| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: von meinem WEB.DE Account werden Spam-Mails verschicktWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
15.02.2012, 17:01
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  von meinem WEB.DE Account werden Spam-Mails verschickt Steht alles in der Anleitung!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
15.02.2012, 21:26
| #17 |
 | von meinem WEB.DE Account werden Spam-Mails verschickt ich habe Ordner C\## aswSnx private storage bzw. D\## aswSnx private storage mit Unterordnern r364\OTL.exe_{78f54eeb-53c3-11e1-b884-002622f08946} und r378\OTL.exe_{78f54eeb-53c3-11e1-b884-002622f08946}. Drin waren otl.txt und extras.txt.
__________________Sind diese Ordner bzw Unterordner von OTL gemacht? PS: Habe vergessen zu sagen, dass ich OTL in der Sandbox von Avast ausgeführt habe, vielleicht deswegen diese Ordner und Unterordner? Geändert von cska133 (15.02.2012 um 21:41 Uhr) |
|
15.02.2012, 21:36
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | von meinem WEB.DE Account werden Spam-Mails verschickt asw... sollte von Avast sein
__________________
__________________ |
|
15.02.2012, 21:46
| #19 |
| | von meinem WEB.DE Account werden Spam-Mails verschickt ach ich dachte nicht dass es etwas mit Windows System zutun hat... ok. Werde später neue otl.txt posten |
|
16.02.2012, 12:43
| #20 |
| | von meinem WEB.DE Account werden Spam-Mails verschickt hier die Logs. Allerdings führt der Befehl eines Wiederherstellungspunktes im Code zu einem Fehler, kein Restore Point möglich  OTL.txt Code:
ATTFilter OTL logfile created on: 16.02.2012 09:58:35 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jatak81\Desktop\OTL 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,84 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 59,49% Memory free 7,68 Gb Paging File | 6,07 Gb Available in Paging File | 79,08% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 232,88 Gb Total Space | 189,99 Gb Free Space | 81,58% Space Free | Partition Type: NTFS Drive D: | 232,49 Gb Total Space | 180,60 Gb Free Space | 77,68% Space Free | Partition Type: NTFS Computer Name: JATAK_81 | User Name: Jatak81 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.02.10 15:38:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jatak81\Desktop\OTL\OTL.exe PRC - [2012.01.16 14:15:14 | 000,924,632 | ---- | M] (Mozilla Corporation) -- D:\Programme\FIREFOX Browser\firefox.exe PRC - [2012.01.16 14:15:09 | 000,016,856 | ---- | M] (Mozilla Corporation) -- D:\Programme\FIREFOX Browser\plugin-container.exe PRC - [2011.11.28 19:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- D:\Programme\AVAST AntiVirus\Alwil Software\Avast5\AvastUI.exe PRC - [2011.11.16 21:13:28 | 001,613,824 | ---- | M] (Mortal Universe) -- D:\Programme\POP Peeper\POPPeeper.exe PRC - [2010.03.04 15:30:10 | 000,095,744 | ---- | M] (CrispyBytes Software) -- D:\Programme\DateInTray\DateInTray.exe PRC - [2009.09.12 15:31:36 | 000,357,384 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe PRC - [2009.09.12 15:30:48 | 005,048,488 | ---- | M] (Acronis) -- D:\Programme\ACRONIS TrueImage Backup Tool\TrueImageMonitor.exe PRC - [2008.05.21 20:16:42 | 001,077,248 | ---- | M] (Singer's Creations) -- D:\Programme\Weather Watcher\ww.exe PRC - [2007.09.25 22:18:54 | 000,561,152 | ---- | M] (UASSOFT.COM) -- C:\Program Files (x86)\Multimedia Mouse Driver\V5\KMProcess.exe PRC - [2007.09.17 21:51:14 | 001,470,464 | ---- | M] (UASSOFT.COM) -- C:\Program Files (x86)\Multimedia Mouse Driver\V5\KMConfig.exe PRC - [2007.03.06 13:51:14 | 000,212,992 | ---- | M] (UASSOFT.COM) -- C:\Program Files (x86)\Multimedia Mouse Driver\V5\StartAutorun.exe ========== Modules (No Company Name) ========== MOD - [2012.01.16 14:15:13 | 002,124,760 | ---- | M] () -- D:\Programme\FIREFOX Browser\mozjs.dll MOD - [2011.11.17 00:12:17 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll MOD - [2007.08.05 21:53:32 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Multimedia Mouse Driver\V5\MouseHook.dll MOD - [2007.08.05 20:31:02 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\Multimedia Mouse Driver\V5\keydll.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009.08.27 13:38:22 | 000,251,760 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service) SRV:64bit: - [2009.08.05 14:20:12 | 000,488,800 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV:64bit: - [2009.08.04 11:15:06 | 000,826,224 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv) SRV:64bit: - [2009.08.03 17:17:56 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service) SRV:64bit: - [2009.07.28 14:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv) SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- D:\Programme\AVAST AntiVirus\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2011.06.14 19:46:31 | 001,355,968 | ---- | M] (Lavasoft) [Disabled | Stopped] -- D:\Programme\AD-AWARE (Lavasoft) AntiSpyware Tool\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2011.01.17 22:30:48 | 002,466,032 | ---- | M] (COMODO) [Auto | Running] -- D:\Programme\COMODO Firewall\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent) SRV - [2010.06.29 15:46:44 | 002,326,920 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv) SRV - [2009.09.12 15:32:46 | 000,891,432 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2009.08.17 10:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo) SRV - [2009.08.10 19:55:58 | 000,248,688 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService) SRV - [2009.08.06 15:02:50 | 000,116,104 | ---- | M] (Toshiba Europe GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO) SRV - [2009.07.14 19:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.05.22 19:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2009.03.10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service) SRV - [2007.04.13 20:09:56 | 000,792,112 | ---- | M] (Nero AG) [On_Demand | Stopped] -- D:\Programme\NERO Burning\Nero 7\Nero BackItUp\NBService.exe -- (NBService) SRV - [2003.02.04 07:22:30 | 000,181,312 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ScsiAccess.EXE -- (ScsiAccess) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.11.28 18:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2011.11.28 18:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2011.11.28 18:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr) DRV:64bit: - [2011.11.28 18:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2011.11.28 18:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2011.11.28 18:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.06.29 19:45:41 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd) DRV:64bit: - [2010.06.29 15:46:46 | 000,250,400 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp) DRV:64bit: - [2010.06.29 15:46:41 | 001,455,648 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm251.sys -- (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251) DRV:64bit: - [2010.06.29 15:46:39 | 000,929,312 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter) DRV:64bit: - [2010.06.29 15:46:33 | 000,254,496 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman) DRV:64bit: - [2010.06.09 16:10:16 | 000,046,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nm3.sys -- (nm3) DRV:64bit: - [2010.03.31 03:10:18 | 000,450,048 