsoft Corporation
----------
Key:      rimspci
ImagePath: \SystemRoot\system32\drivers\rimspe64.sys
C:\windows\System32\drivers\rimspe64.sys
64512 bytes
Created:  05.08.2011 08:34
Modified: 23.06.2010 14:02
Company:  REDC
----------
Key:      risdpcie
ImagePath: \SystemRoot\system32\drivers\risdpe64.sys
C:\windows\System32\drivers\risdpe64.sys
80384 bytes
Created:  05.08.2011 08:34
Modified: 07.05.2010 16:18
Company:  REDC
----------
Key:      rixdpcie
ImagePath: \SystemRoot\system32\drivers\rixdpe64.sys
C:\windows\System32\drivers\rixdpe64.sys
55808 bytes
Created:  05.08.2011 08:34
Modified: 04.07.2009 18:27
Company:  REDC
----------
Key:      RpcLocator
ImagePath: %SystemRoot%\system32\locator.exe
C:\windows\System32\locator.exe
10240 bytes
Created:  14.07.2009 00:59
Modified: 14.07.2009 02:39
Company:  Microsoft Corporation
----------
Key:      rspndr
ImagePath: system32\DRIVERS\rspndr.sys
C:\windows\System32\DRIVERS\rspndr.sys
76800 bytes
Created:  14.07.2009 01:08
Modified: 14.07.2009 01:08
Company:  Microsoft Corporation
----------
Key:      s3cap
ImagePath: \SystemRoot\system32\drivers\vms3cap.sys
C:\windows\System32\drivers\vms3cap.sys
6656 bytes
Created:  21.11.2010 08:00
Modified: 21.11.2010 04:23
Company:  Microsoft Corporation
----------
Key:      SamSs
ImagePath: %SystemRoot%\system32\lsass.exe
C:\windows\System32\lsass.exe
31232 bytes
Created:  02.10.2012 11:47
Modified: 17.11.2011 07:33
Company:  Microsoft Corporation
----------
Key:      sbp2port
ImagePath: \SystemRoot\system32\drivers\sbp2port.sys
C:\windows\System32\drivers\sbp2port.sys
103808 bytes
Created:  21.11.2010 04:23
Modified: 21.11.2010 04:23
Company:  Microsoft Corporation
----------
Key:      scfilter
ImagePath: System32\DRIVERS\scfilter.sys
C:\windows\System32\DRIVERS\scfilter.sys
29696 bytes
Created:  21.11.2010 04:24
Modified: 21.11.2010 04:24
Company:  Microsoft Corporation
----------
Key:      sdbus
ImagePath: system32\DRIVERS\sdbus.sys
C:\windows\System32\DRIVERS\sdbus.sys
109056 bytes
Created:  21.11.2010 04:23
Modified: 21.11.2010 04:23
Company:  Microsoft Corporation
----------
Key:      Serenum
ImagePath: \SystemRoot\system32\drivers\serenum.sys
C:\windows\System32\drivers\serenum.sys
23552 bytes
Created:  14.07.2009 01:00
Modified: 14.07.2009 01:00
Company:  Microsoft Corporation
----------
Key:      Serial
ImagePath: \SystemRoot\system32\drivers\serial.sys
C:\windows\System32\drivers\serial.sys
94208 bytes
Created:  14.07.2009 01:00
Modified: 14.07.2009 01:00
Company:  Microsoft Corporation
----------
Key:      sermouse
ImagePath: \SystemRoot\system32\drivers\sermouse.sys
C:\windows\System32\drivers\sermouse.sys
26624 bytes
Created:  14.07.2009 01:00
Modified: 14.07.2009 01:00
Company:  Microsoft Corporation
----------
Key:      sffdisk
ImagePath: \SystemRoot\system32\drivers\sffdisk.sys
C:\windows\System32\drivers\sffdisk.sys
14336 bytes
Created:  14.07.2009 01:01
Modified: 14.07.2009 01:01
Company:  Microsoft Corporation
----------
Key:      sffp_mmc
ImagePath: \SystemRoot\system32\drivers\sffp_mmc.sys
C:\windows\System32\drivers\sffp_mmc.sys
13824 bytes
Created:  14.07.2009 01:01
Modified: 14.07.2009 01:01
Company:  Microsoft Corporation
----------
Key:      sffp_sd
ImagePath: \SystemRoot\system32\drivers\sffp_sd.sys
C:\windows\System32\drivers\sffp_sd.sys
14336 bytes
Created:  21.11.2010 04:23
Modified: 21.11.2010 04:23
Company:  Microsoft Corporation
----------
Key:      sfloppy
ImagePath: \SystemRoot\system32\drivers\sfloppy.sys
C:\windows\System32\drivers\sfloppy.sys
16896 bytes
Created:  14.07.2009 01:01
Modified: 14.07.2009 01:01
Company:  Microsoft Corporation
----------
Key:      SiSRaid2
ImagePath: \SystemRoot\system32\drivers\SiSRaid2.sys
C:\windows\System32\drivers\SiSRaid2.sys
43584 bytes
Created:  10.06.2009 21:37
Modified: 14.07.2009 02:45
Company:  Silicon Integrated Systems Corp.
----------
Key:      SiSRaid4
ImagePath: \SystemRoot\system32\drivers\sisraid4.sys
C:\windows\System32\drivers\sisraid4.sys
80464 bytes
Created:  13.07.2009 22:59
Modified: 14.07.2009 02:45
Company:  Silicon Integrated Systems
----------
Key:      Smb
ImagePath: system32\DRIVERS\smb.sys
C:\windows\System32\DRIVERS\smb.sys
93184 bytes
Created:  14.07.2009 01:09
Modified: 14.07.2009 01:09
Company:  Microsoft Corporation
----------
Key:      SNMPTRAP
ImagePath: %SystemRoot%\System32\snmptrap.exe
C:\windows\System32\snmptrap.exe
14336 bytes
Created:  14.07.2009 01:10
Modified: 14.07.2009 02:39
Company:  Microsoft Corporation
----------
Key:      Spooler
ImagePath: %SystemRoot%\System32\spoolsv.exe
C:\windows\System32\spoolsv.exe
559104 bytes
Created:  02.10.2012 11:47
Modified: 11.02.2012 07:36
Company:  Microsoft Corporation
----------
Key:      sppsvc
ImagePath: %SystemRoot%\system32\sppsvc.exe
C:\windows\System32\sppsvc.exe
3524608 bytes
Created:  21.11.2010 04:23
Modified: 21.11.2010 04:23
Company:  Microsoft Corporation
----------
Key:      srv
ImagePath: System32\DRIVERS\srv.sys
C:\windows\System32\DRIVERS\srv.sys
467456 bytes
Created:  21.09.2011 12:23
Modified: 29.04.2011 04:06
Company:  Microsoft Corporation
----------
Key:      srv2
ImagePath: System32\DRIVERS\srv2.sys
C:\windows\System32\DRIVERS\srv2.sys
410112 bytes
Created:  21.09.2011 12:23
Modified: 29.04.2011 04:05
Company:  Microsoft Corporation
----------
Key:      srvnet
ImagePath: System32\DRIVERS\srvnet.sys
C:\windows\System32\DRIVERS\srvnet.sys
168448 bytes
Created:  21.09.2011 12:23
Modified: 29.04.2011 04:05
Company:  Microsoft Corporation
----------
Key:      Steam Client Service
ImagePath: C:\Program Files (x86)\Common Files\Steam\SteamService.exe /RunAsService
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
541608 bytes
Created:  11.10.2012 13:03
Modified: 22.01.2013 18:31
Company:  Valve Corporation
----------
Key:      stexstor
ImagePath: \SystemRoot\system32\drivers\stexstor.sys
C:\windows\System32\drivers\stexstor.sys
24656 bytes
Created:  13.07.2009 22:59
Modified: 14.07.2009 02:45
Company:  Promise Technology
----------
Key:      storflt
ImagePath: system32\drivers\vmstorfl.sys
C:\windows\System32\drivers\vmstorfl.sys
46464 bytes
Created:  21.11.2010 08:00
Modified: 21.11.2010 04:23
Company:  Microsoft Corporation
----------
Key:      storvsc
ImagePath: \SystemRoot\system32\drivers\storvsc.sys
C:\windows\System32\drivers\storvsc.sys
34688 bytes
Created:  21.11.2010 08:00
Modified: 21.11.2010 04:23
Company:  Microsoft Corporation
----------
Key:      swenum
ImagePath: \SystemRoot\system32\drivers\swenum.sys
C:\windows\System32\drivers\swenum.sys
12496 bytes
Created:  14.07.2009 01:00
Modified: 14.07.2009 02:45
Company:  Microsoft Corporation
----------
Key:      Tcpip
ImagePath: System32\drivers\tcpip.sys
C:\windows\System32\drivers\tcpip.sys
1914248 bytes
Created:  16.11.2012 18:07
Modified: 03.10.2012 18:56
Company:  Microsoft Corporation
----------
Key:      TCPIP6
ImagePath: system32\DRIVERS\tcpip.sys
C:\windows\System32\DRIVERS\tcpip.sys
1914248 bytes
Created:  16.11.2012 18:07
Modified: 03.10.2012 18:56
Company:  Microsoft Corporation
----------
Key:      tcpipreg
ImagePath: System32\drivers\tcpipreg.sys
C:\windows\System32\drivers\tcpipreg.sys
45568 bytes
Created:  16.11.2012 18:07
Modified: 03.10.2012 17:07
Company:  Microsoft Corporation
----------
Key:      tdcmdpst
ImagePath: system32\DRIVERS\tdcmdpst.sys
C:\windows\System32\DRIVERS\tdcmdpst.sys
27784 bytes
Created:  30.07.2009 18:22
Modified: 30.07.2009 18:22
Company:  TOSHIBA Corporation.
----------
Key:      TDPIPE
ImagePath: system32\drivers\tdpipe.sys
C:\windows\System32\drivers\tdpipe.sys
15872 bytes
Created:  14.07.2009 01:16
Modified: 14.07.2009 01:16
Company:  Microsoft Corporation
----------
Key:      TDTCP
ImagePath: system32\drivers\tdtcp.sys
C:\windows\System32\drivers\tdtcp.sys
23552 bytes
Created:  02.10.2012 11:42
Modified: 17.02.2012 05:57
Company:  Microsoft Corporation
----------
Key:      tdx
ImagePath: system32\DRIVERS\tdx.sys
C:\windows\System32\DRIVERS\tdx.sys
119296 bytes
Created:  21.11.2010 04:24
Modified: 21.11.2010 04:24
Company:  Microsoft Corporation
----------
Key:      TemproMonitoringService
ImagePath: "C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe"
C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
112080 bytes
Created:  10.02.2011 08:25
Modified: 10.02.2011 08:25
Company:  Toshiba Europe GmbH
----------
Key:      TermDD
ImagePath: \SystemRoot\system32\drivers\termdd.sys
C:\windows\System32\drivers\termdd.sys
63360 bytes
Created:  21.11.2010 04:23
Modified: 21.11.2010 04:23
Company:  Microsoft Corporation
----------
Key:      Thpdrv
ImagePath: system32\DRIVERS\thpdrv.sys
C:\windows\System32\DRIVERS\thpdrv.sys
34880 bytes
Created:  29.06.2009 09:25
Modified: 29.06.2009 09:25
Company:  TOSHIBA Corporation
----------
Key:      Thpevm
ImagePath: system32\drivers\Thpevm.SYS
C:\windows\System32\drivers\Thpevm.SYS
14784 bytes
Created:  29.06.2009 15:16
Modified: 29.06.2009 15:16
Company:  TOSHIBA Corporation
----------
Key:      Thpsrv
ImagePath: C:\windows\system32\ThpSrv.exe
C:\windows\System32\ThpSrv.exe
526848 bytes
Created:  24.12.2010 19:14
Modified: 24.12.2010 19:14
Company:  TOSHIBA Corporation
----------
Key:      TIEHDUSB
ImagePath: system32\DRIVERS\tiehdusb.sys
C:\windows\System32\DRIVERS\tiehdusb.sys
128512 bytes
Created:  08.01.2013 18:20
Modified: 03.09.2009 16:30
Company:  Texas Instruments
----------
Key:      TMachInfo
ImagePath: C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
54136 bytes
Created:  05.08.2011 08:37
Modified: 29.11.2010 13:58
Company:  TOSHIBA Corporation
----------
Key:      TODDSrv
ImagePath: C:\windows\system32\TODDSrv.exe
C:\windows\System32\TODDSrv.exe
138656 bytes
Created:  05.08.2011 08:44
Modified: 20.10.2010 12:41
Company:  TOSHIBA Corporation
----------
Key:      TosCoSrv
ImagePath: "C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe"
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
489384 bytes
Created:  05.11.2010 19:23
Modified: 05.11.2010 19:23
Company:  TOSHIBA Corporation
----------
Key:      TOSHIBA Bluetooth Service
ImagePath: C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
198064 bytes
Created:  01.04.2011 16:42
Modified: 01.04.2011 16:42
Company:  TOSHIBA CORPORATION
----------
Key:      TOSHIBA eco Utility Service
ImagePath: "C:\Program Files\TOSHIBA\TECO\TecoService.exe"
C:\Program Files\TOSHIBA\TECO\TecoService.exe
294328 bytes
Created:  07.04.2011 13:35
Modified: 07.04.2011 13:35
Company:  TOSHIBA Corporation
----------
Key:      TOSHIBA HDD SSD Alert Service
ImagePath: "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe"
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
137560 bytes
Created:  05.02.2010 16:44
Modified: 05.02.2010 16:44
Company:  TOSHIBA Corporation
----------
Key:      toshidpt
ImagePath: \SystemRoot\system32\drivers\Toshidpt.sys
C:\windows\System32\drivers\Toshidpt.sys
9608 bytes
Created:  19.06.2009 09:01
Modified: 19.06.2009 09:01
Company:  TOSHIBA Corporation.
----------
Key:      tosporte
ImagePath: \SystemRoot\system32\drivers\tosporte.sys
C:\windows\System32\drivers\tosporte.sys
54664 bytes
Created:  17.06.2009 11:01
Modified: 17.06.2009 11:01
Company:  TOSHIBA Corporation
----------
Key:      tosrfec
ImagePath: \SystemRoot\system32\drivers\tosrfec.sys
C:\windows\System32\drivers\tosrfec.sys
18872 bytes
Created:  18.06.2010 15:45
Modified: 18.06.2010 15:45
Company:  TOSHIBA Corporation
----------
Key:      tos_sps64
ImagePath: system32\DRIVERS\tos_sps64.sys
C:\windows\System32\DRIVERS\tos_sps64.sys
482384 bytes
Created:  05.08.2011 08:43
Modified: 08.05.2010 17:38
Company:  TOSHIBA Corporation
----------
Key:      TPM
ImagePath: system32\drivers\tpm.sys
C:\windows\System32\drivers\tpm.sys
38400 bytes
Created:  14.07.2009 00:21
Modified: 14.07.2009 00:21
Company:  Microsoft Corporation
----------
Key:      TrustedInstaller
ImagePath: %SystemRoot%\servicing\TrustedInstaller.exe
C:\windows\servicing\TrustedInstaller.exe
194048 bytes
Created:  21.11.2010 04:24
Modified: 21.11.2010 04:24
Company:  Microsoft Corporation
----------
Key:      tssecsrv
ImagePath: System32\DRIVERS\tssecsrv.sys
C:\windows\System32\DRIVERS\tssecsrv.sys
39424 bytes
Created:  21.11.2010 04:23
Modified: 21.11.2010 04:23
Company:  Microsoft Corporation
----------
Key:      TsUsbFlt
ImagePath: system32\drivers\tsusbflt.sys
C:\windows\System32\drivers\tsusbflt.sys
59392 bytes
Created:  21.11.2010 04:24
Modified: 21.11.2010 04:24
Company:  Microsoft Corporation
----------
Key:      TsUsbGD
ImagePath: \SystemRoot\system32\drivers\TsUsbGD.sys
C:\windows\System32\drivers\TsUsbGD.sys
31232 bytes
Created:  21.11.2010 04:23
Modified: 21.11.2010 04:23
Company:  Microsoft Corporation
----------
Key:      TTPDSrv
ImagePath: C:\windows\System32\TTPDSRV.exe
C:\windows\System32\TTPDSRV.exe
73728 bytes
Created:  05.08.2011 08:31
Modified: 07.11.2007 10:32
Company:  TOSHIBA Corporation
----------
Key:      tunnel
ImagePath: system32\DRIVERS\tunnel.sys
C:\windows\System32\DRIVERS\tunnel.sys
125440 bytes
Created:  21.11.2010 04:24
Modified: 21.11.2010 04:24
Company:  Microsoft Corporation
----------
Key:      TVALZ
ImagePath: system32\drivers\TVALZ.SYS
C:\windows\System32\drivers\TVALZ.SYS
26840 bytes
Created:  14.07.2009 12:25
Modified: 14.07.2009 12:25
Company:  TOSHIBA Corporation
----------
Key:      uagp35
ImagePath: \SystemRoot\system32\drivers\uagp35.sys
C:\windows\System32\drivers\uagp35.sys
64080 bytes
Created:  14.07.2009 00:38
Modified: 14.07.2009 02:45
Company:  Microsoft Corporation
----------
Key:      udfs
ImagePath: system32\DRIVERS\udfs.sys
C:\windows\System32\DRIVERS\udfs.sys
328192 bytes
Created:  21.11.2010 04:23
Modified: 21.11.2010 04:23
Company:  Microsoft Corporation
----------
Key:      UI0Detect
ImagePath: %SystemRoot%\system32\UI0Detect.exe
C:\windows\System32\UI0Detect.exe
40960 bytes
Created:  14.07.2009 00:52
Modified: 14.07.2009 02:39
Company:  Microsoft Corporation
----------
Key:      uliagpkx
ImagePath: \SystemRoot\system32\drivers\uliagpkx.sys
C:\windows\System32\drivers\uliagpkx.sys
64592 bytes
Created:  14.07.2009 00:38
Modified: 14.07.2009 02:45
Company:  Microsoft Corporation
----------
Key:      umbus
ImagePath: system32\DRIVERS\umbus.sys
C:\windows\System32\DRIVERS\umbus.sys
48640 bytes
Created:  21.11.2010 04:23
Modified: 21.11.2010 04:23
Company:  Microsoft Corporation
----------
Key:      UmPass
ImagePath: \SystemRoot\system32\drivers\umpass.sys
C:\windows\System32\drivers\umpass.sys
9728 bytes
Created:  14.07.2009 01:06
Modified: 14.07.2009 01:06
Company:  Microsoft Corporation
----------
Key:      UNS
ImagePath: "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
2314240 bytes
Created:  05.08.2011 08:19
Modified: 30.09.2009 18:34
Company:  Intel Corporation
----------
Key:      usbccgp
ImagePath: system32\DRIVERS\usbccgp.sys
C:\windows\System32\DRIVERS\usbccgp.sys
98816 bytes
Created:  19.06.2011 16:03
Modified: 25.03.2011 04:29
Company:  Microsoft Corporation
----------
Key:      usbcir
ImagePath: \SystemRoot\system32\drivers\usbcir.sys
C:\windows\System32\drivers\usbcir.sys
100352 bytes
Created:  14.07.2009 01:06
Modified: 14.07.2009 01:06
Company:  Microsoft Corporation
----------
Key:      usbehci
ImagePath: \SystemRoot\system32\drivers\usbehci.sys
C:\windows\System32\drivers\usbehci.sys
52736 bytes
Created:  19.06.2011 16:03
Modified: 25.03.2011 04:29
Company:  Microsoft Corporation
----------
Key:      usbhub
ImagePath: \SystemRoot\system32\drivers\usbhub.sys
C:\windows\System32\drivers\usbhub.sys
343040 bytes
Created:  19.06.2011 16:03
Modified: 25.03.2011 04:29
Company:  Microsoft Corporation
----------
Key:      usbohci
ImagePath: \SystemRoot\system32\drivers\usbohci.sys
C:\windows\System32\drivers\usbohci.sys
25600 bytes
Created:  19.06.2011 16:03
Modified: 25.03.2011 04:29
Company:  Microsoft Corporation
----------
Key:      usbprint
ImagePath: system32\DRIVERS\usbprint.sys
C:\windows\System32\DRIVERS\usbprint.sys
25088 bytes
Created:  14.07.2009 01:38
Modified: 14.07.2009 01:38
Company:  Microsoft Corporation
----------
Key:      usbscan
ImagePath: system32\DRIVERS\usbscan.sys
C:\windows\System32\DRIVERS\usbscan.sys
41984 bytes
Created:  14.07.2009 01:35
Modified: 14.07.2009 01:35
Company:  Microsoft Corporation
----------
Key:      USBSTOR
ImagePath: system32\DRIVERS\USBSTOR.SYS
C:\windows\System32\DRIVERS\USBSTOR.SYS
91648 bytes
Created:  19.06.2011 15:54
Modified: 11.03.2011 05:37
Company:  Microsoft Corporation
----------
Key:      usbuhci
ImagePath: \SystemRoot\system32\drivers\usbuhci.sys
C:\windows\System32\drivers\usbuhci.sys
30720 bytes
Created:  19.06.2011 16:03
Modified: 25.03.2011 04:29
Company:  Microsoft Corporation
----------
Key:      usbvideo
ImagePath: System32\Drivers\usbvideo.sys
C:\windows\System32\Drivers\usbvideo.sys
184960 bytes
Created:  21.11.2010 04:23
Modified: 21.11.2010 04:23
Company:  Microsoft Corporation
----------
Key:      VaultSvc
ImagePath: %SystemRoot%\system32\lsass.exe
C:\windows\System32\lsass.exe
31232 bytes
Created:  02.10.2012 11:47
Modified: 17.11.2011 07:33
Company:  Microsoft Corporation
----------
Key:      vdrvroot
ImagePath: system32\drivers\vdrvroot.sys
C:\windows\System32\drivers\vdrvroot.sys
36432 bytes
Created:  14.07.2009 01:01
Modified: 14.07.2009 02:45
Company:  Microsoft Corporation
----------
Key:      vds
ImagePath: %SystemRoot%\System32\vds.exe
C:\windows\System32\vds.exe
533504 bytes
Created:  21.11.2010 04:23
Modified: 21.11.2010 04:23
Company:  Microsoft Corporation
----------
Key:      vga
ImagePath: system32\DRIVERS\vgapnp.sys
C:\windows\System32\DRIVERS\vgapnp.sys
29184 bytes
Created:  14.07.2009 00:38
Modified: 14.07.2009 00:38
Company:  Microsoft Corporation
----------
Key:      VgaSave
ImagePath: \SystemRoot\System32\drivers\vga.sys
C:\windows\System32\drivers\vga.sys
29184 bytes
Created:  14.07.2009 00:38
Modified: 14.07.2009 00:38
Company:  Microsoft Corporation
----------
Key:      vhdmp
ImagePath: \SystemRoot\system32\drivers\vhdmp.sys
C:\windows\System32\drivers\vhdmp.sys
215936 bytes
Created:  21.11.2010 04:23
Modified: 21.11.2010 04:23
Company:  Microsoft Corporation
----------
Key:      viaide
ImagePath: \SystemRoot\system32\drivers\viaide.sys
C:\windows\System32\drivers\viaide.sys
17488 bytes
Created:  14.07.2009 00:19
Modified: 14.07.2009 02:45
Company:  VIA Technologies, Inc.
----------
Key:      Virtual Router
ImagePath: "C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe"
C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe
12288 bytes
Created:  18.11.2009 13:40
Modified: 18.11.2009 13:40
Company:  Chris Pietschmann (hxxp://pietschsoft.com)
----------
Key:      vmbus
ImagePath: \SystemRoot\system32\drivers\vmbus.sys
C:\windows\System32\drivers\vmbus.sys
199552 bytes
Created:  21.11.2010 08:00
Modified: 21.11.2010 04:23
Company:  Microsoft Corporation
----------
Key:      VMBusHID
ImagePath: \SystemRoot\system32\drivers\VMBusHID.sys
C:\windows\System32\drivers\VMBusHID.sys
21760 bytes
Created:  21.11.2010 08:00
Modified: 21.11.2010 04:23
Company:  Microsoft Corporation
----------
Key:      volmgr
ImagePath: system32\drivers\volmgr.sys
C:\windows\System32\drivers\volmgr.sys
71552 bytes
Created:  21.11.2010 04:23
Modified: 21.11.2010 04:23
Company:  Microsoft Corporation
----------
Key:      volmgrx
ImagePath: System32\drivers\volmgrx.sys
C:\windows\System32\drivers\volmgrx.sys
363392 bytes
Created:  21.11.2010 04:24
Modified: 21.11.2010 04:24
Company:  Microsoft Corporation
----------
Key:      volsnap
ImagePath: system32\drivers\volsnap.sys
C:\windows\System32\drivers\volsnap.sys
296320 bytes
Created:  19.06.2011 15:59
Modified: 25.02.2011 07:25
Company:  Microsoft Corporation
----------
Key:      vsmraid
ImagePath: \SystemRoot\system32\drivers\vsmraid.sys
C:\windows\System32\drivers\vsmraid.sys
161872 bytes
Created:  10.06.2009 21:37
Modified: 14.07.2009 02:45
Company:  VIA Technologies Inc.,Ltd
----------
Key:      VSS
ImagePath: %systemroot%\system32\vssvc.exe
C:\windows\System32\vssvc.exe
1600512 bytes
Created:  21.11.2010 04:23
Modified: 21.11.2010 04:23
Company:  Microsoft Corporation
----------
Key:      vwifibus
ImagePath: system32\DRIVERS\vwifibus.sys
C:\windows\System32\DRIVERS\vwifibus.sys
24576 bytes
Created:  14.07.2009 01:07
Modified: 14.07.2009 01:07
Company:  Microsoft Corporation
----------
Key:      vwififlt
ImagePath: system32\DRIVERS\vwififlt.sys
C:\windows\System32\DRIVERS\vwififlt.sys
59904 bytes
Created:  14.07.2009 01:07
Modified: 14.07.2009 01:07
Company:  Microsoft Corporation
----------
Key:      vwifimp
ImagePath: system32\DRIVERS\vwifimp.sys
C:\windows\System32\DRIVERS\vwifimp.sys
17920 bytes
Created:  14.07.2009 01:07
Modified: 14.07.2009 01:07
Company:  Microsoft Corporation
----------
Key:      WacomPen
ImagePath: \SystemRoot\system32\drivers\wacompen.sys
C:\windows\System32\drivers\wacompen.sys
27776 bytes
Created:  14.07.2009 01:02
Modified: 14.07.2009 01:02
Company:  Microsoft Corporation
----------
Key:      WANARP
ImagePath: system32\DRIVERS\wanarp.sys
C:\windows\System32\DRIVERS\wanarp.sys
88576 bytes
Created:  21.11.2010 04:24
Modified: 21.11.2010 04:24
Company:  Microsoft Corporation
----------
Key:      Wanarpv6
ImagePath: system32\DRIVERS\wanarp.sys
C:\windows\System32\DRIVERS\wanarp.sys
88576 bytes
Created:  21.11.2010 04:24
Modified: 21.11.2010 04:24
Company:  Microsoft Corporation
----------
Key:      wbengine
ImagePath: "%systemroot%\system32\wbengine.exe"
C:\windows\System32\wbengine.exe
1504256 bytes
Created:  21.11.2010 04:25
Modified: 21.11.2010 04:25
Company:  Microsoft Corporation
----------
Key:      Wd
ImagePath: \SystemRoot\system32\drivers\wd.sys
C:\windows\System32\drivers\wd.sys
21056 bytes
Created:  14.07.2009 00:19
Modified: 14.07.2009 02:45
Company:  Microsoft Corporation
----------
Key:      Wdf01000
ImagePath: system32\drivers\Wdf01000.sys
C:\windows\System32\drivers\Wdf01000.sys
785512 bytes
Created:  17.11.2012 00:24
Modified: 26.07.2012 05:55
Company:  Microsoft Corporation
----------
Key:      WfpLwf
ImagePath: system32\DRIVERS\wfplwf.sys
C:\windows\System32\DRIVERS\wfplwf.sys
12800 bytes
Created:  14.07.2009 01:09
Modified: 14.07.2009 01:09
Company:  Microsoft Corporation
----------
Key:      WIMMount
ImagePath: system32\drivers\wimmount.sys
C:\windows\System32\drivers\wimmount.sys
22096 bytes
Created:  14.07.2009 00:29
Modified: 14.07.2009 02:45
Company:  Microsoft Corporation
----------
Key:      WinUsb
ImagePath: system32\DRIVERS\WinUSB.sys
C:\windows\System32\DRIVERS\WinUSB.sys
41984 bytes
Created:  21.11.2010 04:23
Modified: 21.11.2010 04:23
Company:  Microsoft Corporation
----------
Key:      wlcrasvc
ImagePath: "C:\Program Files\Windows Live\Mesh\wlcrasvc.exe"
C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
57184 bytes
Created:  22.09.2010 17:10
Modified: 22.09.2010 17:10
Company:  Microsoft Corporation
----------
Key:      wlidsvc
ImagePath: "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2286976 bytes
Created:  21.09.2010 13:49
Modified: 21.09.2010 13:49
Company:  Microsoft Corp.
----------
Key:      WmiAcpi
ImagePath: \SystemRoot\system32\drivers\wmiacpi.sys
C:\windows\System32\drivers\wmiacpi.sys
14336 bytes
Created:  14.07.2009 00:31
Modified: 14.07.2009 00:31
Company:  Microsoft Corporation
----------
Key:      wmiApSrv
ImagePath: %systemroot%\system32\wbem\WmiApSrv.exe
C:\windows\System32\wbem\WmiApSrv.exe
203264 bytes
Created:  14.07.2009 00:47
Modified: 14.07.2009 02:39
Company:  Microsoft Corporation
----------
Key:      WMPNetworkSvc
ImagePath: "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe"
C:\Program Files\Windows Media Player\wmpnetwk.exe
1525248 bytes
Created:  21.11.2010 04:25
Modified: 21.11.2010 04:25
Company:  Microsoft Corporation
----------
Key:      ws2ifsl
ImagePath: \SystemRoot\system32\drivers\ws2ifsl.sys
C:\windows\System32\drivers\ws2ifsl.sys
21504 bytes
Created:  14.07.2009 01:10
Modified: 14.07.2009 01:10
Company:  Microsoft Corporation
----------
Key:      WSearch
ImagePath: %systemroot%\system32\SearchIndexer.exe /Embedding
C:\windows\System32\SearchIndexer.exe
591872 bytes
Created:  21.09.2011 12:29
Modified: 04.05.2011 06:19
Company:  Microsoft Corporation
----------
Key:      WudfPf
ImagePath: system32\drivers\WudfPf.sys
C:\windows\System32\drivers\WudfPf.sys
87040 bytes
Created:  17.11.2012 00:18
Modified: 26.07.2012 03:26
Company:  Microsoft Corporation
----------
Key:      WUDFRd
ImagePath: system32\DRIVERS\WUDFRd.sys
C:\windows\System32\DRIVERS\WUDFRd.sys
198656 bytes
Created:  17.11.2012 00:18
Modified: 26.07.2012 03:26
Company:  Microsoft Corporation
----------
Key:      xusb21
ImagePath: system32\DRIVERS\xusb21.sys
C:\windows\System32\DRIVERS\xusb21.sys
73984 bytes
Created:  13.08.2009 21:10
Modified: 13.08.2009 21:10
Company:  Microsoft Corporation
----------

************************************************************
20:00:45: Scanning -----VXD ENTRIES-----

************************************************************
20:00:46: Scanning ----- WINLOGON\NOTIFY DLLS -----
No WINLOGON\NOTIFY DLLs found to scan
Rootkit scan of Winlogon\Notify key not possible [key may not exist]