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8187B.sys -- (RTL8187B) DRV:64bit: - [2009.08.27 08:07:06 | 007,369,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.07.30 20:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter) DRV:64bit: - [2009.07.30 19:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst) DRV:64bit: - [2009.07.30 17:46:22 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009.07.24 15:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64) DRV:64bit: - [2009.07.20 17:48:32 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.07.14 15:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.10 06:45:12 | 000,139,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R) DRV:64bit: - [2009.06.22 17:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect) DRV:64bit: - [2009.06.20 03:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.06.19 19:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.04 17:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.05.22 21:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2678822560-3673682103-668471605-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH IE - HKU\S-1-5-21-2678822560-3673682103-668471605-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH IE - HKU\S-1-5-21-2678822560-3673682103-668471605-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: D:\Programme\VLC MediaPlayer\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.4: D:\Programme\VLC MediaPlayer\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Programme\ADOBE Reader\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@sun.com/npsopluginmi;version=1.0: D:\Programme\OpenOffice\OpenOffice.org 3\program [2011.01.12 18:09:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: D:\Programme\AVAST AntiVirus\Alwil Software\Avast5\WebRep\FF [2011.12.29 21:05:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: D:\Programme\FIREFOX Browser\components [2012.01.16 14:15:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: D:\Programme\FIREFOX Browser\plugins [2012.01.14 21:35:45 | 000,000,000 | ---D | M] [2010.01.19 20:29:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Extensions [2011.12.28 19:00:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL\extensions [2011.11.25 19:48:20 | 000,000,000 | ---D | M] (Old Location Bar) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0} [2011.11.25 19:48:20 | 000,000,000 | ---D | M] (External Application Buttons [de]) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL\extensions\{8ea2f18c-4168-4331-95b8-f7f30c253612} [2011.11.25 19:48:23 | 000,000,000 | ---D | M] (NoUn Buttons) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL\extensions\{99f30549-35d4-11d9-8a2a-396c6e707e82} [2011.12.09 21:11:40 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2011.12.28 19:00:30 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.11.26 18:36:26 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2011.11.25 19:48:20 | 000,000,000 | ---D | M] (Custom Buttons) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL\extensions\custombuttons@xsms.org [2011.11.25 19:48:19 | 000,000,000 | ---D | M] (Custom Buttons²) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL\extensions\CustomButtons2@cbtnext.org [2011.11.16 20:53:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (1)\extensions [2011.11.16 20:53:29 | 000,000,000 | ---D | M] (Panic Button) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (1)\extensions\{24cea704-946d-11da-a72b-0800200c9a66} [2011.11.16 20:53:29 | 000,000,000 | ---D | M] (Old Location Bar) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (1)\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0} [2011.11.16 20:53:30 | 000,000,000 | ---D | M] (Clear Cache Button) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (1)\extensions\{563e4790-7e70-11da-a72b-0800200c9a66} [2011.11.16 20:53:30 | 000,000,000 | ---D | M] (IE View) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (1)\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d} [2011.11.16 20:53:30 | 000,000,000 | ---D | M] (External Application Buttons [de]) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (1)\extensions\{8ea2f18c-4168-4331-95b8-f7f30c253612} [2011.11.16 20:53:30 | 000,000,000 | ---D | M] (Update Notifier [de]) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (1)\extensions\{95f24680-9e31-11da-a746-0800200c9a66} [2011.11.16 20:53:33 | 000,000,000 | ---D | M] (NoUn Buttons) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (1)\extensions\{99f30549-35d4-11d9-8a2a-396c6e707e82} [2011.11.16 20:53:33 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (1)\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2011.11.16 20:53:34 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (1)\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2011.11.16 20:53:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (1)\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.11.16 20:53:29 | 000,000,000 | ---D | M] (Custom Buttons) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (1)\extensions\custombuttons@xsms.org [2011.11.16 20:53:29 | 000,000,000 | ---D | M] (Custom Buttons²) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (1)\extensions\CustomButtons2@cbtnext.org [2011.11.24 17:16:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (2)\extensions [2011.11.24 17:16:06 | 000,000,000 | ---D | M] (Old Location Bar) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (2)\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0} [2011.11.24 17:16:06 | 000,000,000 | ---D | M] (External Application Buttons [de]) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (2)\extensions\{8ea2f18c-4168-4331-95b8-f7f30c253612} [2011.11.24 17:16:09 | 000,000,000 | ---D | M] (NoUn Buttons) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (2)\extensions\{99f30549-35d4-11d9-8a2a-396c6e707e82} [2011.11.24 17:16:09 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (2)\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2011.11.24 17:16:10 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (2)\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.11.24 17:16:05 | 000,000,000 | ---D | M] (Custom Buttons) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (2)\extensions\custombuttons@xsms.org [2011.11.24 17:16:05 | 000,000,000 | ---D | M] (Custom Buttons²) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (2)\extensions\CustomButtons2@cbtnext.org [2011.11.25 19:44:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (3)\extensions [2011.11.25 19:44:30 | 000,000,000 | ---D | M] (Old Location Bar) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (3)\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0} [2011.11.25 19:44:30 | 000,000,000 | ---D | M] (External Application Buttons [de]) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (3)\extensions\{8ea2f18c-4168-4331-95b8-f7f30c253612} [2011.11.25 19:44:32 | 000,000,000 | ---D | M] (NoUn Buttons) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (3)\extensions\{99f30549-35d4-11d9-8a2a-396c6e707e82} [2011.11.25 19:44:32 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (3)\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2011.11.25 19:44:33 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (3)\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.11.25 19:44:30 | 000,000,000 | ---D | M] (Custom Buttons) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (3)\extensions\custombuttons@xsms.org [2011.11.25 19:44:29 | 000,000,000 | ---D | M] (Custom Buttons²) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\_DEFAULT.PROFIL - Kopie (3)\extensions\CustomButtons2@cbtnext.org [2011.08.23 20:54:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\0s4fkwt4.default (0)\extensions [2011.07.19 15:50:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\0s4fkwt4.default (0)\extensions\trash [2011.07.13 00:35:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\1n8kfg9y.default (1)\extensions [2011.07.13 00:01:45 | 000,000,000 | ---D | M] (Panic Button) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\1n8kfg9y.default (1)\extensions\{24cea704-946d-11da-a72b-0800200c9a66} [2011.07.13 00:01:45 | 000,000,000 | ---D | M] (Old Location Bar) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\1n8kfg9y.default (1)\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0} [2011.07.13 00:01:45 | 000,000,000 | ---D | M] (Clear Cache Button) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\1n8kfg9y.default (1)\extensions\{563e4790-7e70-11da-a72b-0800200c9a66} [2011.07.13 00:01:45 | 000,000,000 | ---D | M] (IE View) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\1n8kfg9y.default (1)\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d} [2011.07.13 00:01:45 | 000,000,000 | ---D | M] (External Application Buttons [de]) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\1n8kfg9y.default (1)\extensions\{8ea2f18c-4168-4331-95b8-f7f30c253612} [2011.07.13 00:01:45 | 000,000,000 | ---D | M] (Update Notifier [de]) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\1n8kfg9y.default (1)\extensions\{95f24680-9e31-11da-a746-0800200c9a66} [2011.07.13 00:01:46 | 000,000,000 | ---D | M] (NoUn Buttons) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\1n8kfg9y.default (1)\extensions\{99f30549-35d4-11d9-8a2a-396c6e707e82} [2011.07.13 00:33:59 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\1n8kfg9y.default (1)\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2011.07.13 00:01:47 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\1n8kfg9y.default (1)\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2011.07.13 00:01:47 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\1n8kfg9y.default (1)\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.07.13 00:01:45 | 000,000,000 | ---D | M] (Custom Buttons) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\1n8kfg9y.default (1)\extensions\custombuttons@xsms.org [2011.07.13 00:01:44 | 000,000,000 | ---D | M] (Custom Buttons²) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\1n8kfg9y.default (1)\extensions\CustomButtons2@cbtnext.org [2011.11.25 19:07:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\2nlcv4u9.zum Test & Loeschen\extensions [2011.11.04 18:52:48 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\2nlcv4u9.zum Test & Loeschen\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2011.11.25 19:07:14 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\2nlcv4u9.zum Test & Loeschen\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.11.25 19:00:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\2nlcv4u9.zum Test & Loeschen - Kopie\extensions [2011.11.25 19:00:03 | 000,000,000 | ---D | M] (Panic Button) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\2nlcv4u9.zum Test & Loeschen - Kopie\extensions\{24cea704-946d-11da-a72b-0800200c9a66} [2011.11.25 19:00:03 | 000,000,000 | ---D | M] (Old Location Bar) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\2nlcv4u9.zum Test & Loeschen - Kopie\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0} [2011.11.25 19:00:04 | 000,000,000 | ---D | M] (External Application Buttons [de]) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\2nlcv4u9.zum Test & Loeschen - Kopie\extensions\{8ea2f18c-4168-4331-95b8-f7f30c253612} [2011.11.25 19:00:04 | 000,000,000 | ---D | M] (Update Notifier [de]) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\2nlcv4u9.zum Test & Loeschen - Kopie\extensions\{95f24680-9e31-11da-a746-0800200c9a66} [2011.11.25 19:00:07 | 000,000,000 | ---D | M] (NoUn Buttons) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\2nlcv4u9.zum Test & Loeschen - Kopie\extensions\{99f30549-35d4-11d9-8a2a-396c6e707e82} [2011.11.25 19:00:07 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\2nlcv4u9.zum Test & Loeschen - Kopie\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2011.11.25 19:00:08 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\2nlcv4u9.zum Test & Loeschen - Kopie\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2011.11.25 19:00:09 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\2nlcv4u9.zum Test & Loeschen - Kopie\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.11.25 19:00:10 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\2nlcv4u9.zum Test & Loeschen - Kopie\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2011.11.25 19:00:03 | 000,000,000 | ---D | M] (Custom Buttons) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\2nlcv4u9.zum Test & Loeschen - Kopie\extensions\custombuttons@xsms.org [2011.11.25 19:00:02 | 000,000,000 | ---D | M] (Custom Buttons²) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\2nlcv4u9.zum Test & Loeschen - Kopie\extensions\CustomButtons2@cbtnext.org [2011.01.31 22:31:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\cbfyyiyv.Profil wegen RTF+DOC\extensions [2011.07.12 23:40:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default\extensions [2010.04.13 19:20:24 | 000,000,000 | ---D | M] (Panic Button) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default\extensions\{24cea704-946d-11da-a72b-0800200c9a66} [2011.04.04 08:51:23 | 000,000,000 | ---D | M] (Old Location Bar) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0} [2010.04.13 19:20:19 | 000,000,000 | ---D | M] (Clear Cache Button) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default\extensions\{563e4790-7e70-11da-a72b-0800200c9a66} [2010.04.13 19:20:24 | 000,000,000 | ---D | M] (IE View) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d} [2010.04.13 19:20:24 | 000,000,000 | ---D | M] (External Application Buttons [de]) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default\extensions\{8ea2f18c-4168-4331-95b8-f7f30c253612} [2010.04.13 19:20:24 | 000,000,000 | ---D | M] (Update Notifier [de]) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66} [2010.04.13 19:20:19 | 000,000,000 | ---D | M] (NoUn Buttons) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default\extensions\{99f30549-35d4-11d9-8a2a-396c6e707e82} [2011.04.08 14:08:06 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2010.06.11 22:34:03 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2011.06.23 10:44:03 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.06.23 10:43:13 | 000,000,000 | ---D | M] (Custom Buttons) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default\extensions\custombuttons@xsms.org [2010.04.13 19:20:22 | 000,000,000 | ---D | M] (Custom Buttons²) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default\extensions\CustomButtons2@cbtnext.org [2010.01.19 20:29:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default - Kopie\extensions [2010.03.18 19:57:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default - Original\extensions [2010.03.18 19:57:34 | 000,000,000 | ---D | M] (Panic Button) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default - Original\extensions\{24cea704-946d-11da-a72b-0800200c9a66} [2010.03.18 19:57:34 | 000,000,000 | ---D | M] (Old Location Bar) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default - Original\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0} [2010.03.18 19:57:34 | 000,000,000 | ---D | M] (Clear Cache Button) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default - Original\extensions\{563e4790-7e70-11da-a72b-0800200c9a66} [2010.03.18 19:57:34 | 000,000,000 | ---D | M] (IE View) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default - Original\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d} [2010.03.18 19:57:35 | 000,000,000 | ---D | M] (Googlebar Lite) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default - Original\extensions\{79c50f9a-2ffe-4ee0-8a37-fae4f5dacd4f} [2010.03.18 19:57:35 | 000,000,000 | ---D | M] (External Application Buttons [de]) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default - Original\extensions\{8ea2f18c-4168-4331-95b8-f7f30c253612} [2010.03.18 19:57:35 | 000,000,000 | ---D | M] (Update Notifier [de]) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default - Original\extensions\{95f24680-9e31-11da-a746-0800200c9a66} [2010.03.18 19:57:36 | 000,000,000 | ---D | M] (NoUn Buttons) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default - Original\extensions\{99f30549-35d4-11d9-8a2a-396c6e707e82} [2010.03.18 19:57:37 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default - Original\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.03.18 19:57:30 | 000,000,000 | ---D | M] (Cache Status) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default - Original\extensions\cache@status.org [2010.03.18 19:57:32 | 000,000,000 | ---D | M] (Custom Buttons²) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default - Original\extensions\CustomButtons2@cbtnext.org [2010.03.18 19:57:32 | 000,000,000 | ---D | M] ("Searchbar Autocomplete Order") -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default - Original\extensions\searchbarAutocompleteOrder@alice [2010.03.18 19:57:34 | 000,000,000 | ---D | M] (SQLite Manager) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\Default Profiles (alt)\0s4fkwt4.default - Original\extensions\SQLiteManager@mrinalkant.blogspot.com [2011.11.25 18:58:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\nrz0inro.0000000000000000\extensions [2011.11.24 17:07:33 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\nrz0inro.0000000000000000\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2011.11.25 18:58:26 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\nrz0inro.0000000000000000\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.11.16 21:44:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\osaut18e.WEGEN_FLACKERTN\extensions [2011.11.16 21:14:29 | 000,000,000 | ---D | M] (Panic Button) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\osaut18e.WEGEN_FLACKERTN\extensions\{24cea704-946d-11da-a72b-0800200c9a66} [2011.11.16 21:14:29 | 000,000,000 | ---D | M] (Old Location Bar) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\osaut18e.WEGEN_FLACKERTN\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0} [2011.11.16 21:14:29 | 000,000,000 | ---D | M] (Clear Cache Button) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\osaut18e.WEGEN_FLACKERTN\extensions\{563e4790-7e70-11da-a72b-0800200c9a66} [2011.11.16 21:14:30 | 000,000,000 | ---D | M] (External Application Buttons [de]) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\osaut18e.WEGEN_FLACKERTN\extensions\{8ea2f18c-4168-4331-95b8-f7f30c253612} [2011.11.16 21:14:30 | 000,000,000 | ---D | M] (Update Notifier [de]) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\osaut18e.WEGEN_FLACKERTN\extensions\{95f24680-9e31-11da-a746-0800200c9a66} [2011.11.16 21:14:31 | 000,000,000 | ---D | M] (NoUn Buttons) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\osaut18e.WEGEN_FLACKERTN\extensions\{99f30549-35d4-11d9-8a2a-396c6e707e82} [2011.11.16 21:14:31 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\osaut18e.WEGEN_FLACKERTN\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2011.11.16 21:14:32 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\osaut18e.WEGEN_FLACKERTN\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2011.11.16 21:44:45 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\osaut18e.WEGEN_FLACKERTN\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.11.16 21:14:29 | 000,000,000 | ---D | M] (Custom Buttons) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\osaut18e.WEGEN_FLACKERTN\extensions\custombuttons@xsms.org [2011.11.16 21:14:29 | 000,000,000 | ---D | M] (Custom Buttons²) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\osaut18e.WEGEN_FLACKERTN\extensions\CustomButtons2@cbtnext.org [2011.01.31 21:05:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\qcy11sxi.Ganz-ganz_NEU\extensions [2010.03.01 16:23:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\rm5kexch.Ganz_NEU\extensions [2012.01.16 14:22:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\rpa4aq9j.NEU\extensions [2011.08.23 20:45:08 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\rpa4aq9j.NEU\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.01.16 14:22:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\rpa4aq9j.NEU\extensions\staged [2011.12.02 21:05:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\xwdndx2p.________\extensions [2011.11.25 19:17:51 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\xwdndx2p.________\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2011.11.25 19:17:52 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\xwdndx2p.________\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.11.25 15:55:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\xwdndx2p.________ - Kopie\extensions [2011.11.25 19:31:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\zoen1t1f.Standard-Benutzer\extensions [2011.11.25 19:31:58 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jatak81\AppData\Roaming\mozilla\Firefox\Profiles\zoen1t1f.Standard-Benutzer\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll File not found O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKU\S-1-5-21-2678822560-3673682103-668471605-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4:64bit: - HKLM..\Run: [COMODO Internet Security] D:\Programme\COMODO Firewall\COMODO\COMODO Internet Security\cfp.exe (COMODO) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avast5] D:\Programme\AVAST AntiVirus\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [KMConfig] "C:\Program Files (x86)\Multimedia Mouse Driver\V5\StartAutorun.exe" KMConfig.exe File not found O4 - HKLM..\Run: [TrueImageMonitor.exe] D:\Programme\ACRONIS TrueImage Backup Tool\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [tuloxFreeWBF] File not found O4 - HKU\.DEFAULT..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA) O4 - HKU\S-1-5-18..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2678822560-3673682103-668471605-1000..\Run: [DateInTray] D:\Programme\DateInTray\DateInTray.exe (CrispyBytes Software) O4 - HKU\S-1-5-21-2678822560-3673682103-668471605-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O4 - HKU\S-1-5-21-2678822560-3673682103-668471605-1000..