************************************************************
20:00:46: Scanning ----- CONTEXTMENUHANDLERS -----
Key:  AVG Shell Extension
CLSID: {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
Path:  C:\Program Files (x86)\AVG\AVG2012\avgsea.dll
C:\Program Files (x86)\AVG\AVG2012\avgsea.dll
214880 bytes
Created:  14.02.2012 03:53
Modified: 14.02.2012 03:53
Company:  AVG Technologies CZ, s.r.o.
----------
Key:  DaemonShellExtImage
CLSID: {40966797-8FFE-46C8-9EF8-7003F33CCF0F}
Path:  C:\Program Files (x86)\DAEMON Tools Pro\DTShl64.dll
C:\Program Files (x86)\DAEMON Tools Pro\DTShl64.dll
713536 bytes
Created:  26.04.2012 13:32
Modified: 26.04.2012 13:32
Company:  DT Soft Ltd
----------
Key:  DropboxExt
CLSID: {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
File:  [CLSID does not appear to reference a file]
----------
Key:  Shell Extension for Malware scanning
CLSID: {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
Path:  C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll
C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll
2290464 bytes
Created:  11.10.2012 14:28
Modified: 11.12.2012 17:41
Company:  Avira Operations GmbH & Co. KG
----------
Key:  TFPUContextMenu
CLSID: {2E34EBB9-C147-4DF4-938F-90C5B0837B1E}
Path:  C:\Program Files\TOSHIBA\TFPU\TFPUFileShellExt.dll
C:\Program Files\TOSHIBA\TFPU\TFPUFileShellExt.dll
136624 bytes
Created:  02.03.2010 09:24
Modified: 02.03.2010 09:24
Company:  TOSHIBA
----------
Key:  tosBtShllExt
CLSID: {6BEF3D0B-53F0-4b0d-B91C-C19ED3D4C9D1}
Path:  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtShell.dll
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtShell.dll
621968 bytes
Created:  30.07.2010 08:46
Modified: 30.07.2010 08:46
Company:  TOSHIBA
----------
Key:  XXX Groove GFS Context Menu Handler XXX
CLSID: {6C467336-8281-4E60-8204-430CED96822D}
Path:  C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
6670496 bytes
Created:  16.08.2012 05:51
Modified: 16.08.2012 05:51
Company:  Microsoft Corporation
----------
Key:  {A4FD8DDB-5800-4414-97F9-7457AC8EE4F0}
Path:  C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBShell.dll
C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBShell.dll
861480 bytes
Created:  07.01.2011 17:48
Modified: 07.01.2011 17:48
Company:  Nero AG
----------
Key:  {F764812A-132C-4013-9960-5CBBEB408A0E}
Path:  C:\Program Files (x86)\Common Files\Nero\NeroShellExt\\NeroShellExt.dll
C:\Program Files (x86)\Common Files\Nero\NeroShellExt\NeroShellExt.dll
914728 bytes
Created:  18.01.2011 13:49
Modified: 18.01.2011 13:49
Company:  Nero AG
----------

************************************************************
20:00:48: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key:  {F9DB5320-233E-11D1-9F84-707F02C10627}
File: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
394136 bytes
Created:  05.09.2011 18:04
Modified: 05.09.2011 18:04
Company:  Adobe Systems, Inc.
----------

************************************************************
20:00:48: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}
BHO: C:\Users\Schüler\AppData\LocalLow\CT2625848\ldrtbDVDV.dll
C:\Users\Schüler\AppData\LocalLow\CT2625848\ldrtbDVDV.dll
617880 bytes
Created:  18.12.2012 13:37
Modified: 18.12.2012 13:37
Company:  Conduit Ltd.
----------
Key: {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9}
BHO: C:\Program Files\TOSHIBA\TFPU\x86\TFPUPWDBankBHO.dll
C:\Program Files\TOSHIBA\TFPU\x86\TFPUPWDBankBHO.dll
45488 bytes
Created:  02.03.2010 09:24
Modified: 02.03.2010 09:24
Company:  TODO: <Company name>
----------
Key: {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
BHO: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
63912 bytes
Created:  05.09.2011 18:04
Modified: 05.09.2011 18:04
Company:  Adobe Systems Incorporated
----------
Key: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}
BHO: C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
1393272 bytes
Created:  13.08.2012 02:24
Modified: 13.08.2012 02:24
Company:  AVG Technologies CZ, s.r.o.
----------
Key: {336D0C35-8A85-403a-B9D2-65C292C39087}
BHO: C:\Program Files\IB Updater\Extension64.dll
C:\Program Files\IB Updater\Extension64.dll
215896 bytes
Created:  24.12.2012 11:37
Modified: 26.11.2012 14:39
Company: 
----------
Key: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
BHO: C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll
C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll
1968248 bytes
Created:  24.06.2012 03:12
Modified: 24.06.2012 03:12
Company:  AVG Technologies CZ, s.r.o.
----------
Key: {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
BHO: C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
261632 bytes
Created:  21.01.2012 23:18
Modified: 21.01.2012 23:18
Company:  Montera Technologeis LTD
----------
Key: {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
BHO: C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL - file already scanned
----------
Key: {9030D464-4C02-4ABF-8ECC-5164760863C6}
BHO: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
529280 bytes
Created:  21.09.2010 13:54
Modified: 21.09.2010 13:54
Company:  Microsoft Corp.
----------
Key: {B4F3A835-0E21-4959-BA22-42B3008E02FF}
BHO: C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
689040 bytes
Created:  21.12.2010 02:49
Modified: 21.12.2010 02:49
Company:  Microsoft Corporation
----------
Key: {DBC80044-A445-435b-BC74-9C25C1C588A9}
BHO: C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
42272 bytes
Created:  27.09.2011 09:43
Modified: 27.09.2011 09:43
Company:  Sun Microsystems, Inc.
----------

************************************************************
20:00:51: Scanning ----- SHELLSERVICEOBJECTS -----

************************************************************
20:00:51: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
No SharedTaskScheduler entries found to scan

************************************************************
20:00:51: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
20:00:51: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank or does not exist

************************************************************
20:00:51: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
20:00:51: Scanning ------ COMMON STARTUP GROUP ------
[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created:  14.07.2009 05:54
Modified: 14.07.2009 05:54
Company:  [no info]
--------------------
Toshiba Places Icon Utility.lnk - links to C:\PROGRA~1\TOSHIBA\TOSHIB~2\TOSDIM~1.EXE
C:\PROGRA~1\TOSHIBA\TOSHIB~2\TOSDIM~1.EXE
1470848 bytes
Created:  19.06.2011 16:28
Modified: 21.04.2011 09:56
Company:  Toshiba
--------------------
Virtual Router Manager.lnk - links to C:\windows\Installer\{8DB05F7E-1F7A-4CC0-882F-375B97F04CD4}\_E6D9769DD20AF384865041.exe
C:\windows\Installer\{8DB05F7E-1F7A-4CC0-882F-375B97F04CD4}\_E6D9769DD20AF384865041.exe
-R- 22486 bytes
Created:  24.12.2012 12:03
Modified: 24.12.2012 12:03
Company:  [no info]
--------------------

************************************************************
20:00:52: Scanning ----- USER STARTUP GROUPS -----
Checking Startup Group for: Schüler
[C:\Users\Schüler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
C:\Users\Schüler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created:  02.10.2012 11:29
Modified: 02.10.2012 12:49
Company:  [no info]
----------
Dropbox.lnk - links to C:\Users\SCHLER~1\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\SCHLER~1\AppData\Roaming\Dropbox\bin\Dropbox.exe
28539272 bytes
Created:  20.01.2013 03:09
Modified: 20.01.2013 03:09
Company:  Dropbox, Inc.
----------
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - links to C:\PROGRA~2\MICROS~2\Office14\ONENOTEM.EXE
C:\PROGRA~2\MICROS~2\Office14\ONENOTEM.EXE
227712 bytes
Created:  21.12.2010 00:07
Modified: 21.12.2010 00:07
Company:  Microsoft Corporation
----------
--------------------
Checking Startup Group for: setup
[C:\Users\setup\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
C:\Users\setup\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created:  21.09.2011 10:28
Modified: 21.09.2011 10:29
Company:  [no info]
----------
--------------------

************************************************************
20:00:54: Scanning ----- SCHEDULED TASKS -----
Taskname:      {7FD22F7F-AD60-4913-B5FB-FE0D3661DF57}
----------
Taskname:      {F71A21B9-FA0F-4E39-ACDD-D231B339F1B9}
File:          C:\Users\Schüler\Desktop\tinotefoliocreator.exe
Schedule:      At task creation/modification
Next Run Time:
Status:        Ready
Creator:     
Comments:     
C:\Users\Schüler\Desktop\tinotefoliocreator.exe - [file not found to scan]
----------
Taskname:      {F8DAA56D-F9A7-47B0-8DDB-F557C84204DF}
----------
Taskname:      ConfigFree Startup Programs
File:          C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
304560 bytes
Created:  03.12.2010 13:57
Modified: 03.12.2010 13:57
Company:  TOSHIBA CORPORATION
Schedule:      At logon
Next Run Time:
Status:        Running
Creator:      TOSHIBA Corporation
Comments:      This task runs ConfigFree SW programs. Please do not delete this task.
----------
Taskname:      CreateChoiceProcessTask
File:          C:\windows\Sysnative\browserchoice.exe
C:\windows\System32\browserchoice.exe
294912 bytes
Created:  02.10.2012 12:02
Modified: 23.02.2010 09:16
Company:  Microsoft Corporation
Parameters:    /launch
Schedule:      At task creation/modification
Next Run Time:
Status:        Ready
Creator:      BrowserChoice
Comments:     
----------

************************************************************
20:00:55: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----
Key:  Groove Explorer Icon Overlay 1 (GFS Unread Stub)
CLSID: {99FD978C-D287-4F50-827F-B2C658EDA8E7}
File:  C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
----------
Key:  Groove Explorer Icon Overlay 2 (GFS Stub)
CLSID: {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}
File:  C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
----------
Key:  Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)
CLSID: {920E6DB1-9907-4370-B3A0-BAFC03D81399}
File:  C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
----------
Key:  Groove Explorer Icon Overlay 3 (GFS Folder)
CLSID: {16F3DD56-1AF5-4347-846D-7C10C4192619}
File:  C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
----------
Key:  Groove Explorer Icon Overlay 4 (GFS Unread Mark)
CLSID: {2916C86E-86A6-43FE-8112-43ABE6BF8DCC}
File:  C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
----------
Key:  SharingPrivate
CLSID: {08244EE6-92F0-47f2-9FC9-929BAA2E7235}
File:  %SystemRoot%\system32\ntshrui.dll
C:\windows\System32\ntshrui.dll
509952 bytes
Created:  02.10.2012 11:47
Modified: 04.01.2012 11:44
Company:  Microsoft Corporation
----------

************************************************************
20:00:57: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: msacm.l3acm
File:  C:\Windows\SysWOW64\l3codeca.acm
C:\Windows\SysWOW64\l3codeca.acm
64000 bytes
Created:  14.07.2009 01:07
Modified: 14.07.2009 02:14
Company:  Fraunhofer Institut Integrierte Schaltungen IIS
----------
Value: vidc.cvid
File:  iccvid.dll
iccvid.dll - [file not found to scan]
----------
Value: msacm.siren
File:  sirenacm.dll
sirenacm.dll - [file not found to scan]
----------

************************************************************
20:00:58: ----- ADDITIONAL CHECKS -----
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Users\Schüler\Pictures\power_wallpaper_black.bmp
C:\Users\Schüler\Pictures\power_wallpaper_black.bmp
4096054 bytes
Created:  11.10.2012 14:45
Modified: 11.10.2012 14:45
Company:  [no info]
----------
Web Desktop Wallpaper entry is blank
----------
Checks for rogue DNS NameServers completed
----------
Checks for Backdoor.ZeroAccess completed
----------
Additional checks completed

************************************************************
20:01:11: Scanning ----- RUNNING PROCESSES -----

C:\windows\System32\smss.exe
112640 bytes
Created:  14.07.2009 00:19
Modified: 14.07.2009 02:39
Company:  Microsoft Corporation
--------------------
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
1393784 bytes
Created:  26.07.2012 02:23
Modified: 26.07.2012 02:23
Company:  AVG Technologies CZ, s.r.o.
--------------------
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
520032 bytes
Created:  14.02.2012 03:52
Modified: 14.02.2012 03:52
Company:  AVG Technologies CZ, s.r.o.
--------------------
C:\windows\System32\csrss.exe
7680 bytes
Created:  14.07.2009 00:19
Modified: 14.07.2009 02:39
Company:  Microsoft Corporation
--------------------
C:\windows\System32\wininit.exe
129024 bytes
Created:  14.07.2009 00:52
Modified: 14.07.2009 02:39
Company:  Microsoft Corporation
--------------------
C:\windows\System32\services.exe
328704 bytes
Created:  14.07.2009 00:19
Modified: 14.07.2009 02:39
Company:  Microsoft Corporation
--------------------
C:\windows\System32\lsm.exe
343040 bytes
Created:  21.11.2010 04:23
Modified: 21.11.2010 04:23
Company:  Microsoft Corporation
--------------------
C:\windows\System32\winlogon.exe
390656 bytes
Created:  21.11.2010 04:24
Modified: 21.11.2010 04:24
Company:  Microsoft Corporation
--------------------
C:\windows\System32\svchost.exe
27648 bytes
Created:  19.06.2011 16:02
Modified: 01.03.2011 09:07
Company:  Microsoft Corporation
--------------------
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
139696 bytes
Created:  09.07.2012 00:40
Modified: 09.07.2012 00:40
Company:  Microsoft Corporation
--------------------
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
2011768 bytes
Created:  13.06.2012 02:48
Modified: 13.06.2012 02:48
Company:  AVG Technologies CZ, s.r.o.
--------------------
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
1607040 bytes
Created:  19.03.2012 04:18
Modified: 19.03.2012 04:18
Company:  AVG Technologies CZ, s.r.o.
--------------------
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
247584 bytes
Created:  11.10.2012 14:28
Modified: 11.12.2012 17:37
Company:  Avira Operations GmbH & Co. KG
--------------------
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
222592 bytes
Created:  21.09.2010 13:49
Modified: 21.09.2010 13:49
Company:  Microsoft Corp.
--------------------
C:\windows\System32\taskhost.exe
68608 bytes
Created:  09.01.2013 23:47
Modified: 23.11.2012 04:13
Company:  Microsoft Corporation
--------------------
C:\windows\System32\dwm.exe
120320 bytes
Created:  14.07.2009 00:37
Modified: 14.07.2009 02:39
Company:  Microsoft Corporation
--------------------
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
2743104 bytes
Created:  26.04.2012 13:33
Modified: 26.04.2012 13:33
Company:  DT Soft Ltd
--------------------
C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
1470848 bytes
Created:  19.06.2011 16:28
Modified: 21.04.2011 09:56
Company:  Toshiba
--------------------
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
227712 bytes
Created:  21.12.2010 00:07
Modified: 21.12.2010 00:07
Company:  Microsoft Corporation
--------------------
C:\Program Files\Apoint2K\ApMsgFwd.exe
66856 bytes
Created:  16.07.2009 14:42
Modified: 16.07.2009 14:42
Company:  Alps Electric Co., Ltd.
--------------------
C:\Program Files\Apoint2K\ApntEx.exe
23552 bytes
Created:  31.01.2009 23:15
Modified: 31.01.2009 23:15
Company:  Alps Electric Co., Ltd.
--------------------
C:\windows\System32\conhost.exe
338432 bytes
Created:  10.01.2013 16:47
Modified: 30.11.2012 04:23
Company:  Microsoft Corporation
--------------------
C:\Program Files\Apoint2K\hidfind.exe
91648 bytes
Created:  31.01.2009 21:43
Modified: 31.01.2009 21:43
Company:  Alps Electric Co., Ltd.
--------------------
C:\windows\System32\igfxext.exe
223768 bytes
Created:  30.01.2011 20:14
Modified: 30.01.2011 20:14
Company:  Intel Corporation
--------------------
C:\windows\System32\igfxsrvc.exe
509976 bytes
Created:  30.01.2011 20:14
Modified: 30.01.2011 20:14
Company:  Intel Corporation
--------------------
C:\windows\System32\SearchIndexer.exe
591872 bytes
Created:  21.09.2011 12:29
Modified: 04.05.2011 06:19
Company:  Microsoft Corporation
--------------------
C:\windows\System32\taskeng.exe
464384 bytes
Created:  21.11.2010 04:24
Modified: 21.11.2010 04:24
Company:  Microsoft Corporation
--------------------
C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
80840 bytes
Created:  01.04.2011 16:42
Modified: 01.04.2011 16:42
Company:  TOSHIBA CORPORATION
--------------------
C:\Windows\splwow64.exe
67072 bytes
Created:  02.10.2012 11:47
Modified: 11.02.2012 07:36
Company:  Microsoft Corporation
--------------------
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
593032 bytes
Created:  31.10.2012 13:24
Modified: 04.08.2011 14:44
Company:  CANON INC.
--------------------
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
62848 bytes
Created:  28.07.2009 19:26
Modified: 28.07.2009 19:26
Company:  TOSHIBA CORPORATION
--------------------
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
1147224 bytes
Created:  05.02.2010 16:44
Modified: 05.02.2010 16:44
Company:  TOSHIBA Corporation
--------------------
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
541608 bytes
Created:  11.10.2012 13:03
Modified: 22.01.2013 18:31
Company:  Valve Corporation
--------------------
C:\Program Files\Opera x64\opera.exe
940008 bytes
Created:  09.10.2012 14:47
Modified: 10.01.2013 16:40
Company:  Opera Software
--------------------
C:\Users\Schüler\AppData\Roaming\Dropbox\bin\Dropbox.exe
28539272 bytes
Created:  20.01.2013 03:09
Modified: 20.01.2013 03:09
Company:  Dropbox, Inc.
--------------------
C:\windows\System32\WUDFHost.exe
229888 bytes
Created:  17.11.2012 00:18
Modified: 26.07.2012 04:08
Company:  Microsoft Corporation
--------------------
C:\windows\System32\SearchProtocolHost.exe
249856 bytes
Created:  21.09.2011 12:29
Modified: 04.05.2011 06:19
Company:  Microsoft Corporation
--------------------
C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe
FileSize:          4766968
[This is a Trojan Remover component]
--------------------
--------------------
C:\windows\System32\SearchFilterHost.exe
113664 bytes
Created:  21.09.2011 12:29
Modified: 04.05.2011 06:19
Company:  Microsoft Corporation
--------------------

************************************************************
20:01:20: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\Windows\SysWOW64\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
hxxp://mystart.incredibar.com/mb201?a=6PQTFXqx0t&i=26
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\windows\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
hxxp://toshiba.msn.com

************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 20:01:20 22 Jan 2013
Total Scan time: 00:02:58
************************************************************

momo2408 23.01.2013 18:40
Nummer 2:

Code:

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Dienstag, 22. Januar 2013  19:41


Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer  : Avira Free Antivirus
Seriennummer  : 0000149996-ADJIE-0000001
Plattform      : Windows 7 Professional
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus    : Normal gebootet
Benutzername  : Schüler
Computername  : STMO24

Versionsinformationen:
BUILD.DAT      : 13.0.0.2890          Bytes  05.12.2012 17:11:00
AVSCAN.EXE    : 13.6.0.402    639264 Bytes  11.12.2012 16:37:20
AVSCANRC.DLL  : 13.4.0.360    64800 Bytes  11.12.2012 16:37:21
LUKE.DLL      : 13.6.0.400    67360 Bytes  11.12.2012 16:40:34
AVSCPLR.DLL    : 13.6.0.402    93984 Bytes  11.12.2012 16:42:26
AVREG.DLL      : 13.6.0.406    248096 Bytes  11.12.2012 16:42:23
avlode.dll    : 13.6.1.402    428832 Bytes  11.12.2012 16:42:32
avlode.rdf    : 13.0.0.26      7958 Bytes  11.12.2012 16:42:26
VBASE000.VDF  : 7.10.0.0    19875328 Bytes  06.11.2009 13:50:29
VBASE001.VDF  : 7.11.0.0    13342208 Bytes  14.12.2010 13:50:31
VBASE002.VDF  : 7.11.19.170 14374912 Bytes  20.12.2011 13:50:34
VBASE003.VDF  : 7.11.21.238  4472832 Bytes  01.02.2012 13:50:36
VBASE004.VDF  : 7.11.26.44  4329472 Bytes  28.03.2012 13:50:37
VBASE005.VDF  : 7.11.34.116  4034048 Bytes  29.06.2012 13:42:40
VBASE006.VDF  : 7.11.41.250  4902400 Bytes  06.09.2012 13:42:40
VBASE007.VDF  : 7.11.50.230  3904512 Bytes  22.11.2012 16:50:34
VBASE008.VDF  : 7.11.55.142  2214912 Bytes  03.01.2013 15:03:50
VBASE009.VDF  : 7.11.55.143    2048 Bytes  03.01.2013 15:03:51
VBASE010.VDF  : 7.11.55.144    2048 Bytes  03.01.2013 15:03:51
VBASE011.VDF  : 7.11.55.145    2048 Bytes  03.01.2013 15:03:51
VBASE012.VDF  : 7.11.55.146    2048 Bytes  03.01.2013 15:03:51
VBASE013.VDF  : 7.11.55.196  260096 Bytes  04.01.2013 15:03:59
VBASE014.VDF  : 7.11.56.23    206848 Bytes  07.01.2013 15:36:36
VBASE015.VDF  : 7.11.56.83    186880 Bytes  08.01.2013 22:02:41
VBASE016.VDF  : 7.11.56.145  135168 Bytes  09.01.2013 22:02:47
VBASE017.VDF  : 7.11.56.211  139776 Bytes  11.01.2013 13:07:19
VBASE018.VDF  : 7.11.57.11    153088 Bytes  13.01.2013 15:33:00
VBASE019.VDF  : 7.11.57.75    165888 Bytes  15.01.2013 14:45:11
VBASE020.VDF  : 7.11.57.163  190976 Bytes  17.01.2013 16:46:49
VBASE021.VDF  : 7.11.57.219  119808 Bytes  18.01.2013 16:46:54
VBASE022.VDF  : 7.11.58.7    167936 Bytes  21.01.2013 16:47:03
VBASE023.VDF  : 7.11.58.49    140288 Bytes  22.01.2013 17:34:53
VBASE024.VDF  : 7.11.58.50      2048 Bytes  22.01.2013 17:34:53
VBASE025.VDF  : 7.11.58.51      2048 Bytes  22.01.2013 17:34:53
VBASE026.VDF  : 7.11.58.52      2048 Bytes  22.01.2013 17:34:53
VBASE027.VDF  : 7.11.58.53      2048 Bytes  22.01.2013 17:34:53
VBASE028.VDF  : 7.11.58.54      2048 Bytes  22.01.2013 17:34:53
VBASE029.VDF  : 7.11.58.55      2048 Bytes  22.01.2013 17:34:53
VBASE030.VDF  : 7.11.58.56      2048 Bytes  22.01.2013 17:34:53
VBASE031.VDF  : 7.11.58.62    22528 Bytes  22.01.2013 17:34:54
Engineversion  : 8.2.10.236
AEVDF.DLL      : 8.1.2.10      102772 Bytes  19.09.2012 13:42:55
AESCRIPT.DLL  : 8.1.4.82      467323 Bytes  21.01.2013 16:48:11
AESCN.DLL      : 8.1.10.0      131445 Bytes  18.12.2012 19:37:03
AESBX.DLL      : 8.2.5.12      606578 Bytes  28.08.2012 15:58:06
AERDL.DLL      : 8.2.0.88      643444 Bytes  10.01.2013 15:43:41
AEPACK.DLL    : 8.3.1.2      819574 Bytes  21.12.2012 13:24:52
AEOFFICE.DLL  : 8.1.2.50      201084 Bytes  05.11.2012 15:53:18
AEHEUR.DLL    : 8.1.4.180    5665144 Bytes  21.01.2013 16:48:07
AEHELP.DLL    : 8.1.25.2      258423 Bytes  11.10.2012 13:29:14
AEGEN.DLL      : 8.1.6.14      434548 Bytes  10.01.2013 15:41:56
AEEXP.DLL      : 8.3.0.12      188789 Bytes  21.01.2013 16:48:14
AEEMU.DLL      : 8.1.3.2      393587 Bytes  19.09.2012 13:42:55
AECORE.DLL    : 8.1.30.0      201079 Bytes  18.12.2012 19:36:44
AEBB.DLL      : 8.1.1.4        53619 Bytes  05.11.2012 15:52:07
AVWINLL.DLL    : 13.4.0.163    25888 Bytes  19.09.2012 17:09:30
AVPREF.DLL    : 13.4.0.360    50464 Bytes  11.12.2012 16:37:10
AVREP.DLL      : 13.4.0.360    177952 Bytes  11.12.2012 16:42:24
AVARKT.DLL    : 13.6.0.402    260384 Bytes  11.12.2012 16:36:25
AVEVTLOG.DLL  : 13.6.0.400    167200 Bytes  11.12.2012 16:36:58
SQLITE3.DLL    : 3.7.0.1      397088 Bytes  19.09.2012 17:17:40
AVSMTP.DLL    : 13.4.0.163    62240 Bytes  19.09.2012 17:08:54
NETNT.DLL      : 13.4.0.360    15648 Bytes  11.12.2012 16:40:35
RCIMAGE.DLL    : 13.4.0.360  4780832 Bytes  11.12.2012 16:34:58
RCTEXT.DLL    : 13.4.0.360    68384 Bytes  11.12.2012 16:34:58

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: ShlExt
Konfigurationsdatei...................: C:\Users\SCHLER~1\AppData\Local\Temp\a15d1261.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: E:,
Durchsuche aktive Programme...........: aus
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Dienstag, 22. Januar 2013  19:41

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'E:\' <HTC STORAGE>
E:\download\Battery_Upgrade--Tap_to_Start__lbtec26c3ca-8289-4d0c-ad5e-d264424f7956lbt.apk
    [0] Archivtyp: ZIP
    --> classes.dex
        [FUND]      Enthält Code des ANDROID/FakeDoc.A.7-Virus
        [WARNUNG]  Infizierte Dateien in Archiven können nicht repariert werden

Beginne mit der Desinfektion:
E:\download\Battery_Upgrade--Tap_to_Start__lbtec26c3ca-8289-4d0c-ad5e-d264424f7956lbt.apk
  [FUND]      Enthält Code des ANDROID/FakeDoc.A.7-Virus
  [HINWEIS]  Eine Sicherungskopie wurde unter dem Namen 57cc7dfd.qua erstellt ( QUARANTÄNE )
  [HINWEIS]  Die Datei wurde gelöscht.


Ende des Suchlaufs: Dienstag, 22. Januar 2013  19:43
Benötigte Zeit: 01:54 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

    357 Verzeichnisse wurden überprüft
  10138 Dateien wurden geprüft
      1 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      1 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      1 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
  10137 Dateien ohne Befall
    540 Archive wurden durchsucht
      1 Warnungen
      1 Hinweise
Nummer 3:

Code:

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Dienstag, 22. Januar 2013  19:44


Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer  : Avira Free Antivirus
Seriennummer  : 0000149996-ADJIE-0000001
Plattform      : Windows 7 Professional
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus    : Normal gebootet
Benutzername  : Schüler
Computername  : STMO24

Versionsinformationen:
BUILD.DAT      : 13.0.0.2890          Bytes  05.12.2012 17:11:00
AVSCAN.EXE    : 13.6.0.402    639264 Bytes  11.12.2012 16:37:20
AVSCANRC.DLL  : 13.4.0.360    64800 Bytes  11.12.2012 16:37:21
LUKE.DLL      : 13.6.0.400    67360 Bytes  11.12.2012 16:40:34
AVSCPLR.DLL    : 13.6.0.402    93984 Bytes  11.12.2012 16:42:26
AVREG.DLL      : 13.6.0.406    248096 Bytes  11.12.2012 16:42:23
avlode.dll    : 13.6.1.402    428832 Bytes  11.12.2012 16:42:32
avlode.rdf    : 13.0.0.26      7958 Bytes  11.12.2012 16:42:26
VBASE000.VDF  : 7.10.0.0    19875328 Bytes  06.11.2009 13:50:29
VBASE001.VDF  : 7.11.0.0    13342208 Bytes  14.12.2010 13:50:31
VBASE002.VDF  : 7.11.19.170 14374912 Bytes  20.12.2011 13:50:34
VBASE003.VDF  : 7.11.21.238  4472832 Bytes  01.02.2012 13:50:36
VBASE004.VDF  : 7.11.26.44  4329472 Bytes  28.03.2012 13:50:37
VBASE005.VDF  : 7.11.34.116  4034048 Bytes  29.06.2012 13:42:40
VBASE006.VDF  : 7.11.41.250  4902400 Bytes  06.09.2012 13:42:40
VBASE007.VDF  : 7.11.50.230  3904512 Bytes  22.11.2012 16:50:34
VBASE008.VDF  : 7.11.55.142  2214912 Bytes  03.01.2013 15:03:50
VBASE009.VDF  : 7.11.55.143    2048 Bytes  03.01.2013 15:03:51
VBASE010.VDF  : 7.11.55.144    2048 Bytes  03.01.2013 15:03:51
VBASE011.VDF  : 7.11.55.145    2048 Bytes  03.01.2013 15:03:51
VBASE012.VDF  : 7.11.55.146    2048 Bytes  03.01.2013 15:03:51
VBASE013.VDF  : 7.11.55.196  260096 Bytes  04.01.2013 15:03:59
VBASE014.VDF  : 7.11.56.23    206848 Bytes  07.01.2013 15:36:36
VBASE015.VDF  : 7.11.56.83    186880 Bytes  08.01.2013 22:02:41
VBASE016.VDF  : 7.11.56.145  135168 Bytes  09.01.2013 22:02:47
VBASE017.VDF  : 7.11.56.211  139776 Bytes  11.01.2013 13:07:19
VBASE018.VDF  : 7.11.57.11    153088 Bytes  13.01.2013 15:33:00
VBASE019.VDF  : 7.11.57.75    165888 Bytes  15.01.2013 14:45:11
VBASE020.VDF  : 7.11.57.163  190976 Bytes  17.01.2013 16:46:49
VBASE021.VDF  : 7.11.57.219  119808 Bytes  18.01.2013 16:46:54
VBASE022.VDF  : 7.11.58.7    167936 Bytes  21.01.2013 16:47:03
VBASE023.VDF  : 7.11.58.49    140288 Bytes  22.01.2013 17:34:53
VBASE024.VDF  : 7.11.58.50      2048 Bytes  22.01.2013 17:34:53
VBASE025.VDF  : 7.11.58.51      2048 Bytes  22.01.2013 17:34:53
VBASE026.VDF  : 7.11.58.52      2048 Bytes  22.01.2013 17:34:53
VBASE027.VDF  : 7.11.58.53      2048 Bytes  22.01.2013 17:34:53
VBASE028.VDF  : 7.11.58.54      2048 Bytes  22.01.2013 17:34:53
VBASE029.VDF  : 7.11.58.55      2048 Bytes  22.01.2013 17:34:53
VBASE030.VDF  : 7.11.58.56      2048 Bytes  22.01.2013 17:34:53
VBASE031.VDF  : 7.11.58.62    22528 Bytes  22.01.2013 17:34:54
Engineversion  : 8.2.10.236
AEVDF.DLL      : 8.1.2.10      102772 Bytes  19.09.2012 13:42:55
AESCRIPT.DLL  : 8.1.4.82      467323 Bytes  21.01.2013 16:48:11
AESCN.DLL      : 8.1.10.0      131445 Bytes  18.12.2012 19:37:03
AESBX.DLL      : 8.2.5.12      606578 Bytes  28.08.2012 15:58:06
AERDL.DLL      : 8.2.0.88      643444 Bytes  10.01.2013 15:43:41
AEPACK.DLL    : 8.3.1.2      819574 Bytes  21.12.2012 13:24:52
AEOFFICE.DLL  : 8.1.2.50      201084 Bytes  05.11.2012 15:53:18
AEHEUR.DLL    : 8.1.4.180    5665144 Bytes  21.01.2013 16:48:07
AEHELP.DLL    : 8.1.25.2      258423 Bytes  11.10.2012 13:29:14
AEGEN.DLL      : 8.1.6.14      434548 Bytes  10.01.2013 15:41:56
AEEXP.DLL      : 8.3.0.12      188789 Bytes  21.01.2013 16:48:14
AEEMU.DLL      : 8.1.3.2      393587 Bytes  19.09.2012 13:42:55
AECORE.DLL    : 8.1.30.0      201079 Bytes  18.12.2012 19:36:44
AEBB.DLL      : 8.1.1.4        53619 Bytes  05.11.2012 15:52:07
AVWINLL.DLL    : 13.4.0.163    25888 Bytes  19.09.2012 17:09:30
AVPREF.DLL    : 13.4.0.360    50464 Bytes  11.12.2012 16:37:10
AVREP.DLL      : 13.4.0.360    177952 Bytes  11.12.2012 16:42:24
AVARKT.DLL    : 13.6.0.402    260384 Bytes  11.12.2012 16:36:25
AVEVTLOG.DLL  : 13.6.0.400    167200 Bytes  11.12.2012 16:36:58
SQLITE3.DLL    : 3.7.0.1      397088 Bytes  19.09.2012 17:17:40
AVSMTP.DLL    : 13.4.0.163    62240 Bytes  19.09.2012 17:08:54
NETNT.DLL      : 13.4.0.360    15648 Bytes  11.12.2012 16:40:35
RCIMAGE.DLL    : 13.4.0.360  4780832 Bytes  11.12.2012 16:34:58
RCTEXT.DLL    : 13.4.0.360    68384 Bytes  11.12.2012 16:34:58

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: ShlExt
Konfigurationsdatei...................: C:\Users\SCHLER~1\AppData\Local\Temp\a5c0b045.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: E:,
Durchsuche aktive Programme...........: aus
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Dienstag, 22. Januar 2013  19:44

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'E:\' <HTC STORAGE>


Ende des Suchlaufs: Dienstag, 22. Januar 2013  19:47
Benötigte Zeit: 02:28 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

    512 Verzeichnisse wurden überprüft
  14127 Dateien wurden geprüft
      0 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      0 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
  14127 Dateien ohne Befall
    543 Archive wurden durchsucht
      0 Warnungen
      0 Hinweise
Nummer 4:

Code:

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Dienstag, 22. Januar 2013  19:47


Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer  : Avira Free Antivirus
Seriennummer  : 0000149996-ADJIE-0000001
Plattform      : Windows 7 Professional
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus    : Normal gebootet
Benutzername  : Schüler
Computername  : STMO24

Versionsinformationen:
BUILD.DAT      : 13.0.0.2890          Bytes  05.12.2012 17:11:00
AVSCAN.EXE    : 13.6.0.402    639264 Bytes  11.12.2012 16:37:20
AVSCANRC.DLL  : 13.4.0.360    64800 Bytes  11.12.2012 16:37:21
LUKE.DLL      : 13.6.0.400    67360 Bytes  11.12.2012 16:40:34
AVSCPLR.DLL    : 13.6.0.402    93984 Bytes  11.12.2012 16:42:26
AVREG.DLL      : 13.6.0.406    248096 Bytes  11.12.2012 16:42:23
avlode.dll    : 13.6.1.402    428832 Bytes  11.12.2012 16:42:32
avlode.rdf    : 13.0.0.26      7958 Bytes  11.12.2012 16:42:26
VBASE000.VDF  : 7.10.0.0    19875328 Bytes  06.11.2009 13:50:29
VBASE001.VDF  : 7.11.0.0    13342208 Bytes  14.12.2010 13:50:31
VBASE002.VDF  : 7.11.19.170 14374912 Bytes  20.12.2011 13:50:34
VBASE003.VDF  : 7.11.21.238  4472832 Bytes  01.02.2012 13:50:36
VBASE004.VDF  : 7.11.26.44  4329472 Bytes  28.03.2012 13:50:37
VBASE005.VDF  : 7.11.34.116  4034048 Bytes  29.06.2012 13:42:40
VBASE006.VDF  : 7.11.41.250  4902400 Bytes  06.09.2012 13:42:40
VBASE007.VDF  : 7.11.50.230  3904512 Bytes  22.11.2012 16:50:34
VBASE008.VDF  : 7.11.55.142  2214912 Bytes  03.01.2013 15:03:50
VBASE009.VDF  : 7.11.55.143    2048 Bytes  03.01.2013 15:03:51
VBASE010.VDF  : 7.11.55.144    2048 Bytes  03.01.2013 15:03:51
VBASE011.VDF  : 7.11.55.145    2048 Bytes  03.01.2013 15:03:51
VBASE012.VDF  : 7.11.55.146    2048 Bytes  03.01.2013 15:03:51
VBASE013.VDF  : 7.11.55.196  260096 Bytes  04.01.2013 15:03:59
VBASE014.VDF  : 7.11.56.23    206848 Bytes  07.01.2013 15:36:36
VBASE015.VDF  : 7.11.56.83    186880 Bytes  08.01.2013 22:02:41
VBASE016.VDF  : 7.11.56.145  135168 Bytes  09.01.2013 22:02:47
VBASE017.VDF  : 7.11.56.211  139776 Bytes  11.01.2013 13:07:19
VBASE018.VDF  : 7.11.57.11    153088 Bytes  13.01.2013 15:33:00
VBASE019.VDF  : 7.11.57.75    165888 Bytes  15.01.2013 14:45:11
VBASE020.VDF  : 7.11.57.163  190976 Bytes  17.01.2013 16:46:49
VBASE021.VDF  : 7.11.57.219  119808 Bytes  18.01.2013 16:46:54
VBASE022.VDF  : 7.11.58.7    167936 Bytes  21.01.2013 16:47:03
VBASE023.VDF  : 7.11.58.49    140288 Bytes  22.01.2013 17:34:53
VBASE024.VDF  : 7.11.58.50      2048 Bytes  22.01.2013 17:34:53
VBASE025.VDF  : 7.11.58.51      2048 Bytes  22.01.2013 17:34:53
VBASE026.VDF  : 7.11.58.52      2048 Bytes  22.01.2013 17:34:53
VBASE027.VDF  : 7.11.58.53      2048 Bytes  22.01.2013 17:34:53
VBASE028.VDF  : 7.11.58.54      2048 Bytes  22.01.2013 17:34:53
VBASE029.VDF  : 7.11.58.55      2048 Bytes  22.01.2013 17:34:53
VBASE030.VDF  : 7.11.58.56      2048 Bytes  22.01.2013 17:34:53
VBASE031.VDF  : 7.11.58.62    22528 Bytes  22.01.2013 17:34:54
Engineversion  : 8.2.10.236
AEVDF.DLL      : 8.1.2.10      102772 Bytes  19.09.2012 13:42:55
AESCRIPT.DLL  : 8.1.4.82      467323 Bytes  21.01.2013 16:48:11
AESCN.DLL      : 8.1.10.0      131445 Bytes  18.12.2012 19:37:03
AESBX.DLL      : 8.2.5.12      606578 Bytes  28.08.2012 15:58:06
AERDL.DLL      : 8.2.0.88      643444 Bytes  10.01.2013 15:43:41
AEPACK.DLL    : 8.3.1.2      819574 Bytes  21.12.2012 13:24:52
AEOFFICE.DLL  : 8.1.2.50      201084 Bytes  05.11.2012 15:53:18
AEHEUR.DLL    : 8.1.4.180    5665144 Bytes  21.01.2013 16:48:07
AEHELP.DLL    : 8.1.25.2      258423 Bytes  11.10.2012 13:29:14
AEGEN.DLL      : 8.1.6.14      434548 Bytes  10.01.2013 15:41:56
AEEXP.DLL      : 8.3.0.12      188789 Bytes  21.01.2013 16:48:14
AEEMU.DLL      : 8.1.3.2      393587 Bytes  19.09.2012 13:42:55
AECORE.DLL    : 8.1.30.0      201079 Bytes  18.12.2012 19:36:44
AEBB.DLL      : 8.1.1.4        53619 Bytes  05.11.2012 15:52:07
AVWINLL.DLL    : 13.4.0.163    25888 Bytes  19.09.2012 17:09:30
AVPREF.DLL    : 13.4.0.360    50464 Bytes  11.12.2012 16:37:10
AVREP.DLL      : 13.4.0.360    177952 Bytes  11.12.2012 16:42:24
AVARKT.DLL    : 13.6.0.402    260384 Bytes  11.12.2012 16:36:25
AVEVTLOG.DLL  : 13.6.0.400    167200 Bytes  11.12.2012 16:36:58
SQLITE3.DLL    : 3.7.0.1      397088 Bytes  19.09.2012 17:17:40
AVSMTP.DLL    : 13.4.0.163    62240 Bytes  19.09.2012 17:08:54
NETNT.DLL      : 13.4.0.360    15648 Bytes  11.12.2012 16:40:35
RCIMAGE.DLL    : 13.4.0.360  4780832 Bytes  11.12.2012 16:34:58
RCTEXT.DLL    : 13.4.0.360    68384 Bytes  11.12.2012 16:34:58

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: ShlExt
Konfigurationsdatei...................: C:\Users\SCHLER~1\AppData\Local\Temp\a5dc3a36.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:,
Durchsuche aktive Programme...........: aus
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Dienstag, 22. Januar 2013  19:47

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\WINDOWS\system32\cmd.exe'


Ende des Suchlaufs: Dienstag, 22. Januar 2013  19:47
Benötigte Zeit: 00:00 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

      0 Verzeichnisse wurden überprüft
      1 Dateien wurden geprüft
      0 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      0 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
      1 Dateien ohne Befall
      0 Archive wurden durchsucht
      0 Warnungen
      0 Hinweise
Ich hoffe das passt so und du kannst damit was anfangen. Danke im voraus.

lg momo

cosinus 23.01.2013 20:49
Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.

momo2408 23.01.2013 21:21
Okay hab nun die Logs von OTL

OTL:

Code:
OTL logfile created on: 23.01.2013 21:11:54 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Schüler\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,73 Gb Total Physical Memory | 3,60 Gb Available Physical Memory | 62,76% Memory free
11,47 Gb Paging File | 8,55 Gb Available in Paging File | 74,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287,66 Gb Total Space | 202,25 Gb Free Space | 70,31% Space Free | Partition Type: NTFS
 
Computer Name: STMO24 | User Name: Schüler | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Schüler\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Users\Schüler\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\Opera x64\pluginwrapper\opera_plugin_wrapper_32.exe (Opera Software)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Programme\IB Updater\ExtensionUpdaterService.exe ()
PRC - C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe (Somoto)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE (CANON INC.)
PRC - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\TNROTATE\TNROTATE.exe (TOSHIBA Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Steam\sdl.dll ()
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc File not found
SRV:64bit: - (IBUpdaterService) -- C:\Windows\SysNative\dmwu.exe ()
SRV:64bit: - (Thpsrv) -- C:\Windows\SysNative\ThpSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (TTPDSrv) -- C:\Windows\SysNative\TTPDSRV.exe (TOSHIBA Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (IB Updater) -- C:\Programme\IB Updater\ExtensionUpdaterService.exe ()
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TOSHIBA eco Utility Service) -- C:\Programme\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (TemproMonitoringService) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (TosCoSrv) -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (ATService) -- C:\Programme\Fingerprint Sensor\ATService.exe (AuthenTec, Inc.)
SRV - (TOSHIBA HDD SSD Alert Service) -- C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (Virtual Router) -- C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe (Chris Pietschmann (hxxp://pietschsoft.com))
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\avgidsfiltera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (e1kexpress) -- C:\Windows\SysNative\drivers\e1k62x64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimspe64.sys (REDC)
DRV:64bit: - (tosrfec) -- C:\Windows\SysNative\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV:64bit: - (ATSwpWDF) -- C:\Windows\SysNative\drivers\ATSwpWDF.sys (AuthenTec, Inc.)
DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\drivers\tos_sps64.sys (TOSHIBA Corporation)
DRV:64bit: - (risdpcie) -- C:\Windows\SysNative\drivers\risdpe64.sys (REDC)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (TIEHDUSB) -- C:\Windows\SysNative\drivers\tiehdusb.sys (Texas Instruments)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (rixdpcie) -- C:\Windows\SysNative\drivers\rixdpe64.sys (REDC)
DRV:64bit: - (Thpevm) -- C:\Windows\SysNative\drivers\Thpevm.sys (TOSHIBA Corporation)
DRV:64bit: - (Thpdrv) -- C:\Windows\SysNative\drivers\thpdrv.sys (TOSHIBA Corporation)
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:64bit: - (toshidpt) -- C:\Windows\SysNative\drivers\Toshidpt.sys (TOSHIBA Corporation.)
DRV:64bit: - (tosporte) -- C:\Windows\SysNative\drivers\tosporte.sys (TOSHIBA Corporation)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {39AC0BA7-DB5E-4EE0-B51A-0C21AB25DFD9}
IE:64bit: - HKLM\..\SearchScopes\{39AC0BA7-DB5E-4EE0-B51A-0C21AB25DFD9}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Schüler\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
IE - HKLM\..\SearchScopes,DefaultScope = {39AC0BA7-DB5E-4EE0-B51A-0C21AB25DFD9}
IE - HKLM\..\SearchScopes\{39AC0BA7-DB5E-4EE0-B51A-0C21AB25DFD9}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2571110905-46770084-1883573713-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com
IE - HKU\S-1-5-21-2571110905-46770084-1883573713-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://toshiba.eu/places?touch=4&cat=1 [binary data]
IE - HKU\S-1-5-21-2571110905-46770084-1883573713-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2571110905-46770084-1883573713-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://toshiba.eu/places?touch=4&cat=1 [binary data]
IE - HKU\S-1-5-21-2571110905-46770084-1883573713-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredibar.com/mb201?a=6PQTFXqx0t&i=26
IE - HKU\S-1-5-21-2571110905-46770084-1883573713-1001\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Schüler\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
IE - HKU\S-1-5-21-2571110905-46770084-1883573713-1001\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKU\S-1-5-21-2571110905-46770084-1883573713-1001\..\SearchScopes\{148AC8F6-93F1-4CDF-BCA3-DE726CA98804}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
IE - HKU\S-1-5-21-2571110905-46770084-1883573713-1001\..\SearchScopes\{4D4EA4F7-B725-45AA-AC8B-F841699F782D}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
IE - HKU\S-1-5-21-2571110905-46770084-1883573713-1001\..\SearchScopes\{B304D871-4BB1-4097-89D0-4CEFBDFD3A55}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKU\S-1-5-21-2571110905-46770084-1883573713-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb201/?search={searchTerms}&loc=IB_DS&a=6PQTFXqx0t&i=26
IE - HKU\S-1-5-21-2571110905-46770084-1883573713-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://mystart.incredibar.com/mb201?a=6PQTFXqx0t&i=26"
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.selectedEngine: "MyStart Search"
FF - prefs.js..keyword.URL: "hxxp://mystart.incredibar.com/mb201/?loc=IB_DS&a=6PQTFXqx0t&&i=26&search="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C1CA7765-44E4-452e-9D00-A04F3D434281}:
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX [2012.12.24 11:37:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C1CA7765-44E4-452e-9D00-A04F3D434281}:
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012.10.09 16:51:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012.10.10 00:42:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2012.12.18 21:47:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox [2012.12.24 11:37:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.09.27 09:42:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.12.04 13:37:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Schüler\AppData\Roaming\mozilla\Extensions
[2012.12.24 11:37:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Schüler\AppData\Roaming\mozilla\Firefox\Profiles\vpfujy5y.default\extensions
[2012.12.18 21:51:09 | 000,000,000 | ---D | M] (DVDVideoSoftTB DE) -- C:\Users\Schüler\AppData\Roaming\mozilla\Firefox\Profiles\vpfujy5y.default\extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}
[2012.12.24 11:37:42 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Schüler\AppData\Roaming\mozilla\Firefox\Profiles\vpfujy5y.default\extensions\ffxtlbr@incredibar.com
[2012.12.24 11:36:08 | 000,002,203 | ---- | M] () -- C:\Users\Schüler\AppData\Roaming\mozilla\firefox\profiles\vpfujy5y.default\searchplugins\MyStart Search.xml
[2011.09.27 09:43:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011.09.27 09:43:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011.09.03 07:18:05 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.09.03 01:19:44 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.03 01:13:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.09.03 01:19:44 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.03 01:19:44 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.03 01:19:44 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.03 01:19:44 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\IB Updater\Extension64.dll ()
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (DVDVideoSoftTB_DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Schüler\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
O2 - BHO: (TFPUPWDBankBHO Class) - {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} - C:\Programme\TOSHIBA\TFPU\x86\TFPUPWDBankBHO.dll (TODO: <Company name>)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\IB Updater\Extension32.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB_DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Schüler\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TFPUPWDBankService] C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe (TOSHIBA)
O4:64bit: - HKLM..\Run: [TFPUService] C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe (TOSHIBA)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Programme\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Programme\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [TNRotate] C:\Program Files (x86)\TOSHIBA\TNROTATE\TNROTATE.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TOSDCR] C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe ()
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [TUSBSleepChargeSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe (TOSHIBA)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKU\.DEFAULT..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-21-2571110905-46770084-1883573713-1001..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2571110905-46770084-1883573713-1001..\Run: [SDP] C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe (Somoto)
O4 - HKU\S-1-5-21-2571110905-46770084-1883573713-1001..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [downloadsourcede]  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Schüler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Schüler\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Schüler\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Schüler\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = schuladmin.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6306A8E-9754-4809-A772-A2EC85A87062}: DhcpNameServer = 172.16.128.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE04F0DA-C1E4-48F0-813E-CDA004619CB7}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.23 21:10:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Schüler\Desktop\OTL.exe
[2013.01.22 19:58:12 | 000,000,000 | ---D | C] -- C:\Users\Schüler\Documents\Simply Super Software
[2013.01.22 19:58:11 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013.01.22 19:57:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2013.01.22 19:57:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2013.01.22 19:57:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2013.01.22 19:45:31 | 000,000,000 | R--D | C] -- C:\Users\Schüler\Desktop\Dropbox
[2013.01.22 19:41:39 | 000,000,000 | ---D | C] -- C:\Users\Schüler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2013.01.22 19:41:14 | 000,000,000 | ---D | C] -- C:\Users\Schüler\AppData\Roaming\Dropbox
[2013.01.10 17:02:02 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll
[2013.01.10 17:02:02 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\win32spl.dll
[2013.01.10 16:49:14 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wpc.dll
[2013.01.10 16:49:14 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\SysWow64\fpb.rs
[2013.01.10 16:49:14 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\SysNative\fpb.rs
[2013.01.10 16:49:14 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\SysWow64\oflc-nz.rs
[2013.01.10 16:49:14 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\SysNative\oflc-nz.rs
[2013.01.10 16:49:14 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegibbfc.rs
[2013.01.10 16:49:14 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegibbfc.rs
[2013.01.10 16:49:14 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\SysWow64\csrr.rs
[2013.01.10 16:49:14 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\SysNative\csrr.rs
[2013.01.10 16:49:14 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\SysWow64\cob-au.rs
[2013.01.10 16:49:14 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\SysNative\cob-au.rs
[2013.01.10 16:49:14 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\SysWow64\usk.rs
[2013.01.10 16:49:14 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\SysNative\usk.rs
[2013.01.10 16:49:14 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\SysWow64\grb.rs
[2013.01.10 16:49:14 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\SysNative\grb.rs
[2013.01.10 16:49:14 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi-pt.rs
[2013.01.10 16:49:14 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi-pt.rs
[2013.01.10 16:49:14 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi.rs
[2013.01.10 16:49:14 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi.rs
[2013.01.10 16:49:14 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\SysWow64\djctq.rs
[2013.01.10 16:49:14 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\SysNative\djctq.rs
[2013.01.10 16:49:13 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gameux.dll
[2013.01.10 16:49:13 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\gameux.dll
[2013.01.10 16:49:13 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Wpc.dll
[2013.01.10 16:49:12 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\SysWow64\cero.rs
[2013.01.10 16:49:12 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\SysNative\cero.rs
[2013.01.10 16:49:12 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\SysWow64\esrb.rs
[2013.01.10 16:49:12 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\SysNative\esrb.rs
[2013.01.10 16:49:12 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\SysWow64\oflc.rs
[2013.01.10 16:49:12 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\SysNative\oflc.rs
[2013.01.10 16:49:12 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi-fi.rs
[2013.01.10 16:49:12 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi-fi.rs
[2013.01.10 16:47:35 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2013.01.10 16:47:35 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
[2013.01.10 16:47:33 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
[2013.01.10 16:47:33 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe
[2013.01.10 16:47:33 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2013.01.10 16:47:33 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2013.01.10 16:47:33 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
[2013.01.10 16:47:33 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2013.01.10 16:47:33 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
[2013.01.10 16:47:33 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013.01.10 16:47:33 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013.01.10 16:47:33 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013.01.10 16:47:33 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2013.01.10 16:47:33 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013.01.10 16:47:33 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013.01.10 16:47:33 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013.01.10 16:47:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.01.10 16:47:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.01.10 16:47:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013.01.10 16:47:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013.01.10 16:47:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.01.10 16:47:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.01.10 16:47:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.10 16:47:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013.01.10 16:47:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013.01.10 16:47:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013.01.10 16:47:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013.01.10 16:47:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013.01.10 16:47:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.01.10 16:47:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013.01.10 16:47:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013.01.10 16:47:32 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2013.01.10 16:47:32 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2013.01.10 16:47:32 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013.01.10 16:47:32 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013.01.10 16:47:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013.01.10 16:47:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013.01.10 16:47:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013.01.10 16:47:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013.01.10 16:47:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013.01.10 16:47:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.10 16:47:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.01.10 16:47:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.01.10 16:47:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.01.10 16:47:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013.01.10 16:47:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013.01.10 16:47:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013.01.10 16:47:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.10 16:47:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.10 16:47:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013.01.10 16:47:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013.01.10 16:47:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013.01.10 16:47:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013.01.10 16:47:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.01.10 16:47:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013.01.10 16:47:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013.01.10 16:47:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013.01.10 16:47:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013.01.10 16:47:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013.01.10 16:47:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013.01.10 16:47:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013.01.10 16:47:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.01.10 16:47:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013.01.10 16:47:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013.01.10 16:47:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013.01.10 16:47:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013.01.10 16:47:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013.01.10 16:47:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013.01.10 16:47:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2013.01.10 00:01:27 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iisRtl.dll
[2013.01.10 00:01:27 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iisRtl.dll
[2013.01.10 00:01:27 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\admwprox.dll
[2013.01.10 00:01:27 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\admwprox.dll
[2013.01.10 00:01:26 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ahadmin.dll
[2013.01.10 00:01:26 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ahadmin.dll
[2013.01.10 00:01:26 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iisreset.exe
[2013.01.10 00:01:26 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iisreset.exe
[2013.01.10 00:01:26 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wamregps.dll
[2013.01.10 00:01:26 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iisrstap.dll
[2013.01.10 00:01:26 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wamregps.dll
[2013.01.10 00:01:26 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iisrstap.dll
[2013.01.10 00:00:49 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll
[2013.01.10 00:00:39 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\usp10.dll
[2013.01.09 23:47:39 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\taskhost.exe
[2013.01.08 19:57:26 | 000,000,000 | ---D | C] -- C:\Users\Schüler\AppData\Local\ApplicationHistory
[2013.01.08 19:56:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpellEx
[2013.01.08 19:55:13 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\URTTEMP
[2013.01.08 18:20:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TI Tools
[2013.01.08 18:20:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TI Shared
[2013.01.08 18:20:55 | 000,000,000 | ---D | C] -- C:\Users\Schüler\Documents\MyTIData
[2013.01.08 18:20:54 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2013.01.08 18:20:49 | 000,128,512 | ---- | C] (Texas Instruments) -- C:\windows\SysNative\drivers\tiehdusb.sys
[2013.01.08 18:20:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TI Education
[2013.01.08 18:17:58 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\BestPractices
[2013.01.08 18:17:55 | 000,000,000 | ---D | C] -- C:\inetpub
[2013.01.08 18:17:55 | 000,000,000 | ---D | C] -- C:\windows\SysNative\BestPractices
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.23 21:10:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Schüler\Desktop\OTL.exe
[2013.01.23 21:06:56 | 000,162,544 | ---- | M] () -- C:\Users\Schüler\Desktop\OTL_downloader_by_Downloadsourcede.exe
[2013.01.23 19:06:25 | 001,827,682 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013.01.23 19:06:25 | 000,781,116 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013.01.23 19:06:25 | 000,721,956 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013.01.23 19:06:25 | 000,179,592 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013.01.23 19:06:25 | 000,146,546 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013.01.23 18:26:57 | 107,257,550 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\incavi.avm
[2013.01.23 18:07:12 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.01.22 19:45:31 | 000,001,014 | ---- | M] () -- C:\Users\Schüler\Desktop\Dropbox.lnk
[2013.01.22 19:41:49 | 000,001,024 | ---- | M] () -- C:\Users\Schüler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.01.22 18:37:42 | 000,027,344 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.22 18:37:42 | 000,027,344 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.22 18:29:17 | 323,293,183 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.16 20:31:29 | 000,237,598 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\iavichjg.avm
[2013.01.14 21:22:10 | 001,801,962 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013.01.10 17:03:16 | 000,000,000 | -H-- | M] () -- C:\Users\Schüler\Documents\Default.rdp
[2013.01.10 16:36:50 | 000,425,656 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013.01.08 19:57:26 | 000,000,095 | ---- | M] () -- C:\Users\Schüler\AppData\Local\fusioncache.dat
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.23 21:06:56 | 000,162,544 | ---- | C] () -- C:\Users\Schüler\Desktop\OTL_downloader_by_Downloadsourcede.exe
[2013.01.22 19:45:31 | 000,001,014 | ---- | C] () -- C:\Users\Schüler\Desktop\Dropbox.lnk
[2013.01.22 19:41:49 | 000,001,024 | ---- | C] () -- C:\Users\Schüler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.01.10 17:03:16 | 000,000,000 | -H-- | C] () -- C:\Users\Schüler\Documents\Default.rdp
[2013.01.08 19:57:26 | 000,000,095 | ---- | C] () -- C:\Users\Schüler\AppData\Local\fusioncache.dat
[2013.01.08 17:58:05 | 001,801,962 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012.10.15 22:06:12 | 000,007,598 | ---- | C] () -- C:\Users\Schüler\AppData\Local\Resmon.ResmonCfg
[2012.10.09 23:53:31 | 083,023,306 | ---- | C] () -- C:\ProgramData\reyalpclv.pad
[2012.10.02 11:36:40 | 000,002,604 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.08.05 08:47:28 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:CB0AACC9

< End of report >
Extras:

Code:
OTL Extras logfile created on: 23.01.2013 21:11:54 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Schüler\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,73 Gb Total Physical Memory | 3,60 Gb Available Physical Memory | 62,76% Memory free
11,47 Gb Paging File | 8,55 Gb Available in Paging File | 74,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287,66 Gb Total Space | 202,25 Gb Free Space | 70,31% Space Free | Partition Type: NTFS
 
Computer Name: STMO24 | User Name: Schüler | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files\Opera x64\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera x64\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera x64\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera x64\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera x64\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera x64\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02B7E3E6-5FE4-46A9-BF49-C6D147DA7A50}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{02C15CF6-8AE4-4FF4-AFC1-AF96482B88FD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{8C69B085-7AFE-4240-B9C6-361C0F170B01}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B49787F-0F0D-46E7-A7D4-943843923B34}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darksiders\darksiderspc.exe |
"{0DEEB486-95AF-4145-ABBB-91EEBF50280B}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{1CE4E265-A69D-4D47-BB56-F8A0BD813C51}" = protocol=17 | dir=in | app=c:\users\schüler\appdata\roaming\dropbox\bin\dropbox.exe |
"{1EF6E5B6-33F9-4A34-BB75-11FD3442CE33}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{301A6BE5-EAE6-4CD7-A9D3-F227EA891CBC}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{30EB8756-851E-4C5D-AB9E-8BDC9FA0C126}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania nations forever\tmforever.exe |
"{3C5CC506-849C-49C4-BA5E-C53F9DD5CD89}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{45CCF574-BCBF-4FEC-87BA-C3915F72193E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse_unrestricted.exe |
"{51372ED5-7434-4D8F-AAA3-3DCB5B553511}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{53002F0B-77EC-4614-A806-71BD4F7ECB84}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{54E0EC2C-BEA1-4C5C-96E6-A5C1206AC84A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{593EFAE6-ED6C-415E-83F9-ACA0CF102527}" = protocol=17 | dir=in | app=c:\program files\opera x64\opera.exe |
"{5AA6851D-BB4A-4C9B-83E7-78F8D1895056}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{5F7BA0FD-C5DA-46BA-9352-2EAA50079611}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{6BC47E69-A5B3-46DE-9D5B-601948A6FAB2}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{6E0DBC68-E828-4624-A020-05BFEEED69EB}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{719DEE4A-58AB-4B70-8134-6D749C0E7C68}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{7680A408-1AEE-4997-9EB0-AB74975AE07F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{77CE6EBC-75C0-41BA-B1DB-DFC302D03BCA}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{7E103B9F-5786-410D-A7CB-35CAA63E1541}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{8674AC11-D7DA-4C7C-AF23-FB96AC366202}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse_unrestricted.exe |
"{874A2D9A-AC22-4F24-A73F-C5826FB64EEB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{8839C9FD-9DF0-4F9B-B86C-4EDDEDC09EFE}" = protocol=6 | dir=in | app=c:\program files\opera x64\opera.exe |
"{89311225-154B-48C2-88BD-039E89A10F2E}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{89760F72-3687-4A80-AFE4-07377576EFA6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{96C02AF4-004D-4A11-B6D1-7A5CF9156FE0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse.exe |
"{9719EB81-4109-45DB-82E8-E357AC27B185}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse.exe |
"{988C6C8E-F9AB-4A39-824E-386B63A9FF46}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{996C6343-1AFF-4F79-9A95-97DE2ED8706A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania nations forever\tmforever.exe |
"{9BEB9FB6-B3C2-4D26-99E9-444407807953}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{9D45C11F-5A5C-420E-B3D1-6D21C25E303E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darksiders\darksiderspc.exe |
"{9E51B848-2C88-4634-91B6-523D8E18A78F}" = protocol=6 | dir=in | app=c:\users\schüler\appdata\roaming\dropbox\bin\dropbox.exe |
"{A91476B6-D67A-405F-BB8F-8B2018EDB110}" = protocol=17 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper.exe |
"{AC909476-8B13-48B2-9526-7DCFDC3CF536}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe |
"{B09D6C6A-272A-4160-B38A-E9D66BB529B3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{B164D6DD-E77E-4DEF-B87A-4943753BA5AD}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{B33DE628-5FD6-4270-9AA9-3EA820C90A36}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{B52EA13A-E829-421E-997B-53AB8948FE87}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{B6EB20E3-5AEE-4A02-B375-FBA01691D581}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\kfed.exe |
"{BD45F04F-F5C9-4892-9BE5-32E35217E7A2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe |
"{D7BCA529-B18C-4852-A5EB-3866E5C7D9B6}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{D94B929E-572B-4542-81A3-4267DB4EB589}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\kfed.exe |
"{DD1F830D-9F6E-478F-8C77-69CD890A5A92}" = protocol=6 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper.exe |
"{DFC3333D-9E71-4807-9336-F8D30728E9FF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{E01B3B1D-804D-4515-8112-1780C577EC73}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{E47AB702-5A71-46C0-B566-A77BD09CA1C3}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{F6A16156-5F4C-4112-849F-10CDCCB515B5}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{F6A7F02F-E041-4AED-BC51-CA4AB9F962CE}" = protocol=17 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper_32.exe |
"{F7631134-9FB2-4019-8011-1E4F652AC50F}" = protocol=6 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper_32.exe |
"TCP Query User{E1213568-E1FE-46E2-B0C2-487FFF0B478A}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{C9A58F3F-F2D5-4C86-8FA2-D2B0047B0AF1}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX360_series" = Canon MX360 series MP Drivers
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = IB Updater 2.0.0.557
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5F1DFCC1-595D-4235-A044-E05B706D800A}" = AuthenTec Fingerprint Software
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{70AD2848-D236-459A-BF18-BF8E063D7BB2}" = AVG 2012
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A7760E07-4C23-4766-A99E-F715F298E99C}" = TFPU
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{BF46C84D-1AC3-4CC3-A45C-EF6257B80984}" = AVG 2012
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F1487CE7-F221-4391-B0EE-7009A668ED2B}" = TOSHIBA eco Utility
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"7511B29C86C398B4D11A0B0E4176CAD68D1B7057" = Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB  (09/02/2009 1.0.0.1)
"AVG" = AVG 2012
"EC3E466026556D3EB760B01C4772277614354E11" = Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB  (06/11/2009 1.0.0.0)
"Opera 12.12.1707" = Opera 12.12
"PROSet" = Intel(R) Network Connections Drivers
"TFPU{A7760E07-4C23-4766-A99E-F715F298E99C}" = TOSHIBA Fingerprint Utility
"VLC media player" = VLC media player 2.0.2
"WNLT" = IB Updater Service
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.12.03.02
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0FF68F26-416C-4954-ACA5-6AD5F9DE99C1}" = Nero Multimedia Suite 10 Essentials
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}" = TOSHIBA Sicherheits-Assistent
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2290A680-4083-410A-ADCC-7092C67FC052}" = TOSHIBA Online Product Information
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
"{2C303EE0-A595-3543-A71A-931C7AC40EDE}" = Microsoft Primary Interoperability Assemblies 2005
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38C52F7D-A6CB-4CE7-A189-8AABE8774D8A}" = TOSHIBA ConfigFree
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{461F6F0D-7173-4902-9604-AB1A29108AF2}" = TOSHIBA Places Icon Utility
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5782EFD2-603D-4AFA-87EF-7CB54044839C}" = Winfunktion Mathematik plus 17
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DB05F7E-1F7A-4CC0-882F-375B97F04CD4}" = Virtual Router v0.9 Beta
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}" = DarksidersInstaller
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC2422C9-F7B5-4175-B295-5EC2283AA674}" = Command & Conquer™ 3: Kanes Rache
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.11 Game
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}" = TOSHIBA USB Sleep and Charge Utility
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F07AE5AB-516C-4CEB-A0AA-AD083B9182C6}" = TI NoteFolio Creator
"{F082CB11-4794-4259-99A1-D91BA762AD15}" = TOSHIBA TEMPRO
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1487CE7-F221-4391-B0EE-7009A668ED2B}" = TOSHIBA eco Utility
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FEDFB4DC-E149-4897-B616-4811C718E54F}" = TOSHIBA 180 Degrees Rotation Utility
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"CanonSolutionMenuEX" = Canon Solution Menu EX
"DAEMON Tools Pro" = DAEMON Tools Pro
"FilesFrog Update Checker" = FilesFrog Update Checker
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.37.1212
"GeoGebra" = GeoGebra
"incredibar" = Incredibar Toolbar  on IE
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F1487CE7-F221-4391-B0EE-7009A668ED2B}" = TOSHIBA eco Utility
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Mozilla Firefox 6.0.2 (x86 de)" = Mozilla Firefox 6.0.2 (x86 de)
"MP Navigator EX 4.1" = Canon MP Navigator EX 4.1
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"Steam App 11020" = TrackMania Nations Forever
"Steam App 1250" = Killing Floor
"Steam App 1260" = Killing Floor SDK
"Steam App 35420" = Killing Floor Mod: Defence Alliance 2
"Steam App 41010" = Serious Sam HD: The Second Encounter
"Steam App 50620" = Darksiders
"Trojan Remover_is1" = Trojan Remover 6.8.5
"VLC media player" = VLC media player 2.0.4
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2571110905-46770084-1883573713-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CT2625848" = DVDVideoSoftTB DE Toolbar
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 21.10.2012 07:43:38 | Computer Name = stmo24.schuladmin.local | Source = WinMgmt | ID = 10
Description =
 
Error - 22.10.2012 12:48:26 | Computer Name = stmo24.schuladmin.local | Source = WinMgmt | ID = 10
Description =
 
Error - 22.10.2012 13:05:29 | Computer Name = stmo24.schuladmin.local | Source = WinMgmt | ID = 10
Description =
 
Error - 23.10.2012 05:05:50 | Computer Name = stmo24.schuladmin.local | Source = WinMgmt | ID = 10
Description =
 
Error - 23.10.2012 18:00:30 | Computer Name = stmo24.schuladmin.local | Source = WinMgmt | ID = 10
Description =
 
Error - 24.10.2012 11:54:12 | Computer Name = stmo24.schuladmin.local | Source = WinMgmt | ID = 10
Description =
 
Error - 25.10.2012 02:41:19 | Computer Name = stmo24.schuladmin.local | Source = WinMgmt | ID = 10
Description =
 
Error - 26.10.2012 09:41:22 | Computer Name = stmo24.schuladmin.local | Source = WinMgmt | ID = 10
Description =
 
Error - 26.10.2012 11:17:20 | Computer Name = stmo24.schuladmin.local | Source = WinMgmt | ID = 10
Description =
 
Error - 28.10.2012 10:14:49 | Computer Name = stmo24.schuladmin.local | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 16.11.2012 11:37:56 | Computer Name = stmo24.schuladmin.local | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%2
 
Error - 16.11.2012 11:37:56 | Computer Name = stmo24.schuladmin.local | Source = Service Control Manager | ID = 7003
Description = Der Dienst "McAfee Personal Firewall Service" ist von folgendem Dienst
 abhängig: MfeFire. Dieser Dienst ist eventuell nicht installiert.
 