\Run: [WeatherWatcher] D:\Programme\Weather Watcher\ww.exe (Singer's Creations) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKLM..\RunOnceEx: [] File not found O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\Jatak81\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\POP Peeper.lnk = D:\Programme\POP Peeper\POPPeeper.exe (Mortal Universe) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = Reg Error: Unknown registry data type File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-2678822560-3673682103-668471605-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab (BDSCANONLINE Control) O16 - DPF: {72376E32-8AF2-473F-BE32-E5D0F39C865D} hxxp://www.cyberlink.com/prog/win7/js/UpdateAdvisor.cab (CUpdateAdvisorCtrl Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 195.50.140.182 195.50.140.114 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18837B9E-14C3-4626-ABAA-05812D25A579}: DhcpNameServer = 192.168.1.1 195.50.140.182 195.50.140.114 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18837B9E-14C3-4626-ABAA-05812D25A579}: NameServer = 192.168.1.1,195.50.140.182 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6556F80-DEDB-4C79-BEDB-9EB447F983CF}: DhcpNameServer = 192.168.1.1 195.50.140.182 195.50.140.114 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) -C:\Windows\SysWOW64\guard32.dll (COMODO) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (lsdelete) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found O37 - HKLM\...exe [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found MsConfig:64bit - StartUpFolder: C:^Users^Jatak81^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^TRDCReminder.lnk - C:\PROGRA~2\TOSHIBA\TRDCRE~1\TRDCRE~1.EXE - (TOSHIBA Europe) MsConfig:64bit - StartUpReg: 00TCrdMain - hkey= - key= - C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - D:\Programme\ADOBE Reader\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: CheckPoint Cleanup - hkey= - key= - File not found MsConfig:64bit - StartUpReg: HWSetup - hkey= - key= - C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.) MsConfig:64bit - StartUpReg: KeNotify - hkey= - key= - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION) MsConfig:64bit - StartUpReg: mcagent_exe - hkey= - key= - File not found MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: SmartFaceVWatcher - hkey= - key= - C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation) MsConfig:64bit - StartUpReg: SmoothView - hkey= - key= - C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) MsConfig:64bit - StartUpReg: SVPWUTIL - hkey= - key= - C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA) MsConfig:64bit - StartUpReg: Teco - hkey= - key= - C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) MsConfig:64bit - StartUpReg: TOSHIBA Online Product Information - hkey= - key= - C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA) MsConfig:64bit - StartUpReg: Toshiba Registration - hkey= - key= - C:\Programme\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH) MsConfig:64bit - StartUpReg: Toshiba TEMPRO - hkey= - key= - C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH) MsConfig:64bit - StartUpReg: ToshibaServiceStation - hkey= - key= - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) MsConfig:64bit - StartUpReg: TosNC - hkey= - key= - C:\Programme\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) MsConfig:64bit - StartUpReg: TosReelTimeMonitor - hkey= - key= - C:\Programme\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) MsConfig:64bit - StartUpReg: TosSENotify - hkey= - key= - C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) MsConfig:64bit - StartUpReg: TosWaitSrv - hkey= - key= - C:\Programme\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation) MsConfig:64bit - StartUpReg: TPwrMain - hkey= - key= - C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) MsConfig:64bit - StartUpReg: TWebCamera - hkey= - key= - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) MsConfig:64bit - StartUpReg: WinampAgent - hkey= - key= - D:\Programme\WinAmp\winampa.exe () MsConfig:64bit - StartUpReg: ZoneAlarm Client - hkey= - key= - File not found MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "bootini" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: MCODS - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: Lavasoft Ad-Aware Service - D:\Programme\AD-AWARE (Lavasoft) AntiSpyware Tool\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SafeBootMin: MCODS - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: MpfService - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: vsmon - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Lavasoft Ad-Aware Service - D:\Programme\AD-AWARE (Lavasoft) AntiSpyware Tool\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SafeBootNet: Messenger - Service SafeBootNet: MpfService - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: vsmon - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{1DE4C716-4A8E-44BE-A053-EF43EEAE57F6} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\Windows\SysWow64\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2012.02.14 14:47:41 | 000,000,000 | ---D | C] -- C:\Users\Jatak81\Desktop\OTL [2012.01.24 12:02:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.02.16 09:53:16 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.02.16 09:53:16 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.02.16 09:46:19 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.02.16 09:44:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.02.16 09:44:45 | 3092,938,752 | -HS- | M] () -- C:\hiberfil.sys [2012.02.15 22:42:05 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.02.11 21:46:26 | 000,076,511 | ---- | M] () -- C:\Users\Jatak81\Desktop\morrison_critical_insights.pdf [2012.02.10 15:47:39 | 000,095,203 | ---- | M] () -- C:\Users\Jatak81\Desktop\HARRIS--How You Sound.pdf [2012.02.08 19:59:48 | 002,161,367 | ---- | M] () -- C:\Users\Jatak81\Desktop\Bewerbung Krastev.zip [2012.02.03 22:34:18 | 000,104,626 | ---- | M] () -- C:\Users\Jatak81\Desktop\runner-up_essay_choi10.pdf [2012.01.24 19:07:17 | 000,067,827 | ---- | M] () -- C:\Users\Jatak81\Desktop\Immatrikulation(2).pdf [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.02.11 21:46:26 | 000,076,511 | ---- | C] () -- C:\Users\Jatak81\Desktop\morrison_critical_insights.pdf [2012.02.10 15:47:39 | 000,095,203 | ---- | C] () -- C:\Users\Jatak81\Desktop\HARRIS--How You Sound.pdf [2012.02.03 22:34:18 | 000,104,626 | ---- | C] () -- C:\Users\Jatak81\Desktop\runner-up_essay_choi10.pdf [2012.01.24 19:07:17 | 000,067,827 | ---- | C] () -- C:\Users\Jatak81\Desktop\Immatrikulation(2).pdf [2011.12.16 22:47:01 | 006,050,070 | ---- | C] () -- C:\Users\Jatak81\AppData\Local\census.cache [2011.12.16 22:46:25 | 000,125,538 | ---- | C] () -- C:\Users\Jatak81\AppData\Local\ars.cache [2011.12.16 22:33:30 | 000,000,036 | ---- | C] () -- C:\Users\Jatak81\AppData\Local\housecall.guid.cache [2011.11.19 13:50:17 | 000,003,584 | ---- | C] () -- C:\Users\Jatak81\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.09.03 16:23:16 | 000,000,001 | ---- | C] () -- C:\Users\Jatak81\AppData\Local\llftool.4.05.agreement [2011.05.17 21:27:12 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2010.10.15 23:14:41 | 000,007,668 | ---- | C] () -- C:\Users\Jatak81\AppData\Local\resmon.resmoncfg [2010.08.31 12:32:31 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2010.07.25 20:06:21 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI [2010.07.14 19:22:32 | 000,000,022 | ---- | C] () -- C:\Windows\kodakpcd.ini [2010.05.27 16:55:41 | 000,024,575 | ---- | C] () -- C:\Windows\SysWow64\Usengwinsyspios.dll [2010.05.27 15:20:31 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe [2009.08.27 08:05:12 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin [2009.08.27 08:05:12 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin [2009.08.27 08:05:12 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin [2009.08.27 08:05:12 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2009.04.28 03:37:00 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\SPCtl.dll [2009.01.05 13:44:10 | 000,053,248 | ---- | C] () -- C:\Windows\bdoscandel.exe [2009.01.05 13:44:10 | 000,000,483 | ---- | C] () -- C:\Windows\bdoscandellang.ini [2003.02.04 07:22:30 | 000,181,312 | ---- | C] () -- C:\Windows\SysWow64\ScsiAccess.EXE [2000.09.08 14:53:50 | 000,073,839 | ---- | C] () -- C:\Windows\SysWow64\KodakOneTouch.dll ========== LOP Check ========== [2010.09.27 12:57:43 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\Acronis [2011.12.22 23:22:21 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\Ashampoo [2010.05.07 22:18:26 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\Ectaco [2011.09.10 17:17:28 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\FreeAudioPack [2010.01.27 21:35:08 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\LingvoSoft [2010.01.27 23:06:56 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\OpenOffice.org [2011.11.26 18:37:49 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\QuickScan [2010.01.19 16:43:04 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\Toshiba [2011.06.29 10:00:45 | 000,000,502 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job [2011.11.18 13:27:55 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.09.27 12:57:43 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\Acronis [2011.10.24 19:26:08 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\Adobe [2010.07.27 12:34:30 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\Ahead [2011.12.22 23:22:21 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\Ashampoo [2011.10.09 17:20:37 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\dvdcss [2010.05.07 22:18:26 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\Ectaco [2011.09.10 17:17:28 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\FreeAudioPack [2010.01.20 13:19:01 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\Google [2010.01.19 16:33:41 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\Identities [2010.01.27 21:35:08 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\LingvoSoft [2009.09.08 09:13:26 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\Macromedia [2010.10.06 19:30:34 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\Malwarebytes [2009.07.14 19:18:18 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\Media Center Programs [2011.10.24 19:26:08 | 000,000,000 | --SD | M] -- C:\Users\Jatak81\AppData\Roaming\Microsoft [2011.08.23 19:01:58 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\Mozilla [2010.01.27 23:06:56 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\OpenOffice.org [2011.11.26 18:37:49 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\QuickScan [2012.02.16 10:11:43 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\Skype [2011.11.10 20:14:35 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\Skype - Kopie [2010.01.19 16:43:04 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\Toshiba [2011.08.12 20:13:13 | 000,000,000 | ---D | M] -- C:\Users\Jatak81\AppData\Roaming\vlc < %APPDATA%\*.exe /s > [2009.08.05 17:37:36 | 000,038,208 | ---- | M] () -- C:\Users\Jatak81\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTOR.SYS > [2009.06.04 17:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2009.06.04 17:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\drivers\iaStor.sys [2009.06.04 17:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys [2009.06.04 17:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys < MD5 for: IASTORV.SYS > [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys [2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys [2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll < MD5 for: USERINIT.EXE > [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < > ========== Alternate Data Streams ========== @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:B755D674 < End of report > |
|
16.02.2012, 12:45
| #21 |
| | von meinem WEB.DE Account werden Spam-Mails verschickt extras.txt Code:
ATTFilter OTL Extras logfile created on: 16.02.2012 09:58:35 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jatak81\Desktop\OTL
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,84 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 59,49% Memory free
7,68 Gb Paging File | 6,07 Gb Available in Paging File | 79,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 189,99 Gb Free Space | 81,58% Space Free | Partition Type: NTFS
Drive D: | 232,49 Gb Total Space | 180,60 Gb Free Space | 77,68% Space Free | Partition Type: NTFS
Computer Name: JATAK_81 | User Name: Jatak81 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.chm [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.cmd [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.com [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.cpl [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.exe [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.hlp [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.hta [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.html [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.inf [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.ini [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.url [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.js [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.jse [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.pif [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.reg [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.scr [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.vbe [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.vbs [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.wsf [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.wsh [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-2678822560-3673682103-668471605-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programme\FIREFOX Browser\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VLC MediaPlayer\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "D:\Programme\CEWE-Fotobuch\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "D:\Programme\CEWE-Fotobuch\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "D:\Programme\VLC MediaPlayer\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Programme\WinAmp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Programme\WinAmp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Programme\WinAmp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- Reg Error: Key error.
batfile [open] -- Reg Error: Key error.
batfile [print] -- Reg Error: Key error.
chm.file [open] -- Reg Error: Key error.
cmdfile [edit] -- Reg Error: Key error.
cmdfile [open] -- Reg Error: Key error.
cmdfile [print] -- Reg Error: Key error.
comfile [open] -- Reg Error: Key error.
cplfile [cplopen] -- Reg Error: Key error.
exefile [open] -- Reg Error: Key error.
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- Reg Error: Key error.
htafile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- Reg Error: Key error.
inffile [open] -- Reg Error: Key error.
inffile [print] -- Reg Error: Key error.
inifile [open] -- Reg Error: Key error.
inifile [print] -- Reg Error: Key error.
InternetShortcut [open] -- Reg Error: Key error.
InternetShortcut [print] -- Reg Error: Key error.
jsfile [edit] -- Reg Error: Key error.
jsfile [open] -- Reg Error: Key error.
jsfile [print] -- Reg Error: Key error.
jsefile [edit] -- Reg Error: Key error.
jsefile [open] -- Reg Error: Key error.
jsefile [print] -- Reg Error: Key error.
piffile [open] -- Reg Error: Key error.
regfile [edit] -- Reg Error: Key error.
regfile [open] -- Reg Error: Key error.
regfile [merge] -- Reg Error: Key error.
regfile [print] -- Reg Error: Key error.
scrfile [config] -- Reg Error: Key error.
scrfile [install] -- Reg Error: Key error.
scrfile [open] -- Reg Error: Key error.
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- Reg Error: Key error.
txtfile [print] -- Reg Error: Key error.
txtfile [printto] -- Reg Error: Key error.
vbefile [edit] -- Reg Error: Key error.
vbefile [open] -- Reg Error: Key error.
vbefile [print] -- Reg Error: Key error.
vbsfile [edit] -- Reg Error: Key error.
vbsfile [open] -- Reg Error: Key error.
vbsfile [print] -- Reg Error: Key error.
wsffile [edit] -- Reg Error: Key error.
wsffile [open] -- Reg Error: Key error.
wsffile [print] -- Reg Error: Key error.
wshfile [open] -- Reg Error: Key error.
Unknown [openas] -- Reg Error: Key error.
Folder [open] -- Reg Error: Key error.
Folder [explore] -- Reg Error: Key error.
Drive [find] -- Reg Error: Key error.
Applications\iexplore.exe [open] -- Reg Error: Key error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}" = TOSHIBA Bulletin Board
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8C5B5A11-CBF8-451B-B201-77FAB0D0B77D}" = Microsoft Network Monitor 3.4
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963E5FEB-1367-46B9-851D-A957F1A3747F}" = Microsoft Network Monitor: NetworkMonitor Parsers 3.4
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C2DDF845-7107-40E8-8D2A-8719F1799570}" = TOSHIBA ReelTime
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CutePDF Writer Installation" = CutePDF Writer 2.8
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{015E4B8A-29B5-4AE3-BD08-38220FADFF4C}" = aspi
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0823A2E3-69DD-A37A-7CD9-1CBEB037545C}" = Toshiba Photo Service - powered by myphotobook
"{08F32589-5E39-42B8-8BC5-6A8126ED2A70}" = Microsoft Visual C++ 2008 Redistributable Package
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{10E98E14-832C-4AF7-A4D1-6A9EF83B282E}" = VCAMCEN
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 29
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{469730CC-78DF-4CD3-B286-562D459EA619}" = ESSCAM
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69BD6399-3D8F-45B7-81D9-819361F5101D}" = PCDLNCH
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{78F79C84-BFD5-4D79-A07D-F39A3CF428DC}" = HLPIndex
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}" = ESSCT
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00D1-0407-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (German)
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97A39919-9FEA-48B7-AB2B-4F99212D1E98}" = HDD Regenerator
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{9E4FF410-471F-49E3-9358-74FF0D5E9901}" = Toshiba TEMPRO
"{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}" = SFR2
"{A2104078-AAA5-449E-95DD-55C9443A1031}" = Nero 7 Essentials
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
"{A6F18A67-B771-4191-8A33-36D2E742D6D9}" = ESSANUP
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9495514-098A-4869-A464-C455857BC464}" = Multimedia Mouse Driver
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}" = Acronis*True*Image*Home
"{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}" = SFR
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C82185E8-C27B-4EF4-2010-2222BC2C2B6D}" = Microsoft MapPoint Europa 2010
"{CA60320D-6A16-49C8-A34F-84EEF4799567}" = ESSTUTOR
"{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}" = ESSAdpt
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare Software
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E83BA61A-5D77-4DD5-9C92-A3447F11E27D}" = eBay
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2D0C1B1-80FF-46F9-BA61-33B01A07FAFC}" = HLPCCTR
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Ashampoo Burning Studio 2012_is1" = Ashampoo Burning Studio 2012 v10.0.15
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"CutePDF Professional (Evaluation)_is1" = CutePDF Professional 3.2 (Evaluation)
"DateInTray" = DateInTray 1.6
"ESET Online Scanner" = ESET Online Scanner v3
"eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Toshiba Photo Service - powered by myphotobook
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.4.0
"Gaberoff Koral Free German Dictionary 1.0" = Gaberoff Koral Free German Dictionary 1.0
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"Hard Disk Low Level Format Tool_is1" = Hard Disk Low Level Format Tool 4.05
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IconCool Editor v4.0" = IconCool Editor v4.0
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}" = TOSHIBA Bulletin Board
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{A9495514-098A-4869-A464-C455857BC464}" = Multimedia Mouse Driver
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{C2DDF845-7107-40E8-8D2A-8719F1799570}" = TOSHIBA ReelTime
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"LingvoSoft Dictionary German-Russian for Windows" = LingvoSoft Dictionary German-Russian for Windows
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Miranda IM" = Miranda IM 0.9.29
"MozBackup" = MozBackup 1.4.9
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"POP Peeper" = POP Peeper
"ReOrganize_is1" = ReOrganize!