Error - 16.11.2012 11:37:56 | Computer Name = stmo24.schuladmin.local | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TOSHIBA Touch Pad Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%2
 
Error - 16.11.2012 11:37:57 | Computer Name = stmo24.schuladmin.local | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem  Domänencontroller
 in der Domäne SCHULADMIN aufgrund der folgenden  Ursache nicht einrichten:  %%1311

Dies
 kann zu Authentifizierungsproblemen führen. Stellen  Sie sicher, dass der Computer
 mit dem Netzwerk verbunden ist.  Wenden Sie sich an den Domänenadministrator, wenn
 das Problem  weiterhin besteht.        ZUSÄTZLICHE INFORMATIONEN    Wenn dieser Computer ein
Domänencontroller der bestimmten  Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator
 in der bestimmten Domäne eingerichtet.  Andernfalls richtet dieser Computer eine
sichere Sitzung zu  einem beliebigen Domänencontroller in der bestimmten Domäne ein.
 
Error - 16.11.2012 11:38:28 | Computer Name = stmo24.schuladmin.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
 eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
 die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
 
Error - 16.11.2012 15:38:36 | Computer Name = stmo24.schuladmin.local | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem  Domänencontroller
 in der Domäne SCHULADMIN aufgrund der folgenden  Ursache nicht einrichten:  %%1311

Dies
 kann zu Authentifizierungsproblemen führen. Stellen  Sie sicher, dass der Computer
 mit dem Netzwerk verbunden ist.  Wenden Sie sich an den Domänenadministrator, wenn
 das Problem  weiterhin besteht.        ZUSÄTZLICHE INFORMATIONEN    Wenn dieser Computer ein
Domänencontroller der bestimmten  Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator
 in der bestimmten Domäne eingerichtet.  Andernfalls richtet dieser Computer eine
sichere Sitzung zu  einem beliebigen Domänencontroller in der bestimmten Domäne ein.
 
Error - 18.11.2012 09:29:27 | Computer Name = stmo24.schuladmin.local | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem  Domänencontroller
 in der Domäne SCHULADMIN aufgrund der folgenden  Ursache nicht einrichten:  %%1311

Dies
 kann zu Authentifizierungsproblemen führen. Stellen  Sie sicher, dass der Computer
 mit dem Netzwerk verbunden ist.  Wenden Sie sich an den Domänenadministrator, wenn
 das Problem  weiterhin besteht.        ZUSÄTZLICHE INFORMATIONEN    Wenn dieser Computer ein
Domänencontroller der bestimmten  Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator
 in der bestimmten Domäne eingerichtet.  Andernfalls richtet dieser Computer eine
sichere Sitzung zu  einem beliebigen Domänencontroller in der bestimmten Domäne ein.
 
Error - 18.11.2012 09:29:26 | Computer Name = stmo24.schuladmin.local | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%2
 
Error - 18.11.2012 09:29:26 | Computer Name = stmo24.schuladmin.local | Source = Service Control Manager | ID = 7003
Description = Der Dienst "McAfee Personal Firewall Service" ist von folgendem Dienst
 abhängig: MfeFire. Dieser Dienst ist eventuell nicht installiert.
 
Error - 18.11.2012 09:29:27 | Computer Name = stmo24.schuladmin.local | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TOSHIBA Touch Pad Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%2
 
 
< End of report >
lg und danke momo

cosinus 23.01.2013 22:38
Code:
64bit- Professional Service Pack 1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = schuladmin.local
Also bei diesem Anblick hätte ich mal ein paar Fragen:

1.) Was soll diese Windows-Server-Domäne?
2.) Bist du der Admin der Domäne schuladmin.local?

momo2408 23.01.2013 22:58
Also das ist mein Schullaptop da hab ich vier verschiedene Server drauf um in unser Schulnetzwerk reinzukommen, je nach Stockwerk brauch ich nen anderen. Admin bin ich so viel ich weiß nicht kann ich dir aber nicht genau sagen. Hatte schon mal Probleme deswegen z.B konnte ich keine Verbindung zu meinem andrem Laptop herstellen. Ich hoffe das beantwortet deine Fragen

lg momo

cosinus 23.01.2013 23:01
Vllt solltest du dich mal an den Admin der Schule besser wenden?

momo2408 23.01.2013 23:24
Würd ich schon machen aber sorry für den Ausdruck der Kerl is unfähig und den Laptop hab ich ca seit 1 1/2 Jahren und mein Problem ca erst seit 3-4 Monaten. Ich werd ihn trotzdem mal ansprechen vll kann er ja irgend was dazu sagen.

Danke
Lg momo

cosinus 24.01.2013 10:02
Ist das denn dein Gerät oder wurde es dir von der Schule gestellt?

momo2408 24.01.2013 10:28
Also ich war gerade bei unserm Schuladmin seine Aussage war er sei nur für das Schulnetzwerk zuständig und ich soll den Laptop zu einem Fachmann bringen er wüsste auch nicht woran das liegen könnte. :daumenhoc

Lg momo

Wurde von der Schule gestellt gehört aber am Ende der Schulzeit mir er wird im laufe der Jahre abbezahlt und als ich ihn bekommen war war er neu

cosinus 24.01.2013 10:32
Malwarebytes Anti-Rootkit http://img.trojaner-board.de/malware...otkit/logo.png

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Entpacke das Archiv auf deinem Desktop.
  • Im neu erstellten Ordner starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

momo2408 24.01.2013 18:13
Hab das Prog zwei mal drüber laufen lassen beim ersten mal hats was gefunden beim zweiten mal nicht. Des lustige is aufeinmal meldet sich Avira das es irg was gefunden hat. Wenn ich dir die Avira logs auch posten soll sag bescheid hier mal die beiden anderen.

Code:
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1016

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_27

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.527000 GHz
Memory total: 6157684736, free: 4099170304

------------ Kernel report ------------
    01/24/2013 17:12:53
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\drivers\TVALZ.SYS
\SystemRoot\system32\DRIVERS\tos_sps64.sys
\SystemRoot\system32\drivers\Thpevm.SYS
\SystemRoot\system32\DRIVERS\thpdrv.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\avgrkx64.sys
\SystemRoot\system32\DRIVERS\avgidsha.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\avgmfx64.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\avgtdia.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\avgldx64.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\drivers\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HECIx64.sys
\SystemRoot\system32\DRIVERS\e1k62x64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\drivers\risdpe64.sys
\SystemRoot\system32\drivers\rimspe64.sys
\SystemRoot\system32\drivers\rixdpe64.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\drivers\tpm.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\drivers\Apfiltr.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\tdcmdpst.sys
\SystemRoot\system32\drivers\Impcd.sys
\SystemRoot\system32\drivers\tosrfec.sys
\SystemRoot\system32\drivers\CmBatt.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\rdpbus.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\ATSwpWDF.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\pgeffect.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\avgidsfiltera.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\avgidsdrivera.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8006525060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8006231050
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
Initialization returned 0x0
Load Function returned 0x0
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006525060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006525b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006525060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006524060, DeviceName: \Device\THPDRV1\, DriverName: \Driver\Thpdrv\
DevicePointer: 0xfffffa8006231050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Upper DeviceData: 0xfffff8a003e0e640, 0xfffffa8006525060, 0xfffffa8005f53790
Lower DeviceData: 0xfffff8a00cf97590, 0xfffffa8006231050, 0xfffffa80060822c0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\windows\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C88CF4F6

Partition information:

    Partition 0 type is Other (0x27)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 3069952
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 3072000  Numsec = 603256832

    Partition 2 type is HIDDEN (0x17)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 606328832  Numsec = 18812928
    Partition is not bootable
Hidden partition VBR is not infected.

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8005d92060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8005e15860, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8005d92060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006021060, DeviceName: \Device\00000082\, DriverName: \Driver\USBSTOR\
------------ End ----------
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 37B07F16

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 2930272002

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 1500301910016 bytes
Sector size: 512 bytes

Done!
Performing system, memory and registry scan...
Read File: File "c:\ProgramData\AVG2012\log\avgcore.log.1" is compressed (flags = 1)
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IBUpdaterService --> [PUP.InstallBrain]
Infected: c:\Windows\System32\dmwu.exe --> [PUP.InstallBrain]
Infected: c:\Windows\System32\dmwu.exe --> [PUP.InstallBrain]
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1016

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_27

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 2.527000 GHz
Memory total: 6157684736, free: 4818530304

Removal queue found; removal started
Removing c:\Windows\System32\dmwu.exe...
Removal finished
=======================================
Code:
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1016

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_27

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 2.527000 GHz
Memory total: 6157684736, free: 4166053888

------------ Kernel report ------------
    01/24/2013 17:46:34
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\drivers\TVALZ.SYS
\SystemRoot\system32\DRIVERS\tos_sps64.sys
\SystemRoot\system32\drivers\Thpevm.SYS
\SystemRoot\system32\DRIVERS\thpdrv.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\avgrkx64.sys
\SystemRoot\system32\DRIVERS\avgidsha.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\avgmfx64.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\avgtdia.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\avgldx64.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\drivers\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HECIx64.sys
\SystemRoot\system32\DRIVERS\e1k62x64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\drivers\risdpe64.sys
\SystemRoot\system32\drivers\rimspe64.sys
\SystemRoot\system32\drivers\rixdpe64.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\drivers\tpm.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\drivers\Apfiltr.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\tdcmdpst.sys
\SystemRoot\system32\drivers\Impcd.sys
\SystemRoot\system32\drivers\tosrfec.sys
\SystemRoot\system32\drivers\CmBatt.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\rdpbus.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\ATSwpWDF.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\pgeffect.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\avgidsfiltera.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\avgidsdrivera.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8009e70060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007d\
Lower Device Object: 0xfffffa8009e69060
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8006504060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8006268050
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
Initialization returned 0x0
Load Function returned 0x0
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006504060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006504b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006504060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006503060, DeviceName: \Device\THPDRV1\, DriverName: \Driver\Thpdrv\
DevicePointer: 0xfffffa8006268050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Upper DeviceData: 0xfffff8a0042b3f50, 0xfffffa8006504060, 0xfffffa8005e84790
Lower DeviceData: 0xfffff8a00a761d90, 0xfffffa8006268050, 0xfffffa8005e72090
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\windows\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C88CF4F6

Partition information:

    Partition 0 type is Other (0x27)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 3069952
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 3072000  Numsec = 603256832

    Partition 2 type is HIDDEN (0x17)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 606328832  Numsec = 18812928
    Partition is not bootable
Hidden partition VBR is not infected.

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8009e70060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8009e70b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8009e70060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8009e69060, DeviceName: \Device\0000007d\, DriverName: \Driver\USBSTOR\
------------ End ----------
Upper DeviceData: 0xfffff8a005118c20, 0xfffffa8009e70060, 0xfffffa8005dfb790
Lower DeviceData: 0xfffff8a005112e00, 0xfffffa8009e69060, 0xfffffa8005e06090
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 37B07F16

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 2930272002

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 1500301910016 bytes
Sector size: 512 bytes

Done!
Performing system, memory and registry scan...
Read File: File "c:\ProgramData\AVG2012\log\avgrs.log.1" is compressed (flags = 1)
Done!
Scan finished
=======================================
lg momo

cosinus 24.01.2013 22:08
Anleitung nicht richtig gelesen? Du hast das Log, dass nicht gepostet werden sollte gleich 2x mal gepostet :wtf:

momo2408 24.01.2013 23:08
Oha dickes sorry :stirn:

Code:
Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org

Database version: v2013.01.09.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Schüler :: STMO24 [administrator]

24.01.2013 17:26:41
mbar-log-2013-01-24 (17-26-41).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30542
Time elapsed: 11 minute(s), 12 second(s)

Memory Processes Detected: 1
c:\Windows\System32\dmwu.exe (PUP.InstallBrain) -> 1552 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IBUpdaterService (PUP.InstallBrain) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
c:\Windows\System32\dmwu.exe (PUP.InstallBrain) -> Delete on reboot.

(end)
Code:
Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org

Database version: v2013.01.09.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Schüler :: STMO24 [administrator]

24.01.2013 17:59:24
mbar-log-2013-01-24 (17-59-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30527
Time elapsed: 12 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
So das sollten die richtigen sein :heilig:
Lg momo

cosinus 25.01.2013 12:07
1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtg4nzy0ywy5/settings_2012-09-04.png

momo2408 25.01.2013 19:33
So ich hoff ich hab des jetz richtig gemacht.
Bei aswMBR musste ich none einstellen sonst kam das was du schon gesagt hast hier mal der log

Code:
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-25 19:25:27
-----------------------------
19:25:27.686    OS Version: Windows x64 6.1.7601 Service Pack 1
19:25:27.686    Number of processors: 4 586 0x2505
19:25:27.686    ComputerName: STMO24  UserName:
19:25:29.359    Initialize success
19:25:36.612    AVAST engine defs: 13012500
19:25:42.133    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:25:42.138    Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3
19:25:42.162    Disk 0 MBR read successfully
19:25:42.167    Disk 0 MBR scan
19:25:42.176    Disk 0 Windows VISTA default MBR code
19:25:42.186    Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS        1499 MB offset 2048
19:25:42.208    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      294559 MB offset 3072000
19:25:42.239    Disk 0 Partition 3 00    17 Hidd HPFS/NTFS NTFS        9186 MB offset 606328832
19:25:42.293    Disk 0 scanning C:\windows\system32\drivers
19:25:54.924    Service scanning
19:26:31.179    Modules scanning
19:26:31.195    Disk 0 trace - called modules:
19:26:31.229    ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys iaStor.sys hal.dll
19:26:31.242    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006504060]
19:26:31.252    3 CLASSPNP.SYS[fffff8800162b43f] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa8006503060]
19:26:31.262    5 thpdrv.sys[fffff88001bcacc0] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006268050]
19:26:31.268    Scan finished successfully
19:28:10.443    Disk 0 MBR has been saved successfully to "C:\Users\Schüler\Desktop\MBR.dat"
19:28:10.451    The log file has been saved successfully to "C:\Users\Schüler\Desktop\aswMBR.txt"
Und hier die andere log

Code:
19:28:45.0647 5964  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:28:46.0963 5964  ============================================================
19:28:46.0963 5964  Current date / time: 2013/01/25 19:28:46.0963
19:28:46.0963 5964  SystemInfo:
19:28:46.0963 5964 
19:28:46.0963 5964  OS Version: 6.1.7601 ServicePack: 1.0
19:28:46.0963 5964  Product type: Workstation
19:28:46.0963 5964  ComputerName: STMO24
19:28:46.0964 5964  UserName: Schüler
19:28:46.0964 5964  Windows directory: C:\windows
19:28:46.0964 5964  System windows directory: C:\windows
19:28:46.0964 5964  Running under WOW64
19:28:46.0964 5964  Processor architecture: Intel x64
19:28:46.0964 5964  Number of processors: 4
19:28:46.0964 5964  Page size: 0x1000
19:28:46.0964 5964  Boot type: Normal boot
19:28:46.0964 5964  ============================================================
19:28:47.0406 5964  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:28:47.0419 5964  ============================================================
19:28:47.0419 5964  \Device\Harddisk0\DR0:
19:28:47.0420 5964  MBR partitions:
19:28:47.0420 5964  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE000, BlocksNum 0x23F4F800
19:28:47.0420 5964  ============================================================
19:28:47.0447 5964  C: <-> \Device\Harddisk0\DR0\Partition1
19:28:47.0447 5964  ============================================================
19:28:47.0447 5964  Initialize success
19:28:47.0447 5964  ============================================================
19:29:19.0020 6984  ============================================================
19:29:19.0020 6984  Scan started
19:29:19.0020 6984  Mode: Manual; SigCheck; TDLFS;
19:29:19.0020 6984  ============================================================
19:29:19.0230 6984  ================ Scan system memory ========================
19:29:19.0230 6984  System memory - ok
19:29:19.0231 6984  ================ Scan services =============================
19:29:19.0404 6984  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
19:29:19.0556 6984  1394ohci - ok
19:29:19.0612 6984  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\windows\system32\drivers\ACPI.sys
19:29:19.0649 6984  ACPI - ok
19:29:19.0677 6984  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi        C:\windows\system32\drivers\acpipmi.sys
19:29:19.0776 6984  AcpiPmi - ok
19:29:19.0849 6984  [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:29:19.0871 6984  AdobeARMservice - ok
19:29:19.0923 6984  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx        C:\windows\system32\drivers\adp94xx.sys
19:29:19.0957 6984  adp94xx - ok
19:29:20.0009 6984  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci        C:\windows\system32\drivers\adpahci.sys
19:29:20.0042 6984  adpahci - ok
19:29:20.0100 6984  [ E109549C90F62FB570B9540C4B148E54 ] adpu320        C:\windows\system32\drivers\adpu320.sys
19:29:20.0124 6984  adpu320 - ok
19:29:20.0147 6984  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc    C:\windows\System32\aelupsvc.dll
19:29:20.0299 6984  AeLookupSvc - ok
19:29:20.0355 6984  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD            C:\windows\system32\drivers\afd.sys
19:29:20.0427 6984  AFD - ok
19:29:20.0493 6984  [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem  C:\windows\system32\DRIVERS\agrsm64.sys
19:29:20.0576 6984  AgereSoftModem - ok
19:29:20.0613 6984  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\windows\system32\drivers\agp440.sys
19:29:20.0643 6984  agp440 - ok
19:29:20.0686 6984  [ 3290D6946B5E30E70414990574883DDB ] ALG            C:\windows\System32\alg.exe
19:29:20.0730 6984  ALG - ok
19:29:20.0766 6984  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\windows\system32\drivers\aliide.sys
19:29:20.0781 6984  aliide - ok
19:29:20.0786 6984  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\windows\system32\drivers\amdide.sys
19:29:20.0800 6984  amdide - ok
19:29:20.0831 6984  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8          C:\windows\system32\drivers\amdk8.sys
19:29:20.0859 6984  AmdK8 - ok
19:29:20.0873 6984  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\windows\system32\drivers\amdppm.sys
19:29:20.0902 6984  AmdPPM - ok
19:29:20.0941 6984  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata        C:\windows\system32\drivers\amdsata.sys
19:29:20.0957 6984  amdsata - ok
19:29:20.0979 6984  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\windows\system32\drivers\amdsbs.sys
19:29:20.0995 6984  amdsbs - ok
19:29:21.0011 6984  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata        C:\windows\system32\drivers\amdxata.sys
19:29:21.0024 6984  amdxata - ok
19:29:21.0122 6984  [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
19:29:21.0148 6984  AntiVirSchedulerService - ok
19:29:21.0167 6984  [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
19:29:21.0181 6984  AntiVirService - ok
19:29:21.0226 6984  [ 9FD4E8B6CA36B2593A1E253A41D2DFA3 ] ApfiltrService  C:\windows\system32\drivers\Apfiltr.sys
19:29:21.0263 6984  ApfiltrService - ok
19:29:21.0326 6984  [ 59D01FA91962C9C1E9B4022B2D3B46DB ] AppHostSvc      C:\windows\system32\inetsrv\apphostsvc.dll
19:29:21.0378 6984  AppHostSvc - ok
19:29:21.0413 6984  [ 89A69C3F2F319B43379399547526D952 ] AppID          C:\windows\system32\drivers\appid.sys
19:29:21.0569 6984  AppID - ok
19:29:21.0610 6984  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\windows\System32\appidsvc.dll
19:29:21.0700 6984  AppIDSvc - ok
19:29:21.0743 6984  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo        C:\windows\System32\appinfo.dll
19:29:21.0808 6984  Appinfo - ok
19:29:21.0841 6984  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt        C:\windows\System32\appmgmts.dll
19:29:21.0894 6984  AppMgmt - ok
19:29:21.0917 6984  [ C484F8CEB1717C540242531DB7845C4E ] arc            C:\windows\system32\drivers\arc.sys
19:29:21.0929 6984  arc - ok
19:29:21.0942 6984  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\windows\system32\drivers\arcsas.sys
19:29:21.0955 6984  arcsas - ok
19:29:22.0072 6984  [ 108FB6DDB69E537A2EA53F425363FAE5 ] aspnet_state    C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:29:22.0092 6984  aspnet_state - ok
19:29:22.0129 6984  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
19:29:22.0215 6984  AsyncMac - ok
19:29:22.0243 6984  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi          C:\windows\system32\drivers\atapi.sys
19:29:22.0254 6984  atapi - ok
19:29:22.0309 6984  [ D6CAD7E5B05055BB8226BDCB1644DA27 ] athr            C:\windows\system32\DRIVERS\athrx.sys
19:29:22.0401 6984  athr - ok
19:29:22.0509 6984  [ A9DDCA3E344D3018D067AE089A0CCAF0 ] ATService      C:\Program Files\Fingerprint Sensor\ATService.exe
19:29:22.0591 6984  ATService - ok
19:29:22.0649 6984  [ 474EE95924D3FDA71D834A3847136F11 ] ATSwpWDF        C:\windows\system32\Drivers\ATSwpWDF.sys
19:29:22.0679 6984  ATSwpWDF - ok
19:29:22.0726 6984  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
19:29:22.0802 6984  AudioEndpointBuilder - ok
19:29:22.0812 6984  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\windows\System32\Audiosrv.dll
19:29:22.0860 6984  AudioSrv - ok
19:29:23.0064 6984  [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent    C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
19:29:23.0250 6984  AVGIDSAgent - ok
19:29:23.0298 6984  [ 1B2E9FCDC26DC7C81D4131430E2DC936 ] AVGIDSDriver    C:\windows\system32\DRIVERS\avgidsdrivera.sys
19:29:23.0309 6984  AVGIDSDriver - ok
19:29:23.0332 6984  [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter    C:\windows\system32\DRIVERS\avgidsfiltera.sys
19:29:23.0341 6984  AVGIDSFilter - ok
19:29:23.0391 6984  [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA        C:\windows\system32\DRIVERS\avgidsha.sys
19:29:23.0413 6984  AVGIDSHA - ok
19:29:23.0465 6984  [ 221FEBAB02D6C97C95558348CC354A85 ] Avgldx64        C:\windows\system32\DRIVERS\avgldx64.sys
19:29:23.0496 6984  Avgldx64 - ok
19:29:23.0530 6984  [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64        C:\windows\system32\DRIVERS\avgmfx64.sys
19:29:23.0542 6984  Avgmfx64 - ok
19:29:23.0550 6984  [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt        C:\windows\system32\DRIVERS\avgntflt.sys
19:29:23.0566 6984  avgntflt - ok
19:29:23.0588 6984  [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64        C:\windows\system32\DRIVERS\avgrkx64.sys
19:29:23.0598 6984  Avgrkx64 - ok
19:29:23.0620 6984  [ F8C3C7ED612A41B05C66358FC9786BFD ] Avgtdia        C:\windows\system32\DRIVERS\avgtdia.sys
19:29:23.0639 6984  Avgtdia - ok
19:29:23.0662 6984  [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd          C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
19:29:23.0675 6984  avgwd - ok
19:29:23.0719 6984  [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb          C:\windows\system32\DRIVERS\avipbb.sys
19:29:23.0733 6984  avipbb - ok
19:29:23.0746 6984  [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr          C:\windows\system32\DRIVERS\avkmgr.sys
19:29:23.0758 6984  avkmgr - ok
19:29:23.0798 6984  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\windows\System32\AxInstSV.dll
19:29:23.0906 6984  AxInstSV - ok
19:29:23.0954 6984  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv        C:\windows\system32\drivers\bxvbda.sys
19:29:24.0024 6984  b06bdrv - ok
19:29:24.0058 6984  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
19:29:24.0105 6984  b57nd60a - ok
19:29:24.0148 6984  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\windows\System32\bdesvc.dll
19:29:24.0202 6984  BDESVC - ok
19:29:24.0214 6984  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\windows\system32\drivers\Beep.sys
19:29:24.0257 6984  Beep - ok
19:29:24.0308 6984  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE            C:\windows\System32\bfe.dll
19:29:24.0380 6984  BFE - ok
19:29:24.0419 6984  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\windows\System32\qmgr.dll
19:29:24.0484 6984  BITS - ok
19:29:24.0526 6984  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\windows\system32\drivers\blbdrive.sys
19:29:24.0553 6984  blbdrive - ok
19:29:24.0590 6984  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
19:29:24.0631 6984  bowser - ok
19:29:24.0664 6984  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\windows\system32\drivers\BrFiltLo.sys
19:29:24.0707 6984  BrFiltLo - ok
19:29:24.0732 6984  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\windows\system32\drivers\BrFiltUp.sys
19:29:24.0760 6984  BrFiltUp - ok
19:29:24.0828 6984  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser        C:\windows\System32\browser.dll
19:29:24.0866 6984  Browser - ok
19:29:24.0880 6984  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid        C:\windows\System32\Drivers\Brserid.sys
19:29:24.0910 6984  Brserid - ok
19:29:24.0934 6984  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
19:29:24.0975 6984  BrSerWdm - ok
19:29:24.0994 6984  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
19:29:25.0033 6984  BrUsbMdm - ok
19:29:25.0057 6984  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
19:29:25.0106 6984  BrUsbSer - ok
19:29:25.0144 6984  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\windows\system32\drivers\bthmodem.sys
19:29:25.0187 6984  BTHMODEM - ok
19:29:25.0226 6984  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv        C:\windows\system32\bthserv.dll
19:29:25.0270 6984  bthserv - ok
19:29:25.0307 6984  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
19:29:25.0368 6984  cdfs - ok
19:29:25.0400 6984  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom          C:\windows\system32\DRIVERS\cdrom.sys
19:29:25.0414 6984  cdrom - ok
19:29:25.0440 6984  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc    C:\windows\System32\certprop.dll
19:29:25.0500 6984  CertPropSvc - ok
19:29:25.0610 6984  [ 41E7C4FA6491747402CFCA77CC1C7AAB ] cfWiMAXService  C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
19:29:25.0638 6984  cfWiMAXService - ok
19:29:25.0670 6984  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\windows\system32\drivers\circlass.sys
19:29:25.0741 6984  circlass - ok
19:29:25.0778 6984  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\windows\system32\CLFS.sys
19:29:25.0811 6984  CLFS - ok
19:29:25.0875 6984  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:29:25.0903 6984  clr_optimization_v2.0.50727_32 - ok
19:29:25.0935 6984  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:29:25.0952 6984  clr_optimization_v2.0.50727_64 - ok
19:29:26.0017 6984  [ 6D7C8A951AF6AD6835C029B3CB88D333 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:29:26.0050 6984  clr_optimization_v4.0.30319_32 - ok
19:29:26.0063 6984  [ 86329C35FF23CFEF0FB6C0023BA06BCE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:29:26.0080 6984  clr_optimization_v4.0.30319_64 - ok
19:29:26.0100 6984  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\windows\system32\drivers\CmBatt.sys
19:29:26.0142 6984  CmBatt - ok
19:29:26.0169 6984  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\windows\system32\drivers\cmdide.sys
19:29:26.0182 6984  cmdide - ok
19:29:26.0228 6984  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG            C:\windows\system32\Drivers\cng.sys
19:29:26.0276 6984  CNG - ok
19:29:26.0296 6984  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\windows\system32\drivers\compbatt.sys
19:29:26.0308 6984  Compbatt - ok
19:29:26.0361 6984  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\windows\system32\drivers\CompositeBus.sys
19:29:26.0399 6984  CompositeBus - ok
19:29:26.0412 6984  COMSysApp - ok
19:29:26.0440 6984  [ CAB0EEAF5295FC96DDD3E19DCE27E131 ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
19:29:26.0453 6984  ConfigFree Service - ok
19:29:26.0466 6984  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk        C:\windows\system32\drivers\crcdisk.sys
19:29:26.0482 6984  crcdisk - ok
19:29:26.0537 6984  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\windows\system32\cryptsvc.dll
19:29:26.0598 6984  CryptSvc - ok
19:29:26.0634 6984  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC            C:\windows\system32\drivers\csc.sys
19:29:26.0699 6984  CSC - ok
19:29:26.0748 6984  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\windows\System32\cscsvc.dll
19:29:26.0812 6984  CscService - ok
19:29:26.0862 6984  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\windows\system32\rpcss.dll
19:29:26.0950 6984  DcomLaunch - ok
19:29:26.0998 6984  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc      C:\windows\System32\defragsvc.dll
19:29:27.0073 6984  defragsvc - ok
19:29:27.0115 6984  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
19:29:27.0176 6984  DfsC - ok
19:29:27.0211 6984  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\windows\system32\dhcpcore.dll
19:29:27.0267 6984  Dhcp - ok
19:29:27.0278 6984  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\windows\system32\drivers\discache.sys
19:29:27.0344 6984  discache - ok
19:29:27.0378 6984  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\windows\system32\drivers\disk.sys
19:29:27.0390 6984  Disk - ok
19:29:27.0424 6984  [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc          C:\windows\system32\drivers\dmvsc.sys
19:29:27.0476 6984  dmvsc - ok
19:29:27.0503 6984  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\windows\System32\dnsrslvr.dll
19:29:27.0551 6984  Dnscache - ok
19:29:27.0571 6984  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc        C:\windows\System32\dot3svc.dll
19:29:27.0642 6984  dot3svc - ok
19:29:27.0666 6984  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS            C:\windows\system32\dps.dll
19:29:27.0727 6984  DPS - ok
19:29:27.0762 6984  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud        C:\windows\system32\drivers\drmkaud.sys
19:29:27.0814 6984  drmkaud - ok
19:29:27.0852 6984  [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01    C:\windows\system32\DRIVERS\dtsoftbus01.sys
19:29:27.0869 6984  dtsoftbus01 - ok
19:29:27.0901 6984  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl        C:\windows\System32\drivers\dxgkrnl.sys
19:29:27.0938 6984  DXGKrnl - ok
19:29:27.0967 6984  [ BF3AF22106627DFF3EF7BAB133C969EA ] e1kexpress      C:\windows\system32\DRIVERS\e1k62x64.sys
19:29:27.0984 6984  e1kexpress - ok
19:29:28.0006 6984  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost        C:\windows\System32\eapsvc.dll
19:29:28.0067 6984  EapHost - ok
19:29:28.0171 6984  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv          C:\windows\system32\drivers\evbda.sys
19:29:28.0300 6984  ebdrv - ok
19:29:28.0357 6984  [ C118A82CD78818C29AB228366EBF81C3 ] EFS            C:\windows\System32\lsass.exe
19:29:28.0416 6984  EFS - ok
19:29:28.0476 6984  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr        C:\windows\ehome\ehRecvr.exe
19:29:28.0566 6984  ehRecvr - ok
19:29:28.0591 6984  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched        C:\windows\ehome\ehsched.exe
19:29:28.0646 6984  ehSched - ok
19:29:28.0686 6984  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor        C:\windows\system32\drivers\elxstor.sys
19:29:28.0726 6984  elxstor - ok
19:29:28.0748 6984  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\windows\system32\drivers\errdev.sys
19:29:28.0783 6984  ErrDev - ok
19:29:28.0821 6984  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem    C:\windows\system32\es.dll
19:29:28.0876 6984  EventSystem - ok
19:29:28.0898 6984  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat          C:\windows\system32\drivers\exfat.sys
19:29:28.0939 6984  exfat - ok
19:29:28.0955 6984  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat        C:\windows\system32\drivers\fastfat.sys
19:29:29.0008 6984  fastfat - ok
19:29:29.0042 6984  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax            C:\windows\system32\fxssvc.exe
19:29:29.0109 6984  Fax - ok
19:29:29.0135 6984  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc            C:\windows\system32\drivers\fdc.sys
19:29:29.0179 6984  fdc - ok
19:29:29.0211 6984  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost        C:\windows\system32\fdPHost.dll
19:29:29.0261 6984  fdPHost - ok
19:29:29.0271 6984  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\windows\system32\fdrespub.dll
19:29:29.0319 6984  FDResPub - ok
19:29:29.0359 6984  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
19:29:29.0372 6984  FileInfo - ok
19:29:29.0384 6984  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace      C:\windows\system32\drivers\filetrace.sys
19:29:29.0439 6984  Filetrace - ok
19:29:29.0471 6984  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\windows\system32\drivers\flpydisk.sys
19:29:29.0483 6984  flpydisk - ok
19:29:29.0500 6984  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
19:29:29.0517 6984  FltMgr - ok
19:29:29.0549 6984  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache      C:\windows\system32\FntCache.dll
19:29:29.0625 6984  FontCache - ok
19:29:29.0662 6984  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:29:29.0679 6984  FontCache3.0.0.0 - ok
19:29:29.0697 6984  [ D43703496149971890703B4B1B723EAC ] FsDepends      C:\windows\system32\drivers\FsDepends.sys
19:29:29.0716 6984  FsDepends - ok
19:29:29.0749 6984  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
19:29:29.0769 6984  Fs_Rec - ok
19:29:29.0813 6984  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
19:29:29.0841 6984  fvevol - ok
19:29:29.0875 6984  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\windows\system32\drivers\gagp30kx.sys
19:29:29.0889 6984  gagp30kx - ok
19:29:29.0931 6984  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc          C:\windows\System32\gpsvc.dll
19:29:29.0984 6984  gpsvc - ok
19:29:30.0000 6984  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
19:29:30.0061 6984  hcw85cir - ok
19:29:30.0103 6984  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
19:29:30.0146 6984  HdAudAddService - ok
19:29:30.0170 6984  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\windows\system32\drivers\HDAudBus.sys
19:29:30.0207 6984  HDAudBus - ok
19:29:30.0235 6984  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64        C:\windows\system32\drivers\HECIx64.sys
19:29:30.0245 6984  HECIx64 - ok
19:29:30.0269 6984  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt        C:\windows\system32\drivers\HidBatt.sys
19:29:30.0294 6984  HidBatt - ok
19:29:30.0328 6984  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\windows\system32\drivers\hidbth.sys
19:29:30.0382 6984  HidBth - ok
19:29:30.0420 6984  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr          C:\windows\system32\drivers\hidir.sys
19:29:30.0455 6984  HidIr - ok
19:29:30.0486 6984  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv        C:\windows\system32\hidserv.dll
19:29:30.0530 6984  hidserv - ok
19:29:30.0569 6984  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
19:29:30.0598 6984  HidUsb - ok
19:29:30.0624 6984  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\windows\system32\kmsvc.dll
19:29:30.0695 6984  hkmsvc - ok
19:29:30.0717 6984  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
19:29:30.0756 6984  HomeGroupListener - ok
19:29:30.0779 6984  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
19:29:30.0817 6984  HomeGroupProvider - ok
19:29:30.0848 6984  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
19:29:30.0863 6984  HpSAMD - ok
19:29:30.0919 6984  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\windows\system32\drivers\HTTP.sys
19:29:31.0008 6984  HTTP - ok
19:29:31.0048 6984  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
19:29:31.0061 6984  hwpolicy - ok
19:29:31.0091 6984  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\windows\system32\drivers\i8042prt.sys
19:29:31.0107 6984  i8042prt - ok
19:29:31.0142 6984  [ A5F72BB0D024E7E463344105BE613AE4 ] iaStor          C:\windows\system32\drivers\iaStor.sys
19:29:31.0163 6984  iaStor - ok
19:29:31.0203 6984  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV        C:\windows\system32\drivers\iaStorV.sys
19:29:31.0223 6984  iaStorV - ok
19:29:31.0310 6984  [ 93480110BE459273E4333DD23835DDAC ] IB Updater      C:\Program Files\IB Updater\ExtensionUpdaterService.exe
19:29:31.0332 6984  IB Updater - ok
19:29:31.0402 6984  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc          C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:29:31.0453 6984  idsvc - ok
19:29:31.0690 6984  [ C02B4A9988A5BE86348C74D6F8CC7E81 ] igfx            C:\windows\system32\DRIVERS\igdkmd64.sys
19:29:32.0035 6984  igfx - ok
19:29:32.0074 6984  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp          C:\windows\system32\drivers\iirsp.sys
19:29:32.0091 6984  iirsp - ok
19:29:32.0142 6984  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\windows\System32\ikeext.dll
19:29:32.0243 6984  IKEEXT - ok
19:29:32.0276 6984  [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd          C:\windows\system32\drivers\Impcd.sys
19:29:32.0325 6984  Impcd - ok
19:29:32.0427 6984  [ AAB8CD9CF65DAADFDFCECE067650AF13 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
19:29:32.0485 6984  IntcAzAudAddService - ok
19:29:32.0517 6984  [ 4429B91B0FE91F9BE8E24E93CC960368 ] IntcDAud        C:\windows\system32\DRIVERS\IntcDAud.sys
19:29:32.0578 6984  IntcDAud - ok
19:29:32.0593 6984  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\windows\system32\drivers\intelide.sys
19:29:32.0616 6984  intelide - ok
19:29:32.0648 6984  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\windows\system32\drivers\intelppm.sys
19:29:32.0677 6984  intelppm - ok
19:29:32.0719 6984  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum      C:\windows\system32\ipbusenum.dll
19:29:32.0785 6984  IPBusEnum - ok
19:29:32.0828 6984  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
19:29:32.0899 6984  IpFilterDriver - ok
19:29:32.0954 6984  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
19:29:33.0036 6984  iphlpsvc - ok
19:29:33.0047 6984  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV        C:\windows\system32\drivers\IPMIDrv.sys
19:29:33.0084 6984  IPMIDRV - ok
19:29:33.0117 6984  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT          C:\windows\system32\drivers\ipnat.sys
19:29:33.0184 6984  IPNAT - ok
19:29:33.0213 6984  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\windows\system32\drivers\irenum.sys
19:29:33.0250 6984  IRENUM - ok
19:29:33.0275 6984  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\windows\system32\drivers\isapnp.sys
19:29:33.0287 6984  isapnp - ok
19:29:33.0316 6984  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
19:29:33.0333 6984  iScsiPrt - ok
19:29:33.0364 6984  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\windows\system32\drivers\kbdclass.sys
19:29:33.0388 6984  kbdclass - ok
19:29:33.0400 6984  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\windows\system32\drivers\kbdhid.sys
19:29:33.0414 6984  kbdhid - ok
19:29:33.0423 6984  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\windows\system32\lsass.exe
19:29:33.0437 6984  KeyIso - ok
19:29:33.0473 6984  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
19:29:33.0486 6984  KSecDD - ok
19:29:33.0496 6984  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg        C:\windows\system32\Drivers\ksecpkg.sys
19:29:33.0512 6984  KSecPkg - ok
19:29:33.0561 6984  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk        C:\windows\system32\drivers\ksthunk.sys
19:29:33.0611 6984  ksthunk - ok
19:29:33.0643 6984  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm          C:\windows\system32\msdtckrm.dll
19:29:33.0703 6984  KtmRm - ok
19:29:33.0736 6984  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\windows\system32\srvsvc.dll
19:29:33.0794 6984  LanmanServer - ok
19:29:33.0835 6984  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
19:29:33.0895 6984  LanmanWorkstation - ok
19:29:33.0929 6984  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
19:29:33.0982 6984  lltdio - ok
19:29:34.0011 6984  [ C1185803384AB3FEED115F79F109427F ] lltdsvc        C:\windows\System32\lltdsvc.dll
19:29:34.0072 6984  lltdsvc - ok
19:29:34.0099 6984  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts        C:\windows\System32\lmhsvc.dll
19:29:34.0159 6984  lmhosts - ok
19:29:34.0224 6984  [ A1C148801B4AF64847AEB9F3AD9594EF ] LMS            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:29:34.0258 6984  LMS ( UnsignedFile.Multi.Generic ) - warning
19:29:34.0258 6984  LMS - detected UnsignedFile.Multi.Generic (1)
19:29:34.0285 6984  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\windows\system32\drivers\lsi_fc.sys
19:29:34.0309 6984  LSI_FC - ok
19:29:34.0336 6984  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS        C:\windows\system32\drivers\lsi_sas.sys
19:29:34.0352 6984  LSI_SAS - ok
19:29:34.0376 6984  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\windows\system32\drivers\lsi_sas2.sys
19:29:34.0391 6984  LSI_SAS2 - ok
19:29:34.0410 6984  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\windows\system32\drivers\lsi_scsi.sys
19:29:34.0426 6984  LSI_SCSI - ok
19:29:34.0457 6984  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv          C:\windows\system32\drivers\luafv.sys
19:29:34.0513 6984  luafv - ok
19:29:34.0536 6984  McAfee SiteAdvisor Service - ok
19:29:34.0564 6984  McMPFSvc - ok
19:29:34.0586 6984  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc        C:\windows\system32\Mcx2Svc.dll
19:29:34.0623 6984  Mcx2Svc - ok
19:29:34.0637 6984  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas        C:\windows\system32\drivers\megasas.sys
19:29:34.0650 6984  megasas - ok
19:29:34.0663 6984  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\windows\system32\drivers\MegaSR.sys
19:29:34.0681 6984  MegaSR - ok
19:29:34.0736 6984  Microsoft SharePoint Workspace Audit Service - ok
19:29:34.0764 6984  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS          C:\windows\system32\mmcss.dll
19:29:34.0829 6984  MMCSS - ok
19:29:34.0852 6984  [ 800BA92F7010378B09F9ED9270F07137 ] Modem          C:\windows\system32\drivers\modem.sys
19:29:34.0908 6984  Modem - ok
19:29:34.0933 6984  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor        C:\windows\system32\DRIVERS\monitor.sys
19:29:34.0963 6984  monitor - ok
19:29:34.0992 6984  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
19:29:35.0007 6984  mouclass - ok
19:29:35.0030 6984  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
19:29:35.0043 6984  mouhid - ok
19:29:35.0057 6984  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
19:29:35.0070 6984  mountmgr - ok
19:29:35.0097 6984  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\windows\system32\drivers\mpio.sys
19:29:35.0112 6984  mpio - ok
19:29:35.0133 6984  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
19:29:35.0174 6984  mpsdrv - ok
19:29:35.0213 6984  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\windows\system32\mpssvc.dll
19:29:35.0274 6984  MpsSvc - ok
19:29:35.0288 6984  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
19:29:35.0320 6984  MRxDAV - ok
19:29:35.0359 6984  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
19:29:35.0426 6984  mrxsmb - ok
19:29:35.0451 6984  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
19:29:35.0473 6984  mrxsmb10 - ok
19:29:35.0478 6984  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
19:29:35.0494 6984  mrxsmb20 - ok
19:29:35.0518 6984  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\windows\system32\drivers\msahci.sys
19:29:35.0529 6984  msahci - ok
19:29:35.0543 6984  [ DB801A638D011B9633829EB6F663C900 ] msdsm          C:\windows\system32\drivers\msdsm.sys
19:29:35.0557 6984  msdsm - ok
19:29:35.0586 6984  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC          C:\windows\System32\msdtc.exe
19:29:35.0613 6984  MSDTC - ok
19:29:35.0653 6984  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\windows\system32\drivers\Msfs.sys
19:29:35.0742 6984  Msfs - ok
19:29:35.0761 6984  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf      C:\windows\System32\drivers\mshidkmdf.sys
19:29:35.0814 6984  mshidkmdf - ok
19:29:35.0844 6984  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
19:29:35.0856 6984  msisadrv - ok
19:29:35.0889 6984  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI        C:\windows\system32\iscsiexe.dll
19:29:35.0947 6984  MSiSCSI - ok
19:29:35.0951 6984  msiserver - ok
19:29:35.0988 6984  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV        C:\windows\system32\drivers\MSKSSRV.sys
19:29:36.0057 6984  MSKSSRV - ok
19:29:36.0074 6984  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
19:29:36.0130 6984  MSPCLOCK - ok
19:29:36.0134 6984  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM          C:\windows\system32\drivers\MSPQM.sys
19:29:36.0180 6984  MSPQM - ok
19:29:36.0208 6984  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC          C:\windows\system32\drivers\MsRPC.sys
19:29:36.0227 6984  MsRPC - ok
19:29:36.0243 6984  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\windows\system32\drivers\mssmbios.sys
19:29:36.0261 6984  mssmbios - ok
19:29:36.0293 6984  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE          C:\windows\system32\drivers\MSTEE.sys
19:29:36.0351 6984  MSTEE - ok
19:29:36.0384 6984  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\windows\system32\drivers\MTConfig.sys
19:29:36.0399 6984  MTConfig - ok
19:29:36.0430 6984  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup            C:\windows\system32\Drivers\mup.sys
19:29:36.0443 6984  Mup - ok
19:29:36.0496 6984  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\windows\system32\qagentRT.dll
19:29:36.0577 6984  napagent - ok
19:29:36.0632 6984  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP    C:\windows\system32\DRIVERS\nwifi.sys
19:29:36.0693 6984  NativeWifiP - ok
19:29:36.0765 6984  [ 2989174DF02E0AEF54BAE90674FB445F ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
19:29:36.0805 6984  NAUpdate - ok
19:29:36.0851 6984  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\windows\system32\drivers\ndis.sys
19:29:36.0882 6984  NDIS - ok
19:29:36.0923 6984  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap        C:\windows\system32\DRIVERS\ndiscap.sys
19:29:36.0980 6984  NdisCap - ok
19:29:37.0014 6984  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
19:29:37.0052 6984  NdisTapi - ok
19:29:37.0061 6984  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio        C:\windows\system32\DRIVERS\ndisuio.sys
19:29:37.0109 6984  Ndisuio - ok
19:29:37.0132 6984  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan        C:\windows\system32\DRIVERS\ndiswan.sys
19:29:37.0180 6984  NdisWan - ok
19:29:37.0210 6984  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy        C:\windows\system32\drivers\NDProxy.sys
19:29:37.0291 6984  NDProxy - ok
19:29:37.0316 6984  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS        C:\windows\system32\DRIVERS\netbios.sys
19:29:37.0374 6984  NetBIOS - ok
19:29:37.0392 6984  [ 09594D1089C523423B32A4229263F068 ] NetBT          C:\windows\system32\DRIVERS\netbt.sys
19:29:37.0430 6984  NetBT - ok
19:29:37.0445 6984  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\windows\system32\lsass.exe
19:29:37.0458 6984  Netlogon - ok
19:29:37.0484 6984  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\windows\System32\netman.dll
19:29:37.0539 6984  Netman - ok
19:29:37.0614 6984  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:29:37.0632 6984  NetMsmqActivator - ok
19:29:37.0649 6984  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:29:37.0665 6984  NetPipeActivator - ok
19:29:37.0689 6984  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\windows\System32\netprofm.dll
19:29:37.0757 6984  netprofm - ok
19:29:37.0777 6984  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:29:37.0793 6984  NetTcpActivator - ok
19:29:37.0798 6984  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:29:37.0813 6984  NetTcpPortSharing - ok
19:29:37.0833 6984  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960        C:\windows\system32\drivers\nfrd960.sys
19:29:37.0845 6984  nfrd960 - ok
19:29:37.0883 6984  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\windows\System32\nlasvc.dll
19:29:37.0916 6984  NlaSvc - ok
19:29:37.0947 6984  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\windows\system32\drivers\Npfs.sys
19:29:37.0989 6984  Npfs - ok
19:29:38.0018 6984  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi            C:\windows\system32\nsisvc.dll
19:29:38.0061 6984  nsi - ok
19:29:38.0070 6984  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
19:29:38.0129 6984  nsiproxy - ok
19:29:38.0210 6984  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
19:29:38.0272 6984  Ntfs - ok
19:29:38.0298 6984  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\windows\system32\drivers\Null.sys
19:29:38.0348 6984  Null - ok
19:29:38.0382 6984  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\windows\system32\drivers\nvraid.sys
19:29:38.0397 6984  nvraid - ok
19:29:38.0416 6984  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\windows\system32\drivers\nvstor.sys
19:29:38.0430 6984  nvstor - ok
19:29:38.0457 6984  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
19:29:38.0472 6984  nv_agp - ok
19:29:38.0490 6984  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
19:29:38.0522 6984  ohci1394 - ok
19:29:38.0611 6984  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose            C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:29:38.0641 6984  ose - ok
19:29:38.0792 6984  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc        C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:29:38.0962 6984  osppsvc - ok
19:29:38.0987 6984  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
19:29:39.0030 6984  p2pimsvc - ok
19:29:39.0048 6984  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\windows\system32\p2psvc.dll
19:29:39.0072 6984  p2psvc - ok
19:29:39.0095 6984  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport        C:\windows\system32\drivers\parport.sys
19:29:39.0128 6984  Parport - ok
19:29:39.0161 6984  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr        C:\windows\system32\drivers\partmgr.sys
19:29:39.0175 6984  partmgr - ok
19:29:39.0202 6984  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\windows\System32\pcasvc.dll
19:29:39.0239 6984  PcaSvc - ok
19:29:39.0262 6984  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci            C:\windows\system32\drivers\pci.sys
19:29:39.0278 6984  pci - ok
19:29:39.0295 6984  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\windows\system32\drivers\pciide.sys
19:29:39.0309 6984  pciide - ok
19:29:39.0337 6984  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\windows\system32\drivers\pcmcia.sys
19:29:39.0352 6984  pcmcia - ok
19:29:39.0379 6984  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw            C:\windows\system32\drivers\pcw.sys
19:29:39.0391 6984  pcw - ok
19:29:39.0411 6984  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\windows\system32\drivers\peauth.sys
19:29:39.0475 6984  PEAUTH - ok
19:29:39.0525 6984  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc    C:\windows\system32\peerdistsvc.dll
19:29:39.0597 6984  PeerDistSvc - ok
19:29:39.0677 6984  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\windows\SysWow64\perfhost.exe
19:29:39.0726 6984  PerfHost - ok
19:29:39.0771 6984  [ 663962900E7FEA522126BA287715BB4A ] PGEffect        C:\windows\system32\DRIVERS\pgeffect.sys
19:29:39.0788 6984  PGEffect - ok
19:29:39.0852 6984  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla            C:\windows\system32\pla.dll
19:29:39.0944 6984  pla - ok
19:29:39.0988 6984  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
19:29:40.0048 6984  PlugPlay - ok
19:29:40.0061 6984  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg    C:\windows\system32\pnrpauto.dll
19:29:40.0087 6984  PNRPAutoReg - ok
19:29:40.0109 6984  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc        C:\windows\system32\pnrpsvc.dll
19:29:40.0130 6984  PNRPsvc - ok
19:29:40.0154 6984  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent    C:\windows\System32\ipsecsvc.dll
19:29:40.0215 6984  PolicyAgent - ok
19:29:40.0252 6984  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power          C:\windows\system32\umpo.dll
19:29:40.0321 6984  Power - ok
19:29:40.0362 6984  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
19:29:40.0414 6984  PptpMiniport - ok
19:29:40.0449 6984  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor      C:\windows\system32\drivers\processr.sys
19:29:40.0499 6984  Processor - ok
19:29:40.0552 6984  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc        C:\windows\system32\profsvc.dll
19:29:40.0620 6984  ProfSvc - ok
19:29:40.0634 6984  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
19:29:40.0650 6984  ProtectedStorage - ok
19:29:40.0697 6984  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\windows\system32\DRIVERS\pacer.sys
19:29:40.0781 6984  Psched - ok
19:29:40.0859 6984  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\windows\system32\drivers\ql2300.sys
19:29:40.0917 6984  ql2300 - ok
19:29:40.0933 6984  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\windows\system32\drivers\ql40xx.sys
19:29:40.0946 6984  ql40xx - ok
19:29:40.0972 6984  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE          C:\windows\system32\qwave.dll
19:29:40.0994 6984  QWAVE - ok
19:29:41.0009 6984  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
19:29:41.0043 6984  QWAVEdrv - ok
19:29:41.0061 6984  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
19:29:41.0112 6984  RasAcd - ok
19:29:41.0152 6984  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn    C:\windows\system32\DRIVERS\AgileVpn.sys
19:29:41.0191 6984  RasAgileVpn - ok
19:29:41.0211 6984  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto        C:\windows\System32\rasauto.dll
19:29:41.0268 6984  RasAuto - ok
19:29:41.0291 6984  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp        C:\windows\system32\DRIVERS\rasl2tp.sys
19:29:41.0355 6984  Rasl2tp - ok
19:29:41.0379 6984  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\windows\System32\rasmans.dll
19:29:41.0422 6984  RasMan - ok
19:29:41.0452 6984  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
19:29:41.0507 6984  RasPppoe - ok
19:29:41.0525 6984  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp        C:\windows\system32\DRIVERS\rassstp.sys
19:29:41.0585 6984  RasSstp - ok
19:29:41.0621 6984  [ 77F665941019A1594D887A74F301FA2F ] rdbss          C:\windows\system32\DRIVERS\rdbss.sys
19:29:41.0678 6984  rdbss - ok
19:29:41.0704 6984  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\windows\system32\drivers\rdpbus.sys
19:29:41.0738 6984  rdpbus - ok
19:29:41.0767 6984  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
19:29:41.0808 6984  RDPCDD - ok
19:29:41.0824 6984  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR          C:\windows\system32\drivers\rdpdr.sys
19:29:41.0846 6984  RDPDR - ok
19:29:41.0862 6984  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
19:29:41.0916 6984  RDPENCDD - ok
19:29:41.0934 6984  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
19:29:41.0971 6984  RDPREFMP - ok
19:29:42.0011 6984  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD          C:\windows\system32\drivers\RDPWD.sys
19:29:42.0057 6984  RDPWD - ok
19:29:42.0094 6984  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
19:29:42.0114 6984  rdyboost - ok
19:29:42.0133 6984  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\windows\System32\mprdim.dll
19:29:42.0174 6984  RemoteAccess - ok
19:29:42.0207 6984  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\windows\system32\regsvc.dll
19:29:42.0267 6984  RemoteRegistry - ok
19:29:42.0301 6984  [ F50F87C83C2847040BB6C38210612CB2 ] rimspci        C:\windows\system32\drivers\rimspe64.sys
19:29:42.0348 6984  rimspci - ok
19:29:42.0383 6984  [ 9F6E1E02FEA93180585DB20315F16889 ] risdpcie        C:\windows\system32\drivers\risdpe64.sys
19:29:42.0417 6984  risdpcie - ok
19:29:42.0448 6984  [ 6A1CD4674505E6791390A1AB71DA1FBE ] rixdpcie        C:\windows\system32\drivers\rixdpe64.sys
19:29:42.0505 6984  rixdpcie - ok
19:29:42.0530 6984  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
19:29:42.0596 6984  RpcEptMapper - ok
19:29:42.0618 6984  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\windows\system32\locator.exe
19:29:42.0651 6984  RpcLocator - ok
19:29:42.0680 6984  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs          C:\windows\system32\rpcss.dll
19:29:42.0728 6984  RpcSs - ok
19:29:42.0761 6984  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
19:29:42.0801 6984  rspndr - ok
19:29:42.0822 6984  [ E60C0A09F997826C7627B244195AB581 ] s3cap          C:\windows\system32\drivers\vms3cap.sys
19:29:42.0854 6984  s3cap - ok
19:29:42.0877 6984  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs          C:\windows\system32\lsass.exe
19:29:42.0891 6984  SamSs - ok
19:29:42.0917 6984  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
19:29:42.0931 6984  sbp2port - ok
19:29:42.0961 6984  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\windows\System32\SCardSvr.dll
19:29:43.0019 6984  SCardSvr - ok
19:29:43.0050 6984  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
19:29:43.0119 6984  scfilter - ok
19:29:43.0152 6984  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\windows\system32\schedsvc.dll
19:29:43.0225 6984  Schedule - ok
19:29:43.0249 6984  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc    C:\windows\System32\certprop.dll
19:29:43.0287 6984  SCPolicySvc - ok
19:29:43.0329 6984  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus          C:\windows\system32\DRIVERS\sdbus.sys
19:29:43.0374 6984  sdbus - ok
19:29:43.0401 6984  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\windows\System32\SDRSVC.dll
19:29:43.0426 6984  SDRSVC - ok
19:29:43.0452 6984  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\windows\system32\drivers\secdrv.sys
19:29:43.0491 6984  secdrv - ok
19:29:43.0506 6984  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\windows\system32\seclogon.dll
19:29:43.0545 6984  seclogon - ok
19:29:43.0553 6984  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\windows\System32\sens.dll
19:29:43.0613 6984  SENS - ok
19:29:43.0647 6984  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\windows\system32\sensrsvc.dll
19:29:43.0702 6984  SensrSvc - ok
19:29:43.0716 6984  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum        C:\windows\system32\drivers\serenum.sys
19:29:43.0753 6984  Serenum - ok
19:29:43.0769 6984  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\windows\system32\drivers\serial.sys
19:29:43.0794 6984  Serial - ok
19:29:43.0823 6984  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\windows\system32\drivers\sermouse.sys
19:29:43.0853 6984  sermouse - ok
19:29:43.0894 6984  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\windows\system32\sessenv.dll
19:29:43.0966 6984  SessionEnv - ok
19:29:43.0984 6984  [ A554811BCD09279536440C964AE35BBF ] sffdisk        C:\windows\system32\drivers\sffdisk.sys
19:29:43.0999 6984  sffdisk - ok
19:29:44.0024 6984  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
19:29:44.0052 6984  sffp_mmc - ok
19:29:44.0077 6984  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd        C:\windows\system32\drivers\sffp_sd.sys
19:29:44.0112 6984  sffp_sd - ok
19:29:44.0142 6984  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy        C:\windows\system32\drivers\sfloppy.sys
19:29:44.0170 6984  sfloppy - ok
19:29:44.0205 6984  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\windows\System32\ipnathlp.dll
19:29:44.0265 6984  SharedAccess - ok
19:29:44.0291 6984  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
19:29:44.0358 6984  ShellHWDetection - ok
19:29:44.0378 6984  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\windows\system32\drivers\SiSRaid2.sys
19:29:44.0391 6984  SiSRaid2 - ok
19:29:44.0424 6984  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\windows\system32\drivers\sisraid4.sys
19:29:44.0436 6984  SiSRaid4 - ok
19:29:44.0468 6984  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb            C:\windows\system32\DRIVERS\smb.sys
19:29:44.0526 6984  Smb - ok
19:29:44.0564 6984  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\windows\System32\snmptrap.exe
19:29:44.0597 6984  SNMPTRAP - ok
19:29:44.0614 6984  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr          C:\windows\system32\drivers\spldr.sys
19:29:44.0627 6984  spldr - ok
19:29:44.0657 6984  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler        C:\windows\System32\spoolsv.exe
19:29:44.0698 6984  Spooler - ok
19:29:44.0801 6984  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\windows\system32\sppsvc.exe
19:29:44.0964 6984  sppsvc - ok
19:29:44.0982 6984  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify    C:\windows\system32\sppuinotify.dll
19:29:45.0021 6984  sppuinotify - ok
19:29:45.0054 6984  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv            C:\windows\system32\DRIVERS\srv.sys
19:29:45.0116 6984  srv - ok
19:29:45.0136 6984  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
19:29:45.0173 6984  srv2 - ok
19:29:45.0193 6984  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
19:29:45.0211 6984  srvnet - ok
19:29:45.0241 6984  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV        C:\windows\System32\ssdpsrv.dll
19:29:45.0291 6984  SSDPSRV - ok
19:29:45.0301 6984  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc        C:\windows\system32\sstpsvc.dll
19:29:45.0342 6984  SstpSvc - ok
19:29:45.0372 6984  Steam Client Service - ok
19:29:45.0391 6984  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\windows\system32\drivers\stexstor.sys
19:29:45.0403 6984  stexstor - ok
19:29:45.0437 6984  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\windows\System32\wiaservc.dll
19:29:45.0486 6984  stisvc - ok
19:29:45.0508 6984  [ 7785DC213270D2FC066538DAF94087E7 ] storflt        C:\windows\system32\drivers\vmstorfl.sys
19:29:45.0522 6984  storflt - ok
19:29:45.0545 6984  [ C40841817EF57D491F22EB103DA587CC ] StorSvc        C:\windows\system32\storsvc.dll
19:29:45.0583 6984  StorSvc - ok
19:29:45.0610 6984  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc        C:\windows\system32\drivers\storvsc.sys
19:29:45.0625 6984  storvsc - ok
19:29:45.0652 6984  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\windows\system32\drivers\swenum.sys
19:29:45.0666 6984  swenum - ok
19:29:45.0705 6984  [ E08E46FDD841B7184194011CA1955A0B ] swprv          C:\windows\System32\swprv.dll
19:29:45.0759 6984  swprv - ok
19:29:45.0810 6984  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain        C:\windows\system32\sysmain.dll
19:29:45.0870 6984  SysMain - ok
19:29:45.0900 6984  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
19:29:45.0940 6984  TabletInputService - ok
19:29:45.0960 6984  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv        C:\windows\System32\tapisrv.dll
19:29:46.0019 6984  TapiSrv - ok
19:29:46.0038 6984  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS            C:\windows\System32\tbssvc.dll
19:29:46.0077 6984  TBS - ok
19:29:46.0160 6984  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip          C:\windows\system32\drivers\tcpip.sys
19:29:46.0223 6984  Tcpip - ok
19:29:46.0259 6984  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
19:29:46.0302 6984  TCPIP6 - ok
19:29:46.0340 6984  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
19:29:46.0355 6984  tcpipreg - ok
19:29:46.0381 6984  [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst        C:\windows\system32\DRIVERS\tdcmdpst.sys
19:29:46.0401 6984  tdcmdpst - ok
19:29:46.0429 6984  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
19:29:46.0470 6984  TDPIPE - ok
19:29:46.0490 6984  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP          C:\windows\system32\drivers\tdtcp.sys
19:29:46.0516 6984  TDTCP - ok
19:29:46.0545 6984  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx            C:\windows\system32\DRIVERS\tdx.sys
19:29:46.0589 6984  tdx - ok
19:29:46.0638 6984  [ 1B709733A04DCC41A63F9CD1F76A4EBE ] TemproMonitoringService C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
19:29:46.0651 6984  TemproMonitoringService - ok
19:29:46.0678 6984  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\windows\system32\drivers\termdd.sys
19:29:46.0695 6984  TermDD - ok
19:29:46.0739 6984  [ 2E648163254233755035B46DD7B89123 ] TermService    C:\windows\System32\termsrv.dll
19:29:46.0813 6984  TermService - ok
19:29:46.0827 6984  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\windows\system32\themeservice.dll
19:29:46.0846 6984  Themes - ok
19:29:46.0898 6984  [ C013F6ACAA9761F571BD28DADA7C157D ] Thpdrv          C:\windows\system32\DRIVERS\thpdrv.sys
19:29:46.0921 6984  Thpdrv - ok
19:29:46.0966 6984  [ B4E609047434ED948AF7BDEF2FA66E38 ] Thpevm          C:\windows\system32\drivers\Thpevm.SYS
19:29:46.0986 6984  Thpevm - ok
19:29:47.0015 6984  [ 9B032A63A0553A2D872815C64A0288BE ] Thpsrv          C:\windows\system32\ThpSrv.exe
19:29:47.0049 6984  Thpsrv ( UnsignedFile.Multi.Generic ) - warning
19:29:47.0049 6984  Thpsrv - detected UnsignedFile.Multi.Generic (1)
19:29:47.0075 6984  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER    C:\windows\system32\mmcss.dll
19:29:47.0116 6984  THREADORDER - ok
19:29:47.0164 6984  [ 199C2E87D9A5EC58D0BCD94E893BF629 ] TIEHDUSB        C:\windows\system32\DRIVERS\tiehdusb.sys
19:29:47.0214 6984  TIEHDUSB - ok
19:29:47.0270 6984  [ 83E91963C4452BE6899503CF9EBFD3ED ] TMachInfo      C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
19:29:47.0291 6984  TMachInfo - ok
19:29:47.0319 6984  [ 8E2C799D3476EAC32C3BA0DF7CE6AF19 ] TODDSrv        C:\windows\system32\TODDSrv.exe
19:29:47.0343 6984  TODDSrv - ok
19:29:47.0418 6984  [ BF289F175C1307B4B72D1A17806EF83C ] TosCoSrv        C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
19:29:47.0442 6984  TosCoSrv - ok
19:29:47.0511 6984  [ A22DEB5EC05FEBFDCA1D3FF70FA1FF46 ] TOSHIBA Bluetooth Service C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
19:29:47.0527 6984  TOSHIBA Bluetooth Service - ok
19:29:47.0602 6984  [ 0437D8936DF27FF6BA3BFDC4EB6A802D ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
19:29:47.0629 6984  TOSHIBA eco Utility Service - ok
19:29:47.0658 6984  [ 74C2FA8C3765EE71A9C22182EC108457 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
19:29:47.0671 6984  TOSHIBA HDD SSD Alert Service - ok
19:29:47.0701 6984  [ 755E5CA34D6186FC0E1430CD47E6E97C ] toshidpt        C:\windows\system32\drivers\Toshidpt.sys
19:29:47.0711 6984  toshidpt - ok
19:29:47.0739 6984  [ 8021F63311797085949FA387F7C83583 ] tosporte        C:\windows\system32\drivers\tosporte.sys
19:29:47.0750 6984  tosporte - ok
19:29:47.0762 6984  Tosrfcom - ok
19:29:47.0796 6984  [ F5E3AC4CBCD154EE80849B21887FD0B0 ] tosrfec        C:\windows\system32\drivers\tosrfec.sys
19:29:47.0806 6984  tosrfec - ok
19:29:47.0844 6984  [ 09FF7B0B1B5C3D225495CB6F5A9B39F8 ] tos_sps64      C:\windows\system32\DRIVERS\tos_sps64.sys
19:29:47.0867 6984  tos_sps64 - ok
19:29:47.0899 6984  [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM            C:\windows\system32\drivers\tpm.sys
19:29:47.0913 6984  TPM - ok
19:29:47.0941 6984  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\windows\System32\trkwks.dll
19:29:47.0994 6984  TrkWks - ok
19:29:48.0048 6984  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
19:29:48.0116 6984  TrustedInstaller - ok
19:29:48.0128 6984  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
19:29:48.0182 6984  tssecsrv - ok
19:29:48.0208 6984  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
19:29:48.0233 6984  TsUsbFlt - ok
19:29:48.0262 6984  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD        C:\windows\system32\drivers\TsUsbGD.sys
19:29:48.0288 6984  TsUsbGD - ok
19:29:48.0320 6984  [ B95378E4245105980B7B91432872589E ] TTPDSrv        C:\windows\System32\TTPDSRV.exe
19:29:48.0345 6984  TTPDSrv ( UnsignedFile.Multi.Generic ) - warning
19:29:48.0345 6984  TTPDSrv - detected UnsignedFile.Multi.Generic (1)
19:29:48.0396 6984  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
19:29:48.0467 6984  tunnel - ok
19:29:48.0513 6984  [ EFFCE6E033EBDD0F3C0F14A413558F65 ] TVALZ          C:\windows\system32\drivers\TVALZ.SYS
19:29:48.0532 6984  TVALZ - ok
19:29:48.0554 6984  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\windows\system32\drivers\uagp35.sys
19:29:48.0568 6984  uagp35 - ok
19:29:48.0597 6984  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
19:29:48.0653 6984  udfs - ok
19:29:48.0680 6984  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect      C:\windows\system32\UI0Detect.exe
19:29:48.0707 6984  UI0Detect - ok
19:29:48.0738 6984  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
19:29:48.0752 6984  uliagpkx - ok
19:29:48.0793 6984  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus          C:\windows\system32\DRIVERS\umbus.sys
19:29:48.0820 6984  umbus - ok
19:29:48.0861 6984  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\windows\system32\drivers\umpass.sys
19:29:48.0888 6984  UmPass - ok
19:29:48.0908 6984  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\windows\System32\umrdp.dll
19:29:48.0935 6984  UmRdpService - ok
19:29:49.0071 6984  [ 41118D920B2B268C0ADC36421248CDCF ] UNS            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
19:29:49.0130 6984  UNS ( UnsignedFile.Multi.Generic ) - warning
19:29:49.0130 6984  UNS - detected UnsignedFile.Multi.Generic (1)
19:29:49.0164 6984  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\windows\System32\upnphost.dll
19:29:49.0226 6984  upnphost - ok
19:29:49.0249 6984  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp        C:\windows\system32\DRIVERS\usbccgp.sys
19:29:49.0294 6984  usbccgp - ok
19:29:49.0337 6984  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\windows\system32\drivers\usbcir.sys
19:29:49.0357 6984  usbcir - ok
19:29:49.0375 6984  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci        C:\windows\system32\drivers\usbehci.sys
19:29:49.0401 6984  usbehci - ok
19:29:49.0439 6984  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\windows\system32\drivers\usbhub.sys
19:29:49.0471 6984  usbhub - ok
19:29:49.0487 6984  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci        C:\windows\system32\drivers\usbohci.sys
19:29:49.0514 6984  usbohci - ok
19:29:49.0541 6984  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
19:29:49.0573 6984  usbprint - ok
19:29:49.0607 6984  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan        C:\windows\system32\DRIVERS\usbscan.sys
19:29:49.0627 6984  usbscan - ok
19:29:49.0650 6984  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR        C:\windows\system32\DRIVERS\USBSTOR.SYS
19:29:49.0685 6984  USBSTOR - ok
19:29:49.0697 6984  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci        C:\windows\system32\drivers\usbuhci.sys
19:29:49.0724 6984  usbuhci - ok
19:29:49.0762 6984  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\windows\system32\Drivers\usbvideo.sys
19:29:49.0791 6984  usbvideo - ok
19:29:49.0810 6984  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms          C:\windows\System32\uxsms.dll
19:29:49.0868 6984  UxSms - ok
19:29:49.0889 6984  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\windows\system32\lsass.exe
19:29:49.0901 6984  VaultSvc - ok
19:29:49.0932 6984  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
19:29:49.0945 6984  vdrvroot - ok
19:29:49.0964 6984  [ 8D6B481601D01A456E75C3210F1830BE ] vds            C:\windows\System32\vds.exe
19:29:50.0028 6984  vds - ok
19:29:50.0058 6984  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga            C:\windows\system32\DRIVERS\vgapnp.sys
19:29:50.0074 6984  vga - ok
19:29:50.0084 6984  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave        C:\windows\System32\drivers\vga.sys
19:29:50.0132 6984  VgaSave - ok
19:29:50.0164 6984  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp          C:\windows\system32\drivers\vhdmp.sys
19:29:50.0180 6984  vhdmp - ok
19:29:50.0201 6984  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\windows\system32\drivers\viaide.sys
19:29:50.0214 6984  viaide - ok
19:29:50.0277 6984  [ F307DA7E96BC760B4628E204E234DCD0 ] Virtual Router  C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe
19:29:50.0294 6984  Virtual Router ( UnsignedFile.Multi.Generic ) - warning
19:29:50.0294 6984  Virtual Router - detected UnsignedFile.Multi.Generic (1)
19:29:50.0329 6984  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus          C:\windows\system32\drivers\vmbus.sys
19:29:50.0358 6984  vmbus - ok
19:29:50.0376 6984  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\windows\system32\drivers\VMBusHID.sys
19:29:50.0413 6984  VMBusHID - ok
19:29:50.0444 6984  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\windows\system32\drivers\volmgr.sys
19:29:50.0468 6984  volmgr - ok
19:29:50.0500 6984  [ A255814907C89BE58B79EF2F189B843B ] volmgrx        C:\windows\system32\drivers\volmgrx.sys
19:29:50.0518 6984  volmgrx - ok
19:29:50.0550 6984  [ DF8126BD41180351A093A3AD2FC8903B ] volsnap        C:\windows\system32\drivers\volsnap.sys
19:29:50.0586 6984  volsnap - ok
19:29:50.0609 6984  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid        C:\windows\system32\drivers\vsmraid.sys
19:29:50.0627 6984  vsmraid - ok
19:29:50.0686 6984  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS            C:\windows\system32\vssvc.exe
19:29:50.0758 6984  VSS - ok
19:29:50.0794 6984  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
19:29:50.0849 6984  vwifibus - ok
19:29:50.0885 6984  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
19:29:50.0917 6984  vwififlt - ok
19:29:50.0965 6984  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp        C:\windows\system32\DRIVERS\vwifimp.sys
19:29:51.0002 6984  vwifimp - ok
19:29:51.0033 6984  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time        C:\windows\system32\w32time.dll
19:29:51.0079 6984  W32Time - ok
19:29:51.0147 6984  [ B32009DB1972E7F2C227499289C4384A ] W3SVC          C:\windows\system32\inetsrv\iisw3adm.dll
19:29:51.0169 6984  W3SVC - ok
19:29:51.0184 6984  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\windows\system32\drivers\wacompen.sys
19:29:51.0208 6984  WacomPen - ok
19:29:51.0246 6984  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
19:29:51.0301 6984  WANARP - ok
19:29:51.0305 6984  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
19:29:51.0346 6984  Wanarpv6 - ok
19:29:51.0380 6984  [ B32009DB1972E7F2C227499289C4384A ] WAS            C:\windows\system32\inetsrv\iisw3adm.dll
19:29:51.0397 6984  WAS - ok
19:29:51.0440 6984  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\windows\system32\wbengine.exe
19:29:51.0522 6984  wbengine - ok
19:29:51.0544 6984  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
19:29:51.0581 6984  WbioSrvc - ok
19:29:51.0614 6984  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc        C:\windows\System32\wcncsvc.dll
19:29:51.0657 6984  wcncsvc - ok
19:29:51.0680 6984  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
19:29:51.0717 6984  WcsPlugInService - ok
19:29:51.0744 6984  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\windows\system32\drivers\wd.sys
19:29:51.0757 6984  Wd - ok
19:29:51.0809 6984  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
19:29:51.0842 6984  Wdf01000 - ok
19:29:51.0860 6984  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\windows\system32\wdi.dll
19:29:51.0964 6984  WdiServiceHost - ok
19:29:51.0967 6984  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost  C:\windows\system32\wdi.dll
19:29:51.0991 6984  WdiSystemHost - ok
19:29:52.0020 6984  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient      C:\windows\System32\webclnt.dll
19:29:52.0061 6984  WebClient - ok
19:29:52.0087 6984  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\windows\system32\wecsvc.dll
19:29:52.0147 6984  Wecsvc - ok
19:29:52.0171 6984  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport  C:\windows\System32\wercplsupport.dll
19:29:52.0227 6984  wercplsupport - ok
19:29:52.0263 6984  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\windows\System32\WerSvc.dll
19:29:52.0304 6984  WerSvc - ok
19:29:52.0334 6984  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
19:29:52.0370 6984  WfpLwf - ok
19:29:52.0376 6984  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\windows\system32\drivers\wimmount.sys
19:29:52.0388 6984  WIMMount - ok
19:29:52.0418 6984  WinDefend - ok
19:29:52.0425 6984  WinHttpAutoProxySvc - ok
19:29:52.0479 6984  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt        C:\windows\system32\wbem\WMIsvc.dll
19:29:52.0556 6984  Winmgmt - ok
19:29:52.0631 6984  [ BCB1310604AA415C4508708975B3931E ] WinRM          C:\windows\system32\WsmSvc.dll
19:29:52.0721 6984  WinRM - ok
19:29:52.0776 6984  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\windows\system32\DRIVERS\WinUSB.sys
19:29:52.0817 6984  WinUsb - ok
19:29:52.0862 6984  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc        C:\windows\System32\wlansvc.dll
19:29:52.0914 6984  Wlansvc - ok
19:29:52.0978 6984  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:29:53.0002 6984  wlcrasvc - ok
19:29:53.0100 6984  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:29:53.0171 6984  wlidsvc - ok
19:29:53.0186 6984  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi        C:\windows\system32\drivers\wmiacpi.sys
19:29:53.0218 6984  WmiAcpi - ok
19:29:53.0260 6984  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
19:29:53.0305 6984  wmiApSrv - ok
19:29:53.0335 6984  WMPNetworkSvc - ok
19:29:53.0366 6984  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\windows\System32\wpcsvc.dll
19:29:53.0386 6984  WPCSvc - ok
19:29:53.0403 6984  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
19:29:53.0419 6984  WPDBusEnum - ok
19:29:53.0435 6984  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl        C:\windows\system32\drivers\ws2ifsl.sys
19:29:53.0473 6984  ws2ifsl - ok
19:29:53.0489 6984  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\windows\System32\wscsvc.dll
19:29:53.0530 6984  wscsvc - ok
19:29:53.0533 6984  WSearch - ok
19:29:53.0616 6984  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\windows\system32\wuaueng.dll
19:29:53.0708 6984  wuauserv - ok
19:29:53.0745 6984  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
19:29:53.0769 6984  WudfPf - ok
19:29:53.0795 6984  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
19:29:53.0812 6984  WUDFRd - ok
19:29:53.0821 6984  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc        C:\windows\System32\WUDFSvc.dll
19:29:53.0849 6984  wudfsvc - ok
19:29:53.0885 6984  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc        C:\windows\System32\wwansvc.dll
19:29:53.0929 6984  WwanSvc - ok
19:29:53.0969 6984  [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21          C:\windows\system32\DRIVERS\xusb21.sys
19:29:53.0994 6984  xusb21 - ok
19:29:54.0018 6984  ================ Scan global ===============================
19:29:54.0031 6984  [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
19:29:54.0075 6984  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\windows\system32\winsrv.dll
19:29:54.0083 6984  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\windows\system32\winsrv.dll
19:29:54.0111 6984  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
19:29:54.0135 6984  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
19:29:54.0139 6984  [Global] - ok
19:29:54.0140 6984  ================ Scan MBR ==================================
19:29:54.0150 6984  [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
19:29:54.0448 6984  \Device\Harddisk0\DR0 - ok
19:29:54.0449 6984  ================ Scan VBR ==================================
19:29:54.0484 6984  [ 74B7DD403BD247B57B97A75B11520358 ] \Device\Harddisk0\DR0\Partition1
19:29:54.0486 6984  \Device\Harddisk0\DR0\Partition1 - ok
19:29:54.0487 6984  ============================================================
19:29:54.0487 6984  Scan finished
19:29:54.0487 6984  ============================================================
19:29:54.0515 6828  Detected object count: 5
19:29:54.0515 6828  Actual detected object count: 5
19:30:26.0043 6828  LMS ( UnsignedFile.Multi.Generic ) - skipped by user
19:30:26.0044 6828  LMS ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:30:26.0045 6828  Thpsrv ( UnsignedFile.Multi.Generic ) - skipped by user
19:30:26.0045 6828  Thpsrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:30:26.0047 6828  TTPDSrv ( UnsignedFile.Multi.Generic ) - skipped by user
19:30:26.0047 6828  TTPDSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:30:26.0049 6828  UNS ( UnsignedFile.Multi.Generic ) - skipped by user
19:30:26.0049 6828  UNS ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:30:26.0051 6828  Virtual Router ( UnsignedFile.Multi.Generic ) - skipped by user
19:30:26.0051 6828  Virtual Router ( UnsignedFile.Multi.Generic ) - User select action: Skip
Hoffe das passt