"Revo Uninstaller" = Revo Uninstaller 1.91
"StrongDC++" = StrongDC++ 2.41
"The Treasures Of Montezuma" = The Treasures Of Montezuma
"The Treasures Of Montezuma 2" = The Treasures Of Montezuma 2
"tulox Freeware-Wörterbuch (Französisch)" = tulox Freeware-Wörterbuch (Französisch)
"VLC media player" = VLC media player 1.1.4
"Weather Watcher_is1" = Weather Watcher
"WildTangent toshiba Master Uninstall" = WildTangent-Spiele
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinZip" = WinZip
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 06.01.2012 14:56:21 | Computer Name = Jatak_81 | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Jatak81\Desktop\esetsmartinstaller_deu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error - 06.01.2012 14:56:31 | Computer Name = Jatak_81 | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Jatak81\Desktop\esetsmartinstaller_deu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error - 07.01.2012 10:32:11 | Computer Name = Jatak_81 | Source = ESENT | ID = 490
Description = Catalog Database (1072) Catalog Database: Versuch, Datei "C:\Windows\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 07.01.2012 10:32:11 | Computer Name = Jatak_81 | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert
werden. "ESENT"-Fehler: -1032.
Error - 07.01.2012 10:32:54 | Computer Name = Jatak_81 | Source = ESENT | ID = 490
Description = Catalog Database (1072) Catalog Database: Versuch, Datei "C:\Windows\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 07.01.2012 10:32:54 | Computer Name = Jatak_81 | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert
werden. "ESENT"-Fehler: -1032.
Error - 07.01.2012 10:33:11 | Computer Name = Jatak_81 | Source = ESENT | ID = 490
Description = Catalog Database (1072) Catalog Database: Versuch, Datei "C:\Windows\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 07.01.2012 10:33:11 | Computer Name = Jatak_81 | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert
werden. "ESENT"-Fehler: -1032.
Error - 07.01.2012 10:33:41 | Computer Name = Jatak_81 | Source = ESENT | ID = 490
Description = Catalog Database (1072) Catalog Database: Versuch, Datei "C:\Windows\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 07.01.2012 10:33:45 | Computer Name = Jatak_81 | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert
werden. "ESENT"-Fehler: -1032.
[ System Events ]
Error - 15.02.2012 07:43:41 | Computer Name = Jatak_81 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 15.02.2012 07:43:41 | Computer Name = Jatak_81 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 15.02.2012 07:43:41 | Computer Name = Jatak_81 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 15.02.2012 07:43:43 | Computer Name = Jatak_81 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 15.02.2012 07:45:16 | Computer Name = Jatak_81 | Source = DCOM | ID = 10005
Description =
Error - 15.02.2012 07:49:53 | Computer Name = Jatak_81 | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 15.02.2012 09:15:28 | Computer Name = Jatak_81 | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 15.02.2012 09:38:29 | Computer Name = Jatak_81 | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 15.02.2012 09:44:23 | Computer Name = Jatak_81 | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 16.02.2012 04:46:47 | Computer Name = Jatak_81 | Source = WMPNetworkSvc | ID = 866300
Description =
< End of report >
|
|
16.02.2012, 13:58
| #22 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | von meinem WEB.DE Account werden Spam-Mails verschicktZitat:
Zitat:
Bitte umgehend deinstallieren, Windows danach neustarten und sicherstellen, dass die Windows-Firewall aktiv ist und keine gefährlichen "Löcher" (siehe Ausnahmeliste) hat. Hast du wikrlich so viele Firefox-Addons installiert wie ich im Log da sehe?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.02.2012, 15:11
| #23 | |||
| | von meinem WEB.DE Account werden Spam-Mails verschicktZitat:
Zitat:
 Zitat:
|
|
16.02.2012, 15:16
| #24 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | von meinem WEB.DE Account werden Spam-Mails verschickt Was ja? "ja" ist ist kein Grund für eine Trennung Was passiert denn wenn du C plattmachst und Windows darauf neuinstalliert? Glaubst du die Programme kannst du dann einfach so weiternutzen wir vorher? Nein geht nicht in fast allen Fällen Zitat:
Die Vertrauensbrecher c't Editorial über Internet Security Suites und warum sie idR nichts taugen Oberthal online: Personal Firewalls: Sinnvoll oder sinnfrei? personal firewalls ? Wiki ? ubuntuusers.de Dann wirst Du feststellen, dass es einfach nur unnötig ist, sich das System mit einer weiteren "Schutzkomponente" zu verhunzen... Malwarebefall vermeiden kannst Du sowieso nur, wenn Du selbst Dein verhalten in den Griff bekommst => Kompromittierung unvermeidbar?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu von meinem WEB.DE Account werden Spam-Mails verschickt |
| account, adresse, adressen, andere, anderen, anwendungen, arbeit, bereit, comodo, emails, hängt, komische, online, punkt, screenshot, spam-mails, tagen, verschickt, versendet, web.de, überhaupt, zuhause |
Linear-Darstellung