lg momo

cosinus 26.01.2013 19:55
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

momo2408 27.01.2013 20:43
So hier mal die combofix log

Code:
ComboFix 13-01-27.03 - Schüler 27.01.2013  20:09:28.2.4 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.5872.3933 [GMT 1:00]
ausgeführt von:: c:\users\Schüler\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
c:\program files (x86)\Incredibar.com
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarApp.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarEng.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarsrv.exe
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
c:\programdata\reyalpclv.pad
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-12-27 bis 2013-01-27  ))))))))))))))))))))))))))))))
.
.
2013-01-27 19:18 . 2013-01-27 19:18        --------        d-----w-        c:\users\setup\AppData\Local\temp
2013-01-27 19:18 . 2013-01-27 19:18        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-01-24 16:12 . 2013-01-24 16:12        --------        d-----w-        c:\programdata\Malwarebytes
2013-01-22 18:57 . 2013-01-22 18:57        --------        d-----w-        c:\program files (x86)\Trojan Remover
2013-01-22 18:57 . 2013-01-22 18:57        --------        d-----w-        c:\programdata\Simply Super Software
2013-01-22 18:41 . 2013-01-24 16:45        --------        d-----w-        c:\users\Schüler\AppData\Roaming\Dropbox
2013-01-10 16:02 . 2012-11-09 05:45        750592        ----a-w-        c:\windows\system32\win32spl.dll
2013-01-10 16:02 . 2012-11-09 04:43        492032        ----a-w-        c:\windows\SysWow64\win32spl.dll
2013-01-10 15:47 . 2012-11-30 05:41        424448        ----a-w-        c:\windows\system32\KernelBase.dll
2013-01-09 23:01 . 2012-06-01 05:36        192000        ----a-w-        c:\windows\system32\iisRtl.dll
2013-01-09 23:00 . 2012-11-20 05:48        307200        ----a-w-        c:\windows\system32\ncrypt.dll
2013-01-09 23:00 . 2012-11-20 04:51        220160        ----a-w-        c:\windows\SysWow64\ncrypt.dll
2013-01-09 23:00 . 2012-11-22 05:44        800768        ----a-w-        c:\windows\system32\usp10.dll
2013-01-09 23:00 . 2012-11-22 04:45        626688        ----a-w-        c:\windows\SysWow64\usp10.dll
2013-01-09 22:47 . 2012-11-23 03:13        68608        ----a-w-        c:\windows\system32\taskhost.exe
2013-01-09 22:47 . 2012-11-23 03:26        3149824        ----a-w-        c:\windows\system32\win32k.sys
2013-01-08 18:57 . 2013-01-08 19:27        --------        d-----w-        c:\users\Schüler\AppData\Local\ApplicationHistory
2013-01-08 18:56 . 2013-01-08 18:56        --------        d-----w-        c:\program files (x86)\Common Files\SpellEx
2013-01-08 17:20 . 2013-01-08 18:56        --------        d-----w-        c:\program files (x86)\Common Files\TI Shared
2013-01-08 17:20 . 2013-01-08 17:20        --------        d-----w-        c:\program files\DIFX
2013-01-08 17:20 . 2009-09-03 15:30        128512        ----a-w-        c:\windows\system32\drivers\tiehdusb.sys
2013-01-08 17:20 . 2013-01-08 18:56        --------        d-----w-        c:\program files (x86)\TI Education
2013-01-08 17:17 . 2013-01-08 17:17        --------        d-----w-        c:\windows\SysWow64\BestPractices
2013-01-08 17:17 . 2013-01-08 17:17        --------        d-----w-        c:\windows\system32\BestPractices
2013-01-08 17:17 . 2013-01-08 17:17        --------        d-----w-        C:\inetpub
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 23:01 . 2011-09-21 11:11        67599240        ----a-w-        c:\windows\system32\MRT.exe
2012-12-16 17:11 . 2012-12-21 22:56        46080        ----a-w-        c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 22:56        367616        ----a-w-        c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 22:56        295424        ----a-w-        c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 22:56        34304        ----a-w-        c:\windows\SysWow64\atmlib.dll
2012-12-11 16:42 . 2012-10-11 13:28        129216        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-12-11 16:42 . 2012-10-11 13:28        99912        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-11-30 04:45 . 2013-01-10 15:47        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
2012-11-14 07:06 . 2012-12-20 07:30        17811968        ----a-w-        c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-20 07:30        10925568        ----a-w-        c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-20 07:30        2312704        ----a-w-        c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-20 07:30        1346048        ----a-w-        c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-20 07:30        1392128        ----a-w-        c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-20 07:30        1494528        ----a-w-        c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-20 07:30        237056        ----a-w-        c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-20 07:30        85504        ----a-w-        c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-20 07:30        816640        ----a-w-        c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-20 07:30        599040        ----a-w-        c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-20 07:30        173056        ----a-w-        c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-20 07:30        2144768        ----a-w-        c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-20 07:30        729088        ----a-w-        c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-20 07:30        96768        ----a-w-        c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-20 07:30        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-20 07:30        248320        ----a-w-        c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-20 07:30        1800704        ----a-w-        c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-20 07:30        1427968        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-20 07:30        1129472        ----a-w-        c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-20 07:30        142848        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-20 07:30        420864        ----a-w-        c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-20 07:30        2382848        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-18 21:04        2048        ----a-w-        c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-18 21:04        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2012-11-02 05:59 . 2012-12-18 20:48        478208        ----a-w-        c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-18 20:48        376832        ----a-w-        c:\windows\SysWow64\dpnet.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\users\Schüler\AppData\LocalLow\CT2625848\ldrtbDVDV.dll" [2012-12-18 617880]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
2012-12-18 12:37        617880        ----a-w-        c:\users\Schüler\AppData\LocalLow\CT2625848\ldrtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}]
2012-11-26 13:39        170840        ----a-w-        c:\program files\IB Updater\Extension32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\users\Schüler\AppData\LocalLow\CT2625848\ldrtbDVDV.dll" [2012-12-18 617880]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        129272        ----a-w-        c:\users\Schüler\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        129272        ----a-w-        c:\users\Schüler\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        129272        ----a-w-        c:\users\Schüler\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-12-04 1354736]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2012-04-26 3111744]
"SDP"="c:\program files (x86)\FilesFrog Update Checker\update_checker.exe" [2012-10-03 201808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2011-01-07 1406248]
"TOSDCR"="c:\program files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe" [2007-08-28 169296]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2011-04-01 80840]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-05-01 2454840]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-12-11 384800]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1637496]
"TrojanScanner"="c:\program files (x86)\Trojan Remover\Trjscan.exe" [2012-09-14 1247504]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]
.
c:\users\Schüler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Schüler\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Toshiba Places Icon Utility.lnk - c:\program files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [2011-6-19 1470848]
Virtual Router Manager.lnk - c:\windows\Installer\{8DB05F7E-1F7A-4CC0-882F-375B97F04CD4}\_E6D9769DD20AF384865041.exe [2012-12-24 22486]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 TTPDSrv;TOSHIBA Touch Pad Service;c:\windows\System32\TTPDSRV.exe [2007-11-07 73728]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-02-10 112080]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 34880]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.SYS [2009-06-29 14784]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2010-05-08 482384]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-26 291680]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-11 85280]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\ATService.exe [2010-06-17 2734912]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-08-13 5167736]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 IB Updater;IB Updater;c:\program files\IB Updater\ExtensionUpdaterService.exe [2012-11-26 188760]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-01-14 572712]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimspe64.sys [2010-06-23 64512]
S2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe64.sys [2010-05-07 80384]
S2 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe64.sys [2009-07-04 55808]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-04-07 294328]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]
S2 Virtual Router;VirtualRouterService;c:\program files (x86)\Virtual Router\VirtualRouterService.exe [2009-11-18 12288]
S3 ATSwpWDF;AuthenTec TruePrint USB Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2010-06-17 770152]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-10-15 283200]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2011-07-20 342704]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-26 158976]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-08-31 317440]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 62386849
*NewlyCreated* - ASWMBR
*Deregistered* - 62386849
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs        REG_MULTI_SZ          w3svc was
apphost        REG_MULTI_SZ          apphostsvc
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ATFPUOverlayIcon]
@="{3239DBC1-B76D-4dc7-8B29-D99CBA3C7336}"
[HKEY_CLASSES_ROOT\CLSID\{3239DBC1-B76D-4dc7-8B29-D99CBA3C7336}]
2010-03-02 08:24        153520        ----a-w-        c:\program files\TOSHIBA\TFPU\TFPUOverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        162552        ----a-w-        c:\users\Schüler\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        162552        ----a-w-        c:\users\Schüler\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        162552        ----a-w-        c:\users\Schüler\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        162552        ----a-w-        c:\users\Schüler\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-30 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-30 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-30 417304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-30 8305664]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2010-01-06 315392]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 709976]
"TFPUPWDBankService"="c:\program files\TOSHIBA\TFPU\TFPUPWDBank.exe" [2010-03-02 925104]
"TFPUService"="c:\program files\TOSHIBA\TFPU\TFPUTaskMonitor.exe" [2010-11-04 789368]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2011-02-10 1546720]
"Toshiba Registration"="c:\program files\TOSHIBA\Registration\ToshibaReminder.exe" [2011-06-19 150992]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://mystart.incredibar.com/mb201?a=6PQTFXqx0t&i=26
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Free YouTube to MP3 Converter - c:\users\Schüler\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Schüler\AppData\Roaming\Mozilla\Firefox\Profiles\vpfujy5y.default\
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredibar.com/mb201?a=6PQTFXqx0t&i=26
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb201/?loc=IB_DS&a=6PQTFXqx0t&&i=26&search=
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQTFXqx0t&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 6cf4ed55000000000000e89d87e2202d
FF - user.js: extensions.incredibar_i.instlDay - 15698
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1411:37
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6PQTFXqx0t
FF - user.js: extensions.incredibar_i.upn2n - 92544151074464289
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd -
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
Toolbar-Locked - (no file)
Toolbar-{F9639E4A-801B-4843-AEE3-03D9DA199E77} - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
Wow6432Node-HKLM-Run-TUSBSleepChargeSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
Wow6432Node-HKLM-Run-TNRotate - %ProgramFiles(x86)%\TOSHIBA\TNRotate\TNRotate.exe
Toolbar-Locked - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-incredibar - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2571110905-46770084-1883573713-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:44,42,17,c8,f8,86,41,23,8c,e8,61,c6,22,2f,72,bb,b2,84,c3,10,2a,49,31,
  8d,d2,79,ee,2c,74,1e,b4,a4,de,40,fd,79,40,f5,ec,d5,8b,3d,2b,1e,2b,db,c1,e1,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
[HKEY_USERS\S-1-5-21-2571110905-46770084-1883573713-1001\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:75,fa,cf,9b,d0,6e,d1,58,1e,62,12,f7,cc,c2,3d,26,02,e8,c1,91,74,
  96,3c,75,cb,ac,8c,88,f3,67,f2,73,12,29,7e,74,a5,f0,09,a1,0d,3e,1a,e3,5c,e4,\
"rkeysecu"=hex:05,65,e7,eb,f6,85,f6,b6,ee,cd,c8,81,0c,38,80,b2
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-27  20:39:16
ComboFix-quarantined-files.txt  2013-01-27 19:39
.
Vor Suchlauf: 9 Verzeichnis(se), 219.176.521.728 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 219.025.416.192 Bytes frei
.
- - End Of File - - 845D105180BBFB6D6D6927EB09ED6E93
lg momo

cosinus 28.01.2013 11:59
Zitat:
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
Was soll sowas?! :wtf:
Warum hast du AVG und AntiVir gleichzeitig installiert?!

momo2408 28.01.2013 14:19
Weil ich als ich anfangs dieses problem hatte alle möglichen programme versucht habe aber es hat keines was gebracht da hab ich dann warscheinlich beim deinstallieren was übersehen welches soll ich deiner meinung nach deinstallieren?

lg momo

cosinus 28.01.2013 14:28
Deinstalliere beide, wenn wir fertig sind kannst du dich zwischen Avast oder MSE entscheiden

momo2408 28.01.2013 14:43
Ok habe beide deinstalliert

lg momo

cosinus 28.01.2013 14:50
Ok, mach bitte nun ein Log mit GMER und poste es in CODE-Tags

momo2408 28.01.2013 15:12
Hier die Log

Code:
GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-28 15:11:21
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB3O 298,09GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\SCHLER~1\AppData\Local\Temp\pgldypog.sys


---- User code sections - GMER 2.0 ----

.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                  0000000075621401 2 bytes [62, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                    0000000075621419 2 bytes [62, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                  0000000075621431 2 bytes [62, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                  000000007562144a 2 bytes [62, 75]
.text    ...                                                                                                                                                                                          * 9
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                      00000000756214dd 2 bytes [62, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                              00000000756214f5 2 bytes [62, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                      000000007562150d 2 bytes [62, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                              0000000075621525 2 bytes [62, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                    000000007562153d 2 bytes [62, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                          0000000075621555 2 bytes [62, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                  000000007562156d 2 bytes [62, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                    0000000075621585 2 bytes [62, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                        000000007562159d 2 bytes [62, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                    00000000756215b5 2 bytes [62, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                  00000000756215cd 2 bytes [62, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                              00000000756216b2 2 bytes [62, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                              00000000756216bd 2 bytes [62, 75]
.text    C:\Users\Schüler\AppData\Roaming\Dropbox\bin\Dropbox.exe[3924] C:\windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17                                                                      0000000075621401 2 bytes [62, 75]
.text    C:\Users\Schüler\AppData\Roaming\Dropbox\bin\Dropbox.exe[3924] C:\windows\syswow64\Psapi.dll!EnumProcessModules + 17                                                                        0000000075621419 2 bytes [62, 75]
.text    C:\Users\Schüler\AppData\Roaming\Dropbox\bin\Dropbox.exe[3924] C:\windows\syswow64\Psapi.dll!GetModuleInformation + 17                                                                      0000000075621431 2 bytes [62, 75]
.text    C:\Users\Schüler\AppData\Roaming\Dropbox\bin\Dropbox.exe[3924] C:\windows\syswow64\Psapi.dll!GetModuleInformation + 42                                                                      000000007562144a 2 bytes [62, 75]
.text    ...                                                                                                                                                                                          * 9
.text    C:\Users\Schüler\AppData\Roaming\Dropbox\bin\Dropbox.exe[3924] C:\windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17                                                                          00000000756214dd 2 bytes [62, 75]
.text    C:\Users\Schüler\AppData\Roaming\Dropbox\bin\Dropbox.exe[3924] C:\windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17                                                                  00000000756214f5 2 bytes [62, 75]
.text    C:\Users\Schüler\AppData\Roaming\Dropbox\bin\Dropbox.exe[3924] C:\windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17                                                                          000000007562150d 2 bytes [62, 75]
.text    C:\Users\Schüler\AppData\Roaming\Dropbox\bin\Dropbox.exe[3924] C:\windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17                                                                  0000000075621525 2 bytes [62, 75]
.text    C:\Users\Schüler\AppData\Roaming\Dropbox\bin\Dropbox.exe[3924] C:\windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17                                                                        000000007562153d 2 bytes [62, 75]
.text    C:\Users\Schüler\AppData\Roaming\Dropbox\bin\Dropbox.exe[3924] C:\windows\syswow64\Psapi.dll!EnumProcesses + 17                                                                              0000000075621555 2 bytes [62, 75]
.text    C:\Users\Schüler\AppData\Roaming\Dropbox\bin\Dropbox.exe[3924] C:\windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17                                                                      000000007562156d 2 bytes [62, 75]
.text    C:\Users\Schüler\AppData\Roaming\Dropbox\bin\Dropbox.exe[3924] C:\windows\syswow64\Psapi.dll!GetPerformanceInfo + 17                                                                        0000000075621585 2 bytes [62, 75]
.text    C:\Users\Schüler\AppData\Roaming\Dropbox\bin\Dropbox.exe[3924] C:\windows\syswow64\Psapi.dll!QueryWorkingSet + 17                                                                            000000007562159d 2 bytes [62, 75]
.text    C:\Users\Schüler\AppData\Roaming\Dropbox\bin\Dropbox.exe[3924] C:\windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17                                                                        00000000756215b5 2 bytes [62, 75]
.text    C:\Users\Schüler\AppData\Roaming\Dropbox\bin\Dropbox.exe[3924] C:\windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17                                                                      00000000756215cd 2 bytes [62, 75]
.text    C:\Users\Schüler\AppData\Roaming\Dropbox\bin\Dropbox.exe[3924] C:\windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20                                                                  00000000756216b2 2 bytes [62, 75]
.text    C:\Users\Schüler\AppData\Roaming\Dropbox\bin\Dropbox.exe[3924] C:\windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31                                                                  00000000756216bd 2 bytes [62, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1280] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                0000000075621401 2 bytes [62, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1280] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                  0000000075621419 2 bytes [62, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1280] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                0000000075621431 2 bytes [62, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1280] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                000000007562144a 2 bytes [62, 75]
.text    ...                                                                                                                                                                                          * 9
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1280] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                    00000000756214dd 2 bytes [62, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1280] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                            00000000756214f5 2 bytes [62, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1280] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                    000000007562150d 2 bytes [62, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1280] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                            0000000075621525 2 bytes [62, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1280] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                  000000007562153d 2 bytes [62, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1280] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                        0000000075621555 2 bytes [62, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1280] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                000000007562156d 2 bytes [62, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1280] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                  0000000075621585 2 bytes [62, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1280] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                      000000007562159d 2 bytes [62, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1280] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                  00000000756215b5 2 bytes [62, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1280] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                00000000756215cd 2 bytes [62, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1280] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                            00000000756216b2 2 bytes [62, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1280] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                            00000000756216bd 2 bytes [62, 75]
.text    C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3404] C:\windows\syswow64\KERNELBASE.dll!HeapCreate                                                                              0000000076d5549c 5 bytes JMP 0000000100080800
.text    C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3404] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                    0000000075621401 2 bytes [62, 75]
.text    C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3404] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                      0000000075621419 2 bytes [62, 75]
.text    C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3404] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                    0000000075621431 2 bytes [62, 75]
.text    C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3404] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                    000000007562144a 2 bytes [62, 75]
.text    ...                                                                                                                                                                                          * 9
.text    C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3404] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                        00000000756214dd 2 bytes [62, 75]
.text    C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3404] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                00000000756214f5 2 bytes [62, 75]
.text    C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3404] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                        000000007562150d 2 bytes [62, 75]
.text    C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3404] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                0000000075621525 2 bytes [62, 75]
.text    C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3404] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                      000000007562153d 2 bytes [62, 75]
.text    C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3404] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                            0000000075621555 2 bytes [62, 75]
.text    C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3404] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                    000000007562156d 2 bytes [62, 75]
.text    C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3404] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                      0000000075621585 2 bytes [62, 75]
.text    C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3404] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                          000000007562159d 2 bytes [62, 75]
.text    C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3404] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                      00000000756215b5 2 bytes [62, 75]
.text    C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3404] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                    00000000756215cd 2 bytes [62, 75]
.text    C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3404] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                00000000756216b2 2 bytes [62, 75]
.text    C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3404] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                00000000756216bd 2 bytes [62, 75]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5312] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                0000000075621401 2 bytes [62, 75]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5312] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                  0000000075621419 2 bytes [62, 75]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5312] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                0000000075621431 2 bytes [62, 75]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5312] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                000000007562144a 2 bytes [62, 75]
.text    ...                                                                                                                                                                                          * 9
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5312] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                    00000000756214dd 2 bytes [62, 75]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5312] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                            00000000756214f5 2 bytes [62, 75]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5312] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                    000000007562150d 2 bytes [62, 75]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5312] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                            0000000075621525 2 bytes [62, 75]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5312] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                  000000007562153d 2 bytes [62, 75]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5312] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                        0000000075621555 2 bytes [62, 75]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5312] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                000000007562156d 2 bytes [62, 75]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5312] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                  0000000075621585 2 bytes [62, 75]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5312] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                      000000007562159d 2 bytes [62, 75]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5312] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                  00000000756215b5 2 bytes [62, 75]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5312] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                00000000756215cd 2 bytes [62, 75]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5312] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                            00000000756216b2 2 bytes [62, 75]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5312] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                            00000000756216bd 2 bytes [62, 75]

---- User IAT/EAT - GMER 2.0 ----

IAT      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1964] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId]              [7fef1742750] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1964] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId]          [7fef1742b98] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1964] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId]  [7fef1747de0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1964] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId]          [7fef1748130] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1964] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId]  [7fef1741908] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1964] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession]            [7fef1741c00] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1964] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload]          [7fef17481d8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1964] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet]                  [7fef1742878] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1964] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString]    [7fef1747a5c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1964] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmIncrement]            [7fef1746c48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1964] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord]      [7fef17477bc] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1964] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion]        [7fef1747064] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1964] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession]          [7fef1746544] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1964] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession]            [7fef1745e30] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll

---- Threads - GMER 2.0 ----

Thread  C:\windows\System32\svchost.exe [1536:2848]                                                                                                                                                  000007feec7e9688
Thread  C:\Program Files (x86)\Steam\Steam.exe [3892:4016]                                                                                                                                          00000000725862ee
Thread  C:\Program Files (x86)\Steam\Steam.exe [3892:5080]                                                                                                                                          0000000077d82e25
Thread  C:\Program Files (x86)\Steam\Steam.exe [3892:5092]                                                                                                                                          00000000301a81ce
Thread  C:\Program Files (x86)\Steam\Steam.exe [3892:5096]                                                                                                                                          00000000301a81ce
Thread  C:\Program Files (x86)\Steam\Steam.exe [3892:5100]                                                                                                                                          00000000301a81ce
Thread  C:\Program Files (x86)\Steam\Steam.exe [3892:5104]                                                                                                                                          00000000301a81ce
Thread  C:\Program Files (x86)\Steam\Steam.exe [3892:5108]                                                                                                                                          00000000301a81ce
Thread  C:\Program Files (x86)\Steam\Steam.exe [3892:2784]                                                                                                                                          0000000070f50510
Thread  C:\Program Files (x86)\Steam\Steam.exe [3892:1768]                                                                                                                                          000000006b44a510
Thread  C:\Program Files (x86)\Steam\Steam.exe [3892:2736]                                                                                                                                          000000006bc528ad
Thread  C:\Program Files (x86)\Steam\Steam.exe [3892:2080]                                                                                                                                          0000000077d83e45
Thread  C:\Program Files (x86)\Steam\Steam.exe [3892:4392]                                                                                                                                          0000000077d83e45
Thread  C:\Program Files (x86)\Steam\Steam.exe [3892:3556]                                                                                                                                          000000006b44a510
Thread  C:\Program Files (x86)\Steam\Steam.exe [3892:4404]                                                                                                                                          000000006b44a510
Thread  C:\Program Files (x86)\Steam\Steam.exe [3892:2084]                                                                                                                                          000000006b44a510
Thread  C:\Program Files (x86)\Steam\Steam.exe [3892:4008]                                                                                                                                          0000000070f50510
Thread  C:\Program Files (x86)\Steam\Steam.exe [3892:2192]                                                                                                                                          0000000070f50510
Thread  C:\Program Files (x86)\Steam\Steam.exe [3892:2488]                                                                                                                                          00000000380b5990
Thread  C:\Program Files (x86)\Steam\Steam.exe [3892:5168]                                                                                                                                          0000000070f50510
Thread  C:\Program Files (x86)\Steam\Steam.exe [3892:5296]                                                                                                                                          0000000070f50510
Thread  C:\Program Files (x86)\Steam\Steam.exe [3892:5376]                                                                                                                                          00000000301a81ce
Thread  C:\Program Files (x86)\Steam\Steam.exe [3892:5388]                                                                                                                                          00000000301a81ce
Thread  C:\Program Files (x86)\Steam\Steam.exe [3892:5392]                                                                                                                                          00000000301a81ce
Thread  C:\Program Files (x86)\Steam\Steam.exe [3892:5396]                                                                                                                                          00000000301a81ce
Thread  C:\Program Files (x86)\Steam\Steam.exe [3892:5400]                                                                                                                                          00000000301a81ce
Thread  C:\Program Files (x86)\Steam\Steam.exe [3892:5404]                                                                                                                                          00000000301a81ce
Thread  C:\Program Files (x86)\Steam\Steam.exe [3892:5408]                                                                                                                                          00000000301a81ce
Thread  C:\Program Files (x86)\Steam\Steam.exe [3892:5412]                                                                                                                                          00000000301a81ce
Thread  C:\Program Files (x86)\Steam\Steam.exe [3892:5416]                                                                                                                                          00000000301a81ce
Thread  C:\Program Files (x86)\Steam\Steam.exe [3892:5420]                                                                                                                                          00000000301a81ce
Thread  C:\Program Files (x86)\Steam\Steam.exe [3892:5424]                                                                                                                                          00000000301a81ce
Thread  C:\Program Files (x86)\Steam\Steam.exe [3892:5976]                                                                                                                                          0000000070f50510
Thread  C:\Program Files (x86)\Steam\Steam.exe [3892:6064]                                                                                                                                          00000000301a81ce
Thread  C:\Program Files (x86)\Steam\Steam.exe [3892:6068]                                                                                                                                          00000000301a81ce
Thread  C:\Program Files (x86)\Steam\Steam.exe [3892:6072]                                                                                                                                          00000000301a81ce
Thread  C:\Program Files (x86)\Steam\Steam.exe [3892:6076]                                                                                                                                          00000000301a81ce
Thread  C:\Program Files (x86)\Steam\Steam.exe [3892:6100]                                                                                                                                          000000007146b420
Thread  C:\Program Files (x86)\Steam\Steam.exe [3892:6104]                                                                                                                                          0000000070f50510
Thread  C:\Program Files (x86)\Steam\Steam.exe [3892:6112]                                                                                                                                          0000000070f50510
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [3676:4136]                                                                                                                              000007fefc542a7c
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [3676:4292]                                                                                                                              000007fef4a65124
---- Processes - GMER 2.0 ----

Library  ? (*** suspicious ***) @ C:\windows\System32\svchost.exe [1536]                                                                                                                              000007feffdc0000
Library  ? (*** suspicious ***) @ C:\Program Files\Windows Media Player\wmpnetwk.exe [3676]                                                                                                          000007fefdde0000

---- Registry - GMER 2.0 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{B5057D49-4CBD-4F43-9CF8-53FE6B2961CF}@InterfaceName                                                                      isatap.{C08C66FC-E658-4A97-90E5-CA7C17CC3D07}
Reg      HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{B5057D49-4CBD-4F43-9CF8-53FE6B2961CF}@ReusableType                                                                        0
Reg      HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch                                                                                                                            435
Reg      HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Sch\xb3ler\Desktop\ComboFix.exe                                                  1

---- EOF - GMER 2.0 ----
lg momo

cosinus 28.01.2013 16:29
adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

momo2408 28.01.2013 16:49
Code:
# AdwCleaner v2.109 - Datei am 28/01/2013 um 16:49:12 erstellt
# Aktualisiert am 26/01/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Schüler - STMO24
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Schüler\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****

Gefunden : IB Updater

***** [Dateien / Ordner] *****

Datei Gefunden : C:\END
Datei Gefunden : C:\user.js
Datei Gefunden : C:\Users\Schüler\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
Datei Gefunden : C:\Users\Schüler\AppData\Roaming\Mozilla\Firefox\Profiles\vpfujy5y.default\searchplugins\MyStart Search.xml
Ordner Gefunden : C:\Program Files (x86)\FilesFrog Update Checker
Ordner Gefunden : C:\Program Files\IB Updater
Ordner Gefunden : C:\Users\Schüler\AppData\Local\Conduit
Ordner Gefunden : C:\Users\Schüler\AppData\LocalLow\CT2625848
Ordner Gefunden : C:\Users\Schüler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
Ordner Gefunden : C:\Users\Schüler\AppData\Roaming\Mozilla\Firefox\Profiles\vpfujy5y.default\extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}
Ordner Gefunden : C:\Users\Schüler\AppData\Roaming\Mozilla\Firefox\Profiles\vpfujy5y.default\extensions\ffxtlbr@incredibar.com
Ordner Gefunden : C:\Users\Schüler\AppData\Roaming\OpenCandy
Ordner Gefunden : C:\windows\SysWOW64\WNLT

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\IM
Schlüssel Gefunden : HKCU\Software\ImInstaller
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\Somoto
Schlüssel Gefunden : HKCU\Software\WNLT
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\I
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SmartBar.CT2625848
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{63BEF061-5EFC-4753-9806-ED0573BC7C4B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\IB Updater
Schlüssel Gefunden : HKLM\Software\incredibar.com
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5555CC4C-FA2B-4D69-8296-B6AE5E95C0B7}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Schlüssel Gefunden : HKLM\SOFTWARE\Software
Schlüssel Gefunden : HKU\S-1-5-21-2571110905-46770084-1883573713-1001\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Wert Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SDP]
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F9639E4A-801B-4843-AEE3-03D9DA199E77}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://mystart.incredibar.com/mb201?a=6PQTFXqx0t&i=26

-\\ Mozilla Firefox v6.0.2 (de)

Datei : C:\Users\Schüler\AppData\Roaming\Mozilla\Firefox\Profiles\vpfujy5y.default\prefs.js

Gefunden : user_pref("CT2625848.autoDisableScopes", -1);
Gefunden : user_pref("browser.startup.homepage", "hxxp://mystart.incredibar.com/mb201?a=6PQTFXqx0t&i=26");
Gefunden : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb201?a=6PQTFXqx0t&i=26");
Gefunden : user_pref("browser.search.defaultenginename", "MyStart Search");
Gefunden : user_pref("browser.search.selectedEngine", "MyStart Search");
Gefunden : user_pref("keyword.URL", "hxxp://mystart.incredibar.com/mb201/?loc=IB_DS&a=6PQTFXqx0t&&i=26&search="[...]

*************************

AdwCleaner[R1].txt - [10728 octets] - [28/01/2013 16:49:12]

########## EOF - C:\AdwCleaner[R1].txt - [10789 octets] ##########
lg momo

cosinus 28.01.2013 16:50
adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.

momo2408 28.01.2013 18:42
adwcleaner.

Code:
# AdwCleaner v2.109 - Datei am 28/01/2013 um 17:07:38 erstellt
# Aktualisiert am 26/01/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Schüler - STMO24
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Schüler\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : IB Updater

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\END
Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\Schüler\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
Datei Gelöscht : C:\Users\Schüler\AppData\Roaming\Mozilla\Firefox\Profiles\vpfujy5y.default\searchplugins\MyStart Search.xml
Ordner Gelöscht : C:\Program Files (x86)\FilesFrog Update Checker
Ordner Gelöscht : C:\Program Files\IB Updater
Ordner Gelöscht : C:\Users\Schüler\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Schüler\AppData\LocalLow\CT2625848
Ordner Gelöscht : C:\Users\Schüler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
Ordner Gelöscht : C:\Users\Schüler\AppData\Roaming\Mozilla\Firefox\Profiles\vpfujy5y.default\extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}
Ordner Gelöscht : C:\Users\Schüler\AppData\Roaming\Mozilla\Firefox\Profiles\vpfujy5y.default\extensions\ffxtlbr@incredibar.com
Ordner Gelöscht : C:\Users\Schüler\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\windows\SysWOW64\WNLT

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Somoto
Schlüssel Gelöscht : HKCU\Software\WNLT
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\I
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SmartBar.CT2625848
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{63BEF061-5EFC-4753-9806-ED0573BC7C4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\IB Updater
Schlüssel Gelöscht : HKLM\Software\incredibar.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5555CC4C-FA2B-4D69-8296-B6AE5E95C0B7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Schlüssel Gelöscht : HKLM\SOFTWARE\Software
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SDP]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F9639E4A-801B-4843-AEE3-03D9DA199E77}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://mystart.incredibar.com/mb201?a=6PQTFXqx0t&i=26 --> hxxp://www.google.com

-\\ Mozilla Firefox v6.0.2 (de)

Datei : C:\Users\Schüler\AppData\Roaming\Mozilla\Firefox\Profiles\vpfujy5y.default\prefs.js

C:\Users\Schüler\AppData\Roaming\Mozilla\Firefox\Profiles\vpfujy5y.default\user.js ... Gelöscht !

Gelöscht : user_pref("CT2625848.autoDisableScopes", -1);
Gelöscht : user_pref("browser.startup.homepage", "hxxp://mystart.incredibar.com/mb201?a=6PQTFXqx0t&i=26");
Gelöscht : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb201?a=6PQTFXqx0t&i=26");
Gelöscht : user_pref("browser.search.defaultenginename", "MyStart Search");
Gelöscht : user_pref("browser.search.selectedEngine", "MyStart Search");
Gelöscht : user_pref("keyword.URL", "hxxp://mystart.incredibar.com/mb201/?loc=IB_DS&a=6PQTFXqx0t&&i=26&search="[...]

*************************

AdwCleaner[R1].txt - [10819 octets] - [28/01/2013 16:49:12]
AdwCleaner[S1].txt - [10683 octets] - [28/01/2013 17:07:38]

########## EOF - C:\AdwCleaner[S1].txt - [10744 octets] ##########
OTL:

Code:
OTL logfile created on: 28.01.2013 18:10:17 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Schüler\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,73 Gb Total Physical Memory | 4,07 Gb Available Physical Memory | 71,02% Memory free
11,47 Gb Paging File | 9,52 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287,66 Gb Total Space | 204,25 Gb Free Space | 71,01% Space Free | Partition Type: NTFS
 
Computer Name: STMO24 | User Name: Schüler | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Schüler\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Users\Schüler\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
PRC - C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE (CANON INC.)
PRC - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Steam\sdl.dll ()
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc File not found
SRV:64bit: - (Thpsrv) -- C:\Windows\SysNative\ThpSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (TTPDSrv) -- C:\Windows\SysNative\TTPDSRV.exe (TOSHIBA Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TOSHIBA eco Utility Service) -- C:\Programme\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (TemproMonitoringService) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (TosCoSrv) -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (ATService) -- C:\Programme\Fingerprint Sensor\ATService.exe (AuthenTec, Inc.)
SRV - (TOSHIBA HDD SSD Alert Service) -- C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (Virtual Router) -- C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe (Chris Pietschmann (hxxp://pietschsoft.com))
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (e1kexpress) -- C:\Windows\SysNative\drivers\e1k62x64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimspe64.sys (REDC)
DRV:64bit: - (tosrfec) -- C:\Windows\SysNative\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV:64bit: - (ATSwpWDF) -- C:\Windows\SysNative\drivers\ATSwpWDF.sys (AuthenTec, Inc.)
DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\drivers\tos_sps64.sys (TOSHIBA Corporation)
DRV:64bit: - (risdpcie) -- C:\Windows\SysNative\drivers\risdpe64.sys (REDC)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (TIEHDUSB) -- C:\Windows\SysNative\drivers\tiehdusb.sys (Texas Instruments)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (rixdpcie) -- C:\Windows\SysNative\drivers\rixdpe64.sys (REDC)
DRV:64bit: - (Thpevm) -- C:\Windows\SysNative\drivers\Thpevm.sys (TOSHIBA Corporation)
DRV:64bit: - (Thpdrv) -- C:\Windows\SysNative\drivers\thpdrv.sys (TOSHIBA Corporation)
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:64bit: - (toshidpt) -- C:\Windows\SysNative\drivers\Toshidpt.sys (TOSHIBA Corporation.)
DRV:64bit: - (tosporte) -- C:\Windows\SysNative\drivers\tosporte.sys (TOSHIBA Corporation)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{39AC0BA7-DB5E-4EE0-B51A-0C21AB25DFD9}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - SOFTWARE\Classes\CLSID\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}\InprocServer32 File not found
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{39AC0BA7-DB5E-4EE0-B51A-0C21AB25DFD9}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-2571110905-46770084-1883573713-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://toshiba.eu/places?touch=4&cat=1 [binary data]
IE - HKU\S-1-5-21-2571110905-46770084-1883573713-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2571110905-46770084-1883573713-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2571110905-46770084-1883573713-1001\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - SOFTWARE\Classes\CLSID\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}\InprocServer32 File not found
IE - HKU\S-1-5-21-2571110905-46770084-1883573713-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2571110905-46770084-1883573713-1001\..\SearchScopes\{148AC8F6-93F1-4CDF-BCA3-DE726CA98804}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
IE - HKU\S-1-5-21-2571110905-46770084-1883573713-1001\..\SearchScopes\{4D4EA4F7-B725-45AA-AC8B-F841699F782D}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
IE - HKU\S-1-5-21-2571110905-46770084-1883573713-1001\..\SearchScopes\{B304D871-4BB1-4097-89D0-4CEFBDFD3A55}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKU\S-1-5-21-2571110905-46770084-1883573713-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C1CA7765-44E4-452e-9D00-A04F3D434281}:
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C1CA7765-44E4-452e-9D00-A04F3D434281}:
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2012.12.18 21:47:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.09.27 09:42:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.12.04 13:37:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Schüler\AppData\Roaming\mozilla\Extensions
[2013.01.28 17:07:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Schüler\AppData\Roaming\mozilla\Firefox\Profiles\vpfujy5y.default\extensions
[2011.09.27 09:43:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011.09.27 09:43:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011.09.03 07:18:05 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.09.03 01:19:44 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.03 01:13:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.09.03 01:19:44 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.03 01:19:44 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.03 01:19:44 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.03 01:19:44 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (DVDVideoSoftTB_DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Schüler\AppData\LocalLow\CT2625848\ldrtbDVDV.dll File not found
O2 - BHO: (TFPUPWDBankBHO Class) - {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} - C:\Programme\TOSHIBA\TFPU\x86\TFPUPWDBankBHO.dll (TODO: <Company name>)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB_DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Schüler\AppData\LocalLow\CT2625848\ldrtbDVDV.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TFPUPWDBankService] C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe (TOSHIBA)
O4:64bit: - HKLM..\Run: [TFPUService] C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe (TOSHIBA)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Programme\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Programme\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [TOSDCR] C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe ()
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKU\.DEFAULT..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-21-2571110905-46770084-1883573713-1001..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2571110905-46770084-1883573713-1001..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Schüler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Schüler\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2571110905-46770084-1883573713-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2571110905-46770084-1883573713-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Schüler\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Schüler\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = schuladmin.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6306A8E-9754-4809-A772-A2EC85A87062}: DhcpNameServer = 172.16.128.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE04F0DA-C1E4-48F0-813E-CDA004619CB7}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.28 14:39:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.01.28 14:32:38 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.01.27 20:39:40 | 000,000,000 | ---D | C] -- C:\windows\temp
[2013.01.26 20:10:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013.01.26 20:10:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013.01.26 20:10:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013.01.26 20:10:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.01.26 20:10:01 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2013.01.26 20:03:45 | 005,027,618 | R--- | C] (Swearware) -- C:\Users\Schüler\Desktop\ComboFix.exe
[2013.01.25 17:19:14 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Schüler\Desktop\tdsskiller.exe
[2013.01.25 17:18:16 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Schüler\Desktop\aswMBR.exe
[2013.01.24 17:12:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.24 17:12:41 | 000,000,000 | ---D | C] -- C:\Users\Schüler\Desktop\mbar
[2013.01.23 21:10:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Schüler\Desktop\OTL.exe
[2013.01.22 19:58:12 | 000,000,000 | ---D | C] -- C:\Users\Schüler\Documents\Simply Super Software
[2013.01.22 19:58:11 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013.01.22 19:57:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2013.01.22 19:57:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2013.01.22 19:57:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2013.01.22 19:45:31 | 000,000,000 | R--D | C] -- C:\Users\Schüler\Desktop\Dropbox
[2013.01.22 19:41:39 | 000,000,000 | ---D | C] -- C:\Users\Schüler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2013.01.22 19:41:14 | 000,000,000 | ---D | C] -- C:\Users\Schüler\AppData\Roaming\Dropbox
[2013.01.10 17:02:02 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll
[2013.01.10 17:02:02 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\win32spl.dll
[2013.01.10 16:49:14 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wpc.dll
[2013.01.10 16:49:14 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\SysWow64\fpb.rs
[2013.01.10 16:49:14 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\SysNative\fpb.rs
[2013.01.10 16:49:14 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\SysWow64\oflc-nz.rs
[2013.01.10 16:49:14 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\SysNative\oflc-nz.rs
[2013.01.10 16:49:14 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegibbfc.rs
[2013.01.10 16:49:14 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegibbfc.rs
[2013.01.10 16:49:14 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\SysWow64\csrr.rs
[2013.01.10 16:49:14 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\SysNative\csrr.rs
[2013.01.10 16:49:14 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\SysWow64\cob-au.rs
[2013.01.10 16:49:14 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\SysNative\cob-au.rs
[2013.01.10 16:49:14 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\SysWow64\usk.rs
[2013.01.10 16:49:14 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\SysNative\usk.rs
[2013.01.10 16:49:14 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\SysWow64\grb.rs
[2013.01.10 16:49:14 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\SysNative\grb.rs
[2013.01.10 16:49:14 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi-pt.rs
[2013.01.10 16:49:14 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi-pt.rs
[2013.01.10 16:49:14 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi.rs
[2013.01.10 16:49:14 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi.rs
[2013.01.10 16:49:14 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\SysWow64\djctq.rs
[2013.01.10 16:49:14 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\SysNative\djctq.rs
[2013.01.10 16:49:13 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gameux.dll
[2013.01.10 16:49:13 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\gameux.dll
[2013.01.10 16:49:13 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Wpc.dll
[2013.01.10 16:49:12 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\SysWow64\cero.rs
[2013.01.10 16:49:12 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\SysNative\cero.rs
[2013.01.10 16:49:12 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\SysWow64\esrb.rs
[2013.01.10 16:49:12 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\SysNative\esrb.rs
[2013.01.10 16:49:12 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\SysWow64\oflc.rs
[2013.01.10 16:49:12 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\SysNative\oflc.rs
[2013.01.10 16:49:12 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi-fi.rs
[2013.01.10 16:49:12 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi-fi.rs
[2013.01.10 16:47:35 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2013.01.10 16:47:35 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
[2013.01.10 16:47:33 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
[2013.01.10 16:47:33 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe
[2013.01.10 16:47:33 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2013.01.10 16:47:33 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2013.01.10 16:47:33 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
[2013.01.10 16:47:33 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2013.01.10 16:47:33 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
[2013.01.10 16:47:33 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013.01.10 16:47:33 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013.01.10 16:47:33 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013.01.10 16:47:33 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2013.01.10 16:47:33 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013.01.10 16:47:33 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013.01.10 16:47:33 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013.01.10 16:47:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.01.10 16:47:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.01.10 16:47:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013.01.10 16:47:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013.01.10 16:47:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.01.10 16:47:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.01.10 16:47:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.10 16:47:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013.01.10 16:47:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013.01.10 16:47:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013.01.10 16:47:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013.01.10 16:47:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013.01.10 16:47:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.01.10 16:47:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013.01.10 16:47:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013.01.10 16:47:32 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2013.01.10 16:47:32 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2013.01.10 16:47:32 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013.01.10 16:47:32 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013.01.10 16:47:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013.01.10 16:47:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013.01.10 16:47:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013.01.10 16:47:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013.01.10 16:47:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013.01.10 16:47:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.10 16:47:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.01.10 16:47:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.01.10 16:47:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.01.10 16:47:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013.01.10 16:47:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013.01.10 16:47:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013.01.10 16:47:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.10 16:47:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.10 16:47:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013.01.10 16:47:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013.01.10 16:47:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013.01.10 16:47:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013.01.10 16:47:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.01.10 16:47:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013.01.10 16:47:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013.01.10 16:47:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013.01.10 16:47:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013.01.10 16:47:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013.01.10 16:47:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013.01.10 16:47:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013.01.10 16:47:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.01.10 16:47:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013.01.10 16:47:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013.01.10 16:47:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013.01.10 16:47:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013.01.10 16:47:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013.01.10 16:47:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013.01.10 16:47:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2013.01.10 00:01:27 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iisRtl.dll
[2013.01.10 00:01:27 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iisRtl.dll
[2013.01.10 00:01:27 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\admwprox.dll
[2013.01.10 00:01:27 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\admwprox.dll
[2013.01.10 00:01:26 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ahadmin.dll
[2013.01.10 00:01:26 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ahadmin.dll
[2013.01.10 00:01:26 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iisreset.exe
[2013.01.10 00:01:26 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iisreset.exe
[2013.01.10 00:01:26 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wamregps.dll
[2013.01.10 00:01:26 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iisrstap.dll
[2013.01.10 00:01:26 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wamregps.dll
[2013.01.10 00:01:26 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iisrstap.dll
[2013.01.10 00:00:49 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll
[2013.01.10 00:00:39 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\usp10.dll
[2013.01.09 23:47:39 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\taskhost.exe
[2013.01.08 19:57:26 | 000,000,000 | ---D | C] -- C:\Users\Schüler\AppData\Local\ApplicationHistory
[2013.01.08 19:56:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpellEx
[2013.01.08 18:20:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TI Tools
[2013.01.08 18:20:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TI Shared
[2013.01.08 18:20:55 | 000,000,000 | ---D | C] -- C:\Users\Schüler\Documents\MyTIData
[2013.01.08 18:20:54 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2013.01.08 18:20:49 | 000,128,512 | ---- | C] (Texas Instruments) -- C:\windows\SysNative\drivers\tiehdusb.sys
[2013.01.08 18:20:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TI Education
[2013.01.08 18:17:58 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\BestPractices
[2013.01.08 18:17:55 | 000,000,000 | ---D | C] -- C:\inetpub
[2013.01.08 18:17:55 | 000,000,000 | ---D | C] -- C:\windows\SysNative\BestPractices
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.28 17:16:19 | 000,027,344 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.28 17:16:19 | 000,027,344 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.28 17:08:57 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.01.28 17:08:47 | 323,293,183 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.28 16:48:49 | 000,580,235 | ---- | M] () -- C:\Users\Schüler\Desktop\adwcleaner.exe
[2013.01.28 14:58:11 | 000,365,568 | ---- | M] () -- C:\Users\Schüler\Desktop\gmer-2.0.18444.exe
[2013.01.27 20:06:56 | 005,027,618 | R--- | M] (Swearware) -- C:\Users\Schüler\Desktop\ComboFix.exe
[2013.01.25 19:28:10 | 000,000,512 | ---- | M] () -- C:\Users\Schüler\Desktop\MBR.dat
[2013.01.25 17:20:33 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Schüler\Desktop\aswMBR.exe
[2013.01.25 17:19:47 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Schüler\Desktop\tdsskiller.exe
[2013.01.24 17:15:08 | 001,827,682 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013.01.24 17:15:08 | 000,781,116 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013.01.24 17:15:08 | 000,721,956 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013.01.24 17:15:08 | 000,179,592 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013.01.24 17:15:08 | 000,146,546 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013.01.24 17:12:26 | 013,462,931 | ---- | M] () -- C:\Users\Schüler\Desktop\mbar-1.01.0.1016.zip
[2013.01.23 21:10:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Schüler\Desktop\OTL.exe
[2013.01.22 19:45:31 | 000,001,014 | ---- | M] () -- C:\Users\Schüler\Desktop\Dropbox.lnk
[2013.01.22 19:41:49 | 000,001,024 | ---- | M] () -- C:\Users\Schüler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.01.14 21:22:10 | 001,801,962 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013.01.10 17:03:16 | 000,000,000 | -H-- | M] () -- C:\Users\Schüler\Documents\Default.rdp
[2013.01.10 16:36:50 | 000,425,656 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013.01.08 19:57:26 | 000,000,095 | ---- | M] () -- C:\Users\Schüler\AppData\Local\fusioncache.dat
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.28 16:48:36 | 000,580,235 | ---- | C] () -- C:\Users\Schüler\Desktop\adwcleaner.exe
[2013.01.28 14:57:58 | 000,365,568 | ---- | C] () -- C:\Users\Schüler\Desktop\gmer-2.0.18444.exe
[2013.01.26 20:10:19 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013.01.26 20:10:19 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013.01.26 20:10:19 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013.01.26 20:10:19 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013.01.26 20:10:19 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013.01.25 19:28:10 | 000,000,512 | ---- | C] () -- C:\Users\Schüler\Desktop\MBR.dat
[2013.01.24 17:06:13 | 013,462,931 | ---- | C] () -- C:\Users\Schüler\Desktop\mbar-1.01.0.1016.zip
[2013.01.22 19:45:31 | 000,001,014 | ---- | C] () -- C:\Users\Schüler\Desktop\Dropbox.lnk
[2013.01.22 19:41:49 | 000,001,024 | ---- | C] () -- C:\Users\Schüler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.01.10 17:03:16 | 000,000,000 | -H-- | C] () -- C:\Users\Schüler\Documents\Default.rdp
[2013.01.08 19:57:26 | 000,000,095 | ---- | C] () -- C:\Users\Schüler\AppData\Local\fusioncache.dat
[2013.01.08 17:58:05 | 001,801,962 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012.10.15 22:06:12 | 000,007,598 | ---- | C] () -- C:\Users\Schüler\AppData\Local\Resmon.ResmonCfg
[2012.10.02 11:36:40 | 000,002,604 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.08.05 08:47:28 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:CB0AACC9

< End of report >
Code:
OTL Extras logfile created on: 28.01.2013 18:10:17 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Schüler\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,73 Gb Total Physical Memory | 4,07 Gb Available Physical Memory | 71,02% Memory free
11,47 Gb Paging File | 9,52 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287,66 Gb Total Space | 204,25 Gb Free Space | 71,01% Space Free | Partition Type: NTFS
 
Computer Name: STMO24 | User Name: Schüler | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files\Opera x64\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera x64\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Opera x64\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Opera x64\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02B7E3E6-5FE4-46A9-BF49-C6D147DA7A50}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{02C15CF6-8AE4-4FF4-AFC1-AF96482B88FD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{8C69B085-7AFE-4240-B9C6-361C0F170B01}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B49787F-0F0D-46E7-A7D4-943843923B34}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darksiders\darksiderspc.exe |
"{0DEEB486-95AF-4145-ABBB-91EEBF50280B}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{1CE4E265-A69D-4D47-BB56-F8A0BD813C51}" = protocol=17 | dir=in | app=c:\users\schüler\appdata\roaming\dropbox\bin\dropbox.exe |
"{1EF6E5B6-33F9-4A34-BB75-11FD3442CE33}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{301A6BE5-EAE6-4CD7-A9D3-F227EA891CBC}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{30EB8756-851E-4C5D-AB9E-8BDC9FA0C126}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania nations forever\tmforever.exe |
"{3C5CC506-849C-49C4-BA5E-C53F9DD5CD89}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{45CCF574-BCBF-4FEC-87BA-C3915F72193E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse_unrestricted.exe |
"{51372ED5-7434-4D8F-AAA3-3DCB5B553511}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{593EFAE6-ED6C-415E-83F9-ACA0CF102527}" = protocol=17 | dir=in | app=c:\program files\opera x64\opera.exe |
"{5AA6851D-BB4A-4C9B-83E7-78F8D1895056}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{5F7BA0FD-C5DA-46BA-9352-2EAA50079611}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{6BC47E69-A5B3-46DE-9D5B-601948A6FAB2}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{6E0DBC68-E828-4624-A020-05BFEEED69EB}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{719DEE4A-58AB-4B70-8134-6D749C0E7C68}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{7680A408-1AEE-4997-9EB0-AB74975AE07F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{77CE6EBC-75C0-41BA-B1DB-DFC302D03BCA}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{8674AC11-D7DA-4C7C-AF23-FB96AC366202}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse_unrestricted.exe |
"{874A2D9A-AC22-4F24-A73F-C5826FB64EEB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{8839C9FD-9DF0-4F9B-B86C-4EDDEDC09EFE}" = protocol=6 | dir=in | app=c:\program files\opera x64\opera.exe |
"{89311225-154B-48C2-88BD-039E89A10F2E}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{89760F72-3687-4A80-AFE4-07377576EFA6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{96C02AF4-004D-4A11-B6D1-7A5CF9156FE0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse.exe |
"{9719EB81-4109-45DB-82E8-E357AC27B185}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse.exe |
"{996C6343-1AFF-4F79-9A95-97DE2ED8706A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania nations forever\tmforever.exe |
"{9BEB9FB6-B3C2-4D26-99E9-444407807953}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{9D45C11F-5A5C-420E-B3D1-6D21C25E303E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darksiders\darksiderspc.exe |
"{9E51B848-2C88-4634-91B6-523D8E18A78F}" = protocol=6 | dir=in | app=c:\users\schüler\appdata\roaming\dropbox\bin\dropbox.exe |
"{A91476B6-D67A-405F-BB8F-8B2018EDB110}" = protocol=17 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper.exe |
"{AC909476-8B13-48B2-9526-7DCFDC3CF536}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe |
"{B09D6C6A-272A-4160-B38A-E9D66BB529B3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{B164D6DD-E77E-4DEF-B87A-4943753BA5AD}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{B33DE628-5FD6-4270-9AA9-3EA820C90A36}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{B52EA13A-E829-421E-997B-53AB8948FE87}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{B6EB20E3-5AEE-4A02-B375-FBA01691D581}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\kfed.exe |
"{BD45F04F-F5C9-4892-9BE5-32E35217E7A2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe |
"{D7BCA529-B18C-4852-A5EB-3866E5C7D9B6}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{D94B929E-572B-4542-81A3-4267DB4EB589}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\kfed.exe |
"{DD1F830D-9F6E-478F-8C77-69CD890A5A92}" = protocol=6 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper.exe |
"{DFC3333D-9E71-4807-9336-F8D30728E9FF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{E01B3B1D-804D-4515-8112-1780C577EC73}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{F6A7F02F-E041-4AED-BC51-CA4AB9F962CE}" = protocol=17 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper_32.exe |
"{F7631134-9FB2-4019-8011-1E4F652AC50F}" = protocol=6 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper_32.exe |
"TCP Query User{E1213568-E1FE-46E2-B0C2-487FFF0B478A}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{C9A58F3F-F2D5-4C86-8FA2-D2B0047B0AF1}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX360_series" = Canon MX360 series MP Drivers
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5F1DFCC1-595D-4235-A044-E05B706D800A}" = AuthenTec Fingerprint Software
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A7760E07-4C23-4766-A99E-F715F298E99C}" = TFPU
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F1487CE7-F221-4391-B0EE-7009A668ED2B}" = TOSHIBA eco Utility
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"7511B29C86C398B4D11A0B0E4176CAD68D1B7057" = Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB  (09/02/2009 1.0.0.1)
"EC3E466026556D3EB760B01C4772277614354E11" = Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB  (06/11/2009 1.0.0.0)
"Opera 12.12.1707" = Opera 12.12
"PROSet" = Intel(R) Network Connections Drivers
"TFPU{A7760E07-4C23-4766-A99E-F715F298E99C}" = TOSHIBA Fingerprint Utility
"VLC media player" = VLC media player 2.0.2
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.12.03.02
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0FF68F26-416C-4954-ACA5-6AD5F9DE99C1}" = Nero Multimedia Suite 10 Essentials
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}" = TOSHIBA Sicherheits-Assistent
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2290A680-4083-410A-ADCC-7092C67FC052}" = TOSHIBA Online Product Information
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
"{2C303EE0-A595-3543-A71A-931C7AC40EDE}" = Microsoft Primary Interoperability Assemblies 2005
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38C52F7D-A6CB-4CE7-A189-8AABE8774D8A}" = TOSHIBA ConfigFree
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{461F6F0D-7173-4902-9604-AB1A29108AF2}" = TOSHIBA Places Icon Utility
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5782EFD2-603D-4AFA-87EF-7CB54044839C}" = Winfunktion Mathematik plus 17
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DB05F7E-1F7A-4CC0-882F-375B97F04CD4}" = Virtual Router v0.9 Beta
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}" = DarksidersInstaller
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC2422C9-F7B5-4175-B295-5EC2283AA674}" = Command & Conquer™ 3: Kanes Rache
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.11 Game
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}" = TOSHIBA USB Sleep and Charge Utility
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F07AE5AB-516C-4CEB-A0AA-AD083B9182C6}" = TI NoteFolio Creator
"{F082CB11-4794-4259-99A1-D91BA762AD15}" = TOSHIBA TEMPRO
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1487CE7-F221-4391-B0EE-7009A668ED2B}" = TOSHIBA eco Utility
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FEDFB4DC-E149-4897-B616-4811C718E54F}" = TOSHIBA 180 Degrees Rotation Utility
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"CanonSolutionMenuEX" = Canon Solution Menu EX
"DAEMON Tools Pro" = DAEMON Tools Pro
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.37.1212
"GeoGebra" = GeoGebra
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F1487CE7-F221-4391-B0EE-7009A668ED2B}" = TOSHIBA eco Utility
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Mozilla Firefox 6.0.2 (x86 de)" = Mozilla Firefox 6.0.2 (x86 de)
"MP Navigator EX 4.1" = Canon MP Navigator EX 4.1
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"Steam App 11020" = TrackMania Nations Forever
"Steam App 1250" = Killing Floor
"Steam App 1260" = Killing Floor SDK
"Steam App 35420" = Killing Floor Mod: Defence Alliance 2
"Steam App 41010" = Serious Sam HD: The Second Encounter
"Steam App 50620" = Darksiders
"Trojan Remover_is1" = Trojan Remover 6.8.5
"VLC media player" = VLC media player 2.0.4
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2571110905-46770084-1883573713-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CT2625848" = DVDVideoSoftTB DE Toolbar
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 22.10.2012 13:05:29 | Computer Name = stmo24.schuladmin.local | Source = WinMgmt | ID = 10
Description =
 
Error - 23.10.2012 05:05:50 | Computer Name = stmo24.schuladmin.local | Source = WinMgmt | ID = 10
Description =
 
Error - 23.10.2012 18:00:30 | Computer Name = stmo24.schuladmin.local | Source = WinMgmt | ID = 10
Description =
 
Error - 24.10.2012 11:54:12 | Computer Name = stmo24.schuladmin.local | Source = WinMgmt | ID = 10
Description =
 
Error - 25.10.2012 02:41:19 | Computer Name = stmo24.schuladmin.local | Source = WinMgmt | ID = 10
Description =
 
Error - 26.10.2012 09:41:22 | Computer Name = stmo24.schuladmin.local | Source = WinMgmt | ID = 10
Description =
 
Error - 26.10.2012 11:17:20 | Computer Name = stmo24.schuladmin.local | Source = WinMgmt | ID = 10
Description =
 
Error - 28.10.2012 10:14:49 | Computer Name = stmo24.schuladmin.local | Source = WinMgmt | ID = 10
Description =
 
Error - 29.10.2012 09:41:16 | Computer Name = stmo24.schuladmin.local | Source = WinMgmt | ID = 10
Description =
 
Error - 30.10.2012 10:17:54 | Computer Name = stmo24.schuladmin.local | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 03.12.2012 13:27:30 | Computer Name = stmo24.schuladmin.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
 eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
 die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
 
Error - 03.12.2012 17:27:40 | Computer Name = stmo24.schuladmin.local | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem  Domänencontroller
 in der Domäne SCHULADMIN aufgrund der folgenden  Ursache nicht einrichten:  %%1311

Dies
 kann zu Authentifizierungsproblemen führen. Stellen  Sie sicher, dass der Computer
 mit dem Netzwerk verbunden ist.  Wenden Sie sich an den Domänenadministrator, wenn
 das Problem  weiterhin besteht.        ZUSÄTZLICHE INFORMATIONEN    Wenn dieser Computer ein
Domänencontroller der bestimmten  Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator
 in der bestimmten Domäne eingerichtet.  Andernfalls richtet dieser Computer eine
sichere Sitzung zu  einem beliebigen Domänencontroller in der bestimmten Domäne ein.
 
Error - 04.12.2012 08:28:17 | Computer Name = stmo24.schuladmin.local | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%2
 
Error - 04.12.2012 08:28:17 | Computer Name = stmo24.schuladmin.local | Source = Service Control Manager | ID = 7003
Description = Der Dienst "McAfee Personal Firewall Service" ist von folgendem Dienst
 abhängig: MfeFire. Dieser Dienst ist eventuell nicht installiert.
 
Error - 04.12.2012 08:28:17 | Computer Name = stmo24.schuladmin.local | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TOSHIBA Touch Pad Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%2
 
Error - 04.12.2012 08:28:31 | Computer Name = stmo24.schuladmin.local | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem  Domänencontroller
 in der Domäne SCHULADMIN aufgrund der folgenden  Ursache nicht einrichten:  %%1311

Dies
 kann zu Authentifizierungsproblemen führen. Stellen  Sie sicher, dass der Computer
 mit dem Netzwerk verbunden ist.  Wenden Sie sich an den Domänenadministrator, wenn
 das Problem  weiterhin besteht.        ZUSÄTZLICHE INFORMATIONEN    Wenn dieser Computer ein
Domänencontroller der bestimmten  Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator
 in der bestimmten Domäne eingerichtet.  Andernfalls richtet dieser Computer eine
sichere Sitzung zu  einem beliebigen Domänencontroller in der bestimmten Domäne ein.
 
Error - 04.12.2012 08:28:40 | Computer Name = stmo24.schuladmin.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
 eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
 die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
 
Error - 04.12.2012 14:04:56 | Computer Name = stmo24.schuladmin.local | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem  Domänencontroller
 in der Domäne SCHULADMIN aufgrund der folgenden  Ursache nicht einrichten:  %%1311

Dies
 kann zu Authentifizierungsproblemen führen. Stellen  Sie sicher, dass der Computer
 mit dem Netzwerk verbunden ist.  Wenden Sie sich an den Domänenadministrator, wenn
 das Problem  weiterhin besteht.        ZUSÄTZLICHE INFORMATIONEN    Wenn dieser Computer ein
Domänencontroller der bestimmten  Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator
 in der bestimmten Domäne eingerichtet.  Andernfalls richtet dieser Computer eine
sichere Sitzung zu  einem beliebigen Domänencontroller in der bestimmten Domäne ein.
 
Error - 04.12.2012 14:04:55 | Computer Name = stmo24.schuladmin.local | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%2
 
Error - 04.12.2012 14:04:55 | Computer Name = stmo24.schuladmin.local | Source = Service Control Manager | ID = 7003
Description = Der Dienst "McAfee Personal Firewall Service" ist von folgendem Dienst
 abhängig: MfeFire. Dieser Dienst ist eventuell nicht installiert.
 
 
< End of report >
lg momo

cosinus 28.01.2013 23:18
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


momo2408 29.01.2013 12:41
Also Malwarebytes hat nichts gefunden und hier mal der Log von ESET was ziemlich viel gefunden hat so wies aussieht

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6889
# api_version=3.0.2
# EOSSerial=b57bed209ab6494a918774d9660b1365
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-01-29 11:35:50
# local_time=2013-01-29 12:35:50 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1036 16777214 0 0 79028 79028 0 0
# compatibility_mode=5121 16777214 0 3 42343989 42343989 0 0
# compatibility_mode=5893 16776573 100 94 66420 111089200 0 0
# scanned=189522
# found=69
# cleaned=0
# scan_time=6989
F:\-Filme.lnk        Win32/Dorkbot.D worm        D148F2D0B2B64BCD92B2DA04F3BD8837359034AF        I
F:\-Serien.lnk        Win32/Dorkbot.D worm        625A9A542B57F609973DC1794075673BF4F5349B        I
F:\2 fast 2 furious.lnk        Win32/Dorkbot.D worm        2F84DDEB5C8A833DD5CC3DB0095B17A603872DE0        I
F:\American Pie 1-5.lnk        Win32/Dorkbot.D worm        0001547064AE0E1D085C898077AA532C5073159C        I
F:\Beverliy Hills Cop.lnk        Win32/Dorkbot.D worm        E70BCBB782C07A48A2797D2EDCE96FB8F5BD2B58        I
F:\Binary.Domain-SKIDROW- Doc Snyder&Mr.Crabbs.lnk        Win32/Dorkbot.D worm        39C96177A0F866C94E8D982188C8C7F06DB33D8B        I
F:\christian.lnk        Win32/Dorkbot.D worm        D63BD74FA9FC478A082419101F37C0239C781451        I
F:\Crank.lnk        Win32/Dorkbot.D worm        D13C7C23B9B0C8F62EA4DDC4B73474A82A5109B7        I
F:\Das Leben des Brian.lnk        Win32/Dorkbot.D worm        B0411A612C9BA6D6131EE34B98ED0C9A4EE9608E        I
F:\DAS_LEBEN_DER_ANDEREN.lnk        Win32/Dorkbot.D worm        74EFA776D74761F2EF1474E674E28873533C2EEE        I
F:\Der Fluch Zwei Schwestern (2009) German HDRip AC3.lnk        Win32/Dorkbot.D worm        A26827F9DA57C000BBDD4436C883B512D6B7A65B        I
F:\Der Wixxer 2.lnk        Win32/Dorkbot.D worm        91D170C2117CCE75971AA772309CB8BA4A253B29        I
F:\Die Simpsons- Der film.lnk        Win32/Dorkbot.D worm        4618260997D2DFFC831A3ECE8947FD1751E0062D        I
F:\DiRT.Showdown.German.Multi.5-FLT - Hondo.lnk        Win32/Dorkbot.D worm        ABD2FFB86926681333DD59E3582A690C57403B66        I
F:\Ein Duke kommt selten allein.lnk        Win32/Dorkbot.D worm        A7EEFB2CE1D33EAC0B76B0BB3D6523C3BFA42A32        I
F:\Extreme Rage.lnk        Win32/Dorkbot.D worm        E3AD75CE6874FDE2E1D059E54EE28B70A2379A5D        I
F:\Ey man , wo ist mein Auto.lnk        Win32/Dorkbot.D worm        3E01CFFD8D48266AC61DC8B29E7B88FE1781FBC1        I
F:\Fall.39.German.DVDRip.XviD-LOGiCAL - Doc Snyder&Le.lnk        Win32/Dorkbot.D worm        C4A828D3A143E90C20DBE3A643F1AA06345A84CD        I
F:\Fear and Loathing in Las Vegas.lnk        Win32/Dorkbot.D worm        BC4E3552B346B4CF7FF3B95FF7F60044DBCC041D        I
F:\Filmefilme.lnk        Win32/Dorkbot.D worm        115D7A75AB7DFC3A02EFB0F28132CADB822D343C        I
F:\Fluch der Karibik 1-3.lnk        Win32/Dorkbot.D worm        807875BC7CFCCE50B20C14D77BB939D6918CAC3C        I
F:\HAMMERHART.lnk        Win32/Dorkbot.D worm        CF72CF096E5C3588723197D33F6F6D68FE77C3F5        I
F:\Hide and Seek Du kannst dich nicht verstecken (200.lnk        Win32/Dorkbot.D worm        20C6AC617ED1E175069F67CB2C298ABA9208461E        I
F:\HOTEL_RUANDA.lnk        Win32/Dorkbot.D worm        425EE7E0CAC0C75D8549200DF47781BA5D311097        I
F:\Ice Age.lnk        Win32/Dorkbot.D worm        0DE37FA0094A48569DEAC3812ADCBFDF5BE951C0        I
F:\James Bond.lnk        Win32/Dorkbot.D worm        0BCF0201EF3EFA65A5072B224D469B6FDCE29AF5        I
F:\Kaufhauscop.lnk        Win32/Dorkbot.D worm        0FC4F099985EBADF4283CBFB3BE83E90FCE42DDD        I
F:\Klick.lnk        Win32/Dorkbot.D worm        B0CF7B958C1E8BCA49A6F5A683FBBF154B245495        I
F:\Kung.Fu.Panda.1.German 2008.AC3.HDRip.XViD2011-FuN.lnk        Win32/Dorkbot.D worm        B0223240D8031D583047F9298BCB16ECBBFE9CB2        I
F:\Kung.Fu.Panda.2.2011.R6.LD.German.XviD-NoElite-Hor.lnk        Win32/Dorkbot.D worm        326295F888A9799D39190ACF3ECA9BFCBD9D73D5        I
F:\Meine Frau, die Spartaner und ich.lnk        Win32/Dorkbot.D worm        BF907C5A1B79AB3573274C39E37CC4FD4B676E9A        I
F:\Mirror.lnk        Win32/Dorkbot.D worm        4EC256DE47BFE6375B99CB890872AEDEE4CEE494        I
F:\momo.lnk        Win32/Dorkbot.D worm        6CFC4220FD113D09DA2E91FF5901340A4A96F11F        I
F:\momo1.lnk        Win32/Dorkbot.D worm        1E5912C6AFFF055D97CC9293B0EC8C064212E187        I
F:\Mr. Bean macht Ferien.lnk        Win32/Dorkbot.D worm        45A587D50E9454481CD1428CBFD913A70D62FA81        I
F:\msdownld.tmp.lnk        Win32/Dorkbot.D worm        5DE8C08D82324BEB75B40EDEDC4C57F90E62A681        I
F:\Musik.lnk        Win32/Dorkbot.D worm        401A3CF1BCE25204AD7E096C365B66439461B795        I
F:\Musik123.lnk        Win32/Dorkbot.D worm        73EDE3113E1FDD3DDFCEBC9AB9314603A29B08B1        I
F:\Neuer Film.lnk        Win32/Dorkbot.D worm        67E87D8E30ED2682C98CF9CF7765B5F123C1B7E1        I
F:\Neuer Ordner 2.lnk        Win32/Dorkbot.D worm        35EB1695379A2804F6C8FB1073C0AA68169EEE0F        I
F:\Neuer Ordner123.lnk        Win32/Dorkbot.D worm        442EF397792C5880506B537FDB145E2E56C446FF        I
F:\Neuer Ordner2.lnk        Win32/Dorkbot.D worm        9E513CDDE2A8AF5DB9ED8D1EB87E5A7EF17B060B        I
F:\Paul.Ein.Alien.auf.der.Flucht.DVDRip.Line.Dubbed.G.lnk        Win32/Dorkbot.D worm        77550B25E6904CB72F37A33B310EB83466A2A9E0        I
F:\progs.lnk        Win32/Dorkbot.D worm        61195F4693BC71D0E655004F749AEBAC9D1EF7E7        I
F:\Pulse - Du bist tot, bevor du stirbst German by bi.lnk        Win32/Dorkbot.D worm        B591D22F165F7F957905E45FE57E98208B72EEA9        I
F:\Rango (2011) AC3 BDRip XviD - ghost usenet.lnk        Win32/Dorkbot.D worm        CB972111BBD4C4DC43FCEC3ACB5556A7CEF35E88        I
F:\Resident Evil Extinction (2007) DVDRiP XviD - SYH.lnk        Win32/Dorkbot.D worm        BF1DE0FF00CA31F1B62B70CD03B7BFBB60ADFD55        I
F:\Resident vil.lnk        Win32/Dorkbot.D worm        FC69ECF5450F1ADEFCEB2197B2BCBF5C714F6F05        I
F:\Resident.Evil.Afterlife.R5.Line.Dubbed.German.XviD.lnk        Win32/Dorkbot.D worm        11311897CACE7A834CDAE6866B52C8861CA18D8D        I
F:\S.H.I.T.lnk        Win32/Dorkbot.D worm        406F0B4726E9D3C0EF6AF4EAEACE1B875F13F420        I
F:\Scary Movie.lnk        Win32/Dorkbot.D worm        1E01AB3A39D96903857896C34A81F28E401CFE9F        I
F:\Spiderman 3.lnk        Win32/Dorkbot.D worm        AFA8DB15229B6B13EEECCAE4ADC180D179F36800        I
F:\spiele.lnk        Win32/Dorkbot.D worm        7741E8E07553D69DA2163B486B2BA597C2A431AB        I
F:\Spiele2.lnk        Win32/Dorkbot.D worm        A7C12CF286BC8706F80223A9C2BAC63F6519C703        I
F:\Sportmovies.lnk        Win32/Dorkbot.D worm        6BB0554ED782B7F8C78FC9EC2CE7F2D507683B53        I
F:\System Volume Information.lnk        Win32/Dorkbot.D worm        719CDE9D08D8C6C4C9366331212621ECF3F90191        I
F:\The Amityville Horror DVDRiP XViD - EAsyNews.lnk        Win32/Dorkbot.D worm        37C282166FC89C78FC66D188B84C33286FDE5181        I
F:\The Mechanic - Jason Statham - FSK 18 - USA 2011 -.lnk        Win32/Dorkbot.D worm        6AFDCDAD30B470B7949670070D31644AA3203C0B        I
F:\The.Ring.German.AC3.HDRip.XViD-FuN - Doc Snyder&Le.lnk        Win32/Dorkbot.D worm        A77E11742923A5C3A196731C4DAFB539C6B1FEC3        I
F:\TOWN - Cowboys and Aliens German TS LineDubbed Xvi.lnk        Win32/Dorkbot.D worm        56A0B6BBD776CD2377870437DFF1FA7E801344D4        I
F:\Transformers2.lnk        Win32/Dorkbot.D worm        1034C9CD7A4B8706781C5B5B4C6D8AD0A4B4644E        I
F:\urlaub italien bilder.lnk        Win32/Dorkbot.D worm        383352E6593FA26736CB4E4A1FB75BE1F824209F        I
F:\urlaub italien.lnk        Win32/Dorkbot.D worm        207D51241306D42779F1D04A5850D12FB36D6E7B        I
F:\Werner.lnk        Win32/Dorkbot.D worm        BD975D182B532F25946CEB6D5D60DEF0E92576E7        I
F:\World.Invasion.-.Battle.Los.Angeles.R5.Line.Dubbed.lnk        Win32/Dorkbot.D worm        66F4221483A61092105CE6E7288B4D4389723D71        I
F:\XXX.lnk        Win32/Dorkbot.D worm        47932BEB7779E9087FD579391B73B499D0982E86        I
F:\youtube clips.lnk        Win32/Dorkbot.D worm        0CDA78E4512AE7FAD2A5CCC5713AD62BD11F12C3        I
F:\Zeugs.lnk        Win32/Dorkbot.D worm        22F7FBD94BEA5D6D71D6014169124A09A36064DB        I
F:\Zimmer 1408.lnk        Win32/Dorkbot.D worm        532322DE96C3D66D612DBD740A5FE925A5909B4B        I
lg momo

cosinus 29.01.2013 12:45

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
:Files
F:\*.lnk
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread

momo2408 29.01.2013 14:31
Code:
All processes killed
========== FILES ==========
F:\-Filme.lnk moved successfully.
F:\-Serien.lnk moved successfully.
F:\2 fast 2 furious.lnk moved successfully.
F:\American Pie 1-5.lnk moved successfully.
F:\Beverliy Hills Cop.lnk moved successfully.
F:\Binary.Domain-SKIDROW- Doc Snyder&Mr.Crabbs.lnk moved successfully.
F:\christian.lnk moved successfully.
F:\Crank.lnk moved successfully.
F:\Das Leben des Brian.lnk moved successfully.
F:\DAS_LEBEN_DER_ANDEREN.lnk moved successfully.
F:\Der Fluch Zwei Schwestern (2009) German HDRip AC3.lnk moved successfully.
F:\Der Wixxer 2.lnk moved successfully.
F:\Die Simpsons- Der film.lnk moved successfully.
F:\DiRT.Showdown.German.Multi.5-FLT - Hondo.lnk moved successfully.
F:\Ein Duke kommt selten allein.lnk moved successfully.
F:\Extreme Rage.lnk moved successfully.
F:\Ey man , wo ist mein Auto.lnk moved successfully.
F:\Fall.39.German.DVDRip.XviD-LOGiCAL - Doc Snyder&Le.lnk moved successfully.
F:\Fear and Loathing in Las Vegas.lnk moved successfully.
F:\Filmefilme.lnk moved successfully.
F:\Fluch der Karibik 1-3.lnk moved successfully.
F:\HAMMERHART.lnk moved successfully.
F:\Hide and Seek Du kannst dich nicht verstecken (200.lnk moved successfully.
F:\HOTEL_RUANDA.lnk moved successfully.
F:\Ice Age.lnk moved successfully.
F:\James Bond.lnk moved successfully.
F:\Kaufhauscop.lnk moved successfully.
F:\Klick.lnk moved successfully.
F:\Kung.Fu.Panda.1.German 2008.AC3.HDRip.XViD2011-FuN.lnk moved successfully.
F:\Kung.Fu.Panda.2.2011.R6.LD.German.XviD-NoElite-Hor.lnk moved successfully.
F:\Meine Frau, die Spartaner und ich.lnk moved successfully.
F:\Mirror.lnk moved successfully.
F:\momo.lnk moved successfully.
F:\momo1.lnk moved successfully.
F:\Mr. Bean macht Ferien.lnk moved successfully.
F:\msdownld.tmp.lnk moved successfully.
F:\Musik.lnk moved successfully.
F:\Musik123.lnk moved successfully.
F:\Neuer Film.lnk moved successfully.
F:\Neuer Ordner 2.lnk moved successfully.
F:\Neuer Ordner123.lnk moved successfully.
F:\Neuer Ordner2.lnk moved successfully.
F:\Paul.Ein.Alien.auf.der.Flucht.DVDRip.Line.Dubbed.G.lnk moved successfully.
F:\progs.lnk moved successfully.
F:\Pulse - Du bist tot, bevor du stirbst German by bi.lnk moved successfully.
F:\Rango (2011) AC3 BDRip XviD - ghost usenet.lnk moved successfully.
F:\Resident Evil Extinction (2007) DVDRiP XviD - SYH.lnk moved successfully.
F:\Resident vil.lnk moved successfully.
F:\Resident.Evil.Afterlife.R5.Line.Dubbed.German.XviD.lnk moved successfully.
F:\S.H.I.T.lnk moved successfully.
F:\Scary Movie.lnk moved successfully.
F:\Spiderman 3.lnk moved successfully.
F:\spiele.lnk moved successfully.
F:\Spiele2.lnk moved successfully.
F:\Sportmovies.lnk moved successfully.
F:\System Volume Information.lnk moved successfully.
F:\The Amityville Horror DVDRiP XViD - EAsyNews.lnk moved successfully.
F:\The Mechanic - Jason Statham - FSK 18 - USA 2011 -.lnk moved successfully.
F:\The.Ring.German.AC3.HDRip.XViD-FuN - Doc Snyder&Le.lnk moved successfully.
F:\TOWN - Cowboys and Aliens German TS LineDubbed Xvi.lnk moved successfully.
F:\Transformers2.lnk moved successfully.
F:\urlaub italien bilder.lnk moved successfully.
F:\urlaub italien.lnk moved successfully.
F:\Werner.lnk moved successfully.
F:\World.Invasion.-.Battle.Los.Angeles.R5.Line.Dubbed.lnk moved successfully.
F:\XXX.lnk moved successfully.
F:\youtube clips.lnk moved successfully.
F:\Zeugs.lnk moved successfully.
F:\Zimmer 1408.lnk moved successfully.
< ipconfig /flushdns /c >
No captured output from command...
C:\Users\Schüler\Desktop\cmd.bat deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Schler
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Schüler
->Temp folder emptied: 1213879 bytes
->Temporary Internet Files folder emptied: 24820173 bytes
->Java cache emptied: 29709 bytes
->FireFox cache emptied: 6451110 bytes
->Flash cache emptied: 65637 bytes
 
User: setup
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 7751196 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 56847 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 22188 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 39,00 mb
 
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 01292013_132111

Files\Folders moved on Reboot...
C:\Users\Schüler\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
lg momo

cosinus 29.01.2013 15:01
Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

momo2408 29.01.2013 16:43
Also erstmal danke für die tolle hilfe bin froh das zeug runter zu haben :dankeschoen:
Welches Virenprogramm soll ich mir nun zulegen?
Achso bevor ichs vergess fast meine komplette externe ist gelöscht:heulen: und wenn ich mein handy anstöpsel kommt "USB-Gerät wurde nicht erkannt"

lg momo

cosinus 29.01.2013 17:08
Zitat:
Welches Virenprogramm soll ich mir nun zulegen
Also ich weiß nicht wie oft ich das schon gepostet hab, das steht hier auch schon zuhauf in vielen Diskussionen - es ist eigentlich immer wieder das gleiche Fazit => Es gibt nicht den besten Virenscanner!

Die Frage - welcher Virenscanner oder ob der installierte reicht - taucht ständig auf.
Der Virenscanner - egal welcher - kann und wird niemals 100% Schutz bieten können. Neue/unbekannte Schädlinge können immer durch die Lappen gehen. Geld ausgeben muss man nicht für einen Scanner, sowas wie Avast oder Microsoft Security Essentials sind für die privaten Gebrauch völlig ausreichend.
Abgesehen davon nutzen verschiedene Virenscanner unterschiedliche Signaturen und Techniken, das führt dazu, dass zB Scanner1 Schädling X entdeckt, aber Schädling Y übersieht. Scanner2 erkennt Schädling Y, dafür aber Schädling X nicht...
Wichtiger ist, dass du dich an Regeln hälst. Der beste Virenscanner bringt nichts, wenn du dich falsch verhälst und fahrlässig/unvorsichtig bist. Airbag und Sicherheitsgurt im Auto sind ja auch keine Gründe dafür auf die Verkehrsregeln zu pfeifen.

Zitat:
Lesestoff:
Goldene Sicherheitsregeln
Halte Dich am besten grob an diese Regeln:
  1. Sei misstrauisch im Internet und v.a. bei unbekannten E-Mails, sei vorsichtig bei der Herausgabe persönlicher Daten!!
  2. Halte Windows und alle verwendeten Programme immer aktuell - unterstützen kann dich dabei Secunia PSI
  3. Führe regelmäßig Backups auf externe Medien durch
  4. Arbeite mit eingeschränkten Rechten
  5. automatische Wiedergabe von allen Laufwerken komplett deaktivieren, denn das ist ein unnötiges Sicherheitsrisiko
  6. Bei der Installation von Software möglichst darauf achten, dass die Setups aus offiziellen Quellen stammen und du bei der Installation nach Möglichkeit die benutzerdefinierte Methode wählst - dann hast du die Möglichkeit etwaigen Schrott (wie Toolbars oder sowas wie RegistryBooster) abzuwählen, welcher sonst einfach mitinstalliert wird.
  7. Bösartige bzw. ungewollte Sites von vornherein blockieren lassen mit Hilfe der MVPS Hosts File => Blocking Unwanted Parasites with a Hosts File
  8. Finger weg von: TuneUp, Registry-Cleanern aller Art, Softonic sowie illegalen Cracks/Keygens oder anderen "Tools" um ein kommerzielles Programm ohne Lizenz nutzen zu können
  9. dubiose Seiten bzw. Kinofilm-Streaming-Portale ebenfalls sein lassen, erstens handelt man sich dort schnell Malware ein oder kann in Abofallen geraten und zweitens bewegen sich diese Seiten in einer rechtlichen Grauzone.


Alles noch genauer erklärt steht hier => Kompromittierung unvermeidbar?

momo2408 29.01.2013 17:36
Also ich hab mich mal für AVAST entschieden. Aber was ist mit meinen Daten von der Platte und meim Handy ich hoff ich nerv dich nich allzu sehr :heilig:

lg momo

cosinus 29.01.2013 20:31
Was bitte soll genau mit deinen Daten sein?? :glaskugel:

momo2408 29.01.2013 21:36
Sie sind weg :D also sie sind definitiv nicht mehr auf meiner externen drauf. Beim Handy kommt immer Datenträger wurde nicht erkannt.

lg momo

cosinus 29.01.2013 21:42
Mit Handies und Smartphones kann ich dir nicht helfen. Das ist nicht meine Welt...
Mach dazu am besten einen neuen Strang in einem passenden Subforum hier auf.

Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter.

Combofix entfernen: Start/Ausführen (Tastenkombination WIN+R), dort den Befehl combofix /uninstall eintippen und ausführen

Mit Hilfe von OTL kannst du auch viele andere Tools entfernen: Starte dazu einfach OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:41 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132