| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: chatzum und safe searcher von softonicWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.09.2012, 16:35
| #1 |
| |  chatzum und safe searcher von softonic hallo, gehöre leider auch in die riege derer, die sich die chatzum-toolbar samt safe search von softonic gefangen haben. bei mir war es durch den download von prtscr. ursprünglich waren firefox und internet explorer (8) befallen. firefox habe ich de- und neuinstalliert und er ist jetzt zumindest chatzum-frei. der internet explorer ist weiterhin betroffen. da ich windows 7 habe, lässt er sich nur deaktivieren und nicht deinstallieren. update auf explorer 9 hat nichts gebracht. folgendes habe ich bereits gemacht: mbam installiert und laufen lassen, adaware installiert und laufen lassen. adwcleaner installiert und laufen lassen. in der programmliste taucht chatzum trotzdem weiterhin auf. otl-datei: Code:
ATTFilter
OTL Extras logfile created on: 19.09.2012 17:27:30 - Run 4
OTL by OldTimer - Version 3.2.63.0 Folder = C:\Users\stefan\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,80 Gb Total Physical Memory | 2,22 Gb Available Physical Memory | 58,35% Memory free
7,60 Gb Paging File | 5,90 Gb Available in Paging File | 77,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 293,75 Gb Total Space | 206,45 Gb Free Space | 70,28% Space Free | Partition Type: NTFS
Computer Name: STEFAN-TOSH | User Name: stefan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{022E1362-89BF-4457-B012-F9605768E1F3}" = lport=139 | protocol=6 | dir=in | app=system |
"{08E32037-3D4E-43CB-8C0D-6617BFAD0E28}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{10319ED6-2E77-4F35-95D8-78C6487DC355}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1DC789E5-88F2-4571-A156-2F523B32CF98}" = rport=138 | protocol=17 | dir=out | app=system |
"{4B4EEA92-3CED-4D7F-B581-6B21AFEF8A45}" = rport=139 | protocol=6 | dir=out | app=system |
"{5DEA6D1A-FF84-4EE5-B2C4-465EE317CD07}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{80C96C02-CF7D-4FF9-A6EC-7E1D5215B17C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8437D449-ADF8-4696-A402-8072F30308DC}" = lport=138 | protocol=17 | dir=in | app=system |
"{941D5FE7-40DD-408B-A4BE-72F5FF18B8FA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A198BA1D-2A9E-4DB8-85C0-078BC1C6C6D5}" = rport=445 | protocol=6 | dir=out | app=system |
"{D55B83C7-DBB0-4583-B748-91C092FFC6AC}" = rport=137 | protocol=17 | dir=out | app=system |
"{F506422D-E471-46CB-9CB0-79ED8958CE28}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F6EDF4EC-5988-4760-B527-B368F431F1F5}" = lport=445 | protocol=6 | dir=in | app=system |
"{FAB5CEF7-ED24-401F-8809-5B74FC644131}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{36E66C0F-5098-4796-A627-F82D74C56666}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4274D2A8-D36B-45F5-B06C-07EC829A34C3}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{59D79246-E2D3-4C8C-AFB1-B8970B4C970C}" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!\igd_finder.exe |
"{7D644967-8FBB-4FC0-9786-69ED6FBE848A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8047EE72-CEF1-4C94-9D22-6E9016F09245}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{861DF3F9-A407-48C1-8E01-24A71381BC6C}" = protocol=17 | dir=in | app=c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe |
"{AC526054-2EC7-4A00-819E-0BDFCB5E5DE1}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{AFA4BCAA-1C00-441C-BCB5-2510B9C9AA9E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{B1ACAA69-1145-48B7-98B3-5EE7F2CAAA6F}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{C553A8DE-C15D-4AF3-95B7-D2956E72D925}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{C96E8BA8-6AF4-4FF4-87E3-5B8A47EB1A54}" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!\igd_finder.exe |
"{CF12E2D9-054E-408C-B05D-F593CA99C6FE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D41E2093-14FA-4AD0-A0F1-50973AF0A36F}" = protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe |
"{E26802D9-4744-4B81-BA90-4C34705F9609}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{EED1AC25-131F-4F99-BCDB-4FE77272830B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F5B31909-5D3C-4777-B444-9E044FC01631}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"TCP Query User{220CF45C-F0AE-4828-BFA8-1E7A97870A07}C:\program files (x86)\adobe\golive cs_deu\golive.exe" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\golive cs_deu\golive.exe |
"TCP Query User{33648EBC-C0CB-4079-B5C2-F64106D3AAC0}C:\users\stefan\appdata\local\temp\_istmp3.dir\_ins5576._mp" = protocol=6 | dir=in | app=c:\users\stefan\appdata\local\temp\_istmp3.dir\_ins5576._mp |
"TCP Query User{AAA0CED4-10D9-42C7-A5A7-2396FD2CF9C1}C:\program files (x86)\fritz!\frifax32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!\frifax32.exe |
"TCP Query User{DA8FBE37-56DA-410F-89BD-3F33B103ADB9}C:\users\stefan\appdata\local\temp\_istmp3.dir\_istmp0.dir\igd_finder.exe" = protocol=6 | dir=in | app=c:\users\stefan\appdata\local\temp\_istmp3.dir\_istmp0.dir\igd_finder.exe |
"UDP Query User{57459B19-4920-4CA3-9C08-9DC84ECCABB3}C:\program files (x86)\adobe\golive cs_deu\golive.exe" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\golive cs_deu\golive.exe |
"UDP Query User{635BD085-C097-45DC-8B75-42618DE719E7}C:\users\stefan\appdata\local\temp\_istmp3.dir\_istmp0.dir\igd_finder.exe" = protocol=17 | dir=in | app=c:\users\stefan\appdata\local\temp\_istmp3.dir\_istmp0.dir\igd_finder.exe |
"UDP Query User{87558213-A9F0-4CC8-8C4D-7164B9E658DA}C:\users\stefan\appdata\local\temp\_istmp3.dir\_ins5576._mp" = protocol=17 | dir=in | app=c:\users\stefan\appdata\local\temp\_istmp3.dir\_ins5576._mp |
"UDP Query User{F4BDCE2C-1E66-4EF6-A9F0-62246CEA84A1}C:\program files (x86)\fritz!\frifax32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!\frifax32.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{3DA00A00-C3E9-4064-B62C-CAD25EAF0B6A}" = Nitro PDF Reader 2
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"2C293EC1A06665BB961CBA4EC7AFF4BF2BEAD042" = ENE CIR Receiver Driver
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"CCleaner" = CCleaner
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0420F95C-11FF-4E02-B967-6CC22B188F9F}" = Nero BackItUp
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{1777CCDA-F2F2-4A77-ACF4-0B7341229BBB}" = TOSHIBA ConfigFree
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2290A680-4083-410A-ADCC-7092C67FC052}" = TOSHIBA Online Product Information
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{23767F5D-A80C-4264-B8EA-ED4085FC332A}" = Adobe Illustrator CS5.1
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2b12a4e9-c782-45ef-801e-abd0a08d3d8d}" = Ad-Aware Antivirus
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{397516AE-7DFE-4F90-84E0-BD616D559434}" = Nero BurnRights
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{412033BC-44CF-48D9-B813-4B835101F4D3}" = Adobe Illustrator 10
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{46548E80-0407-0000-7E8A-45000F855001}" = Adobe GoLive CS2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{507C870C-C27E-4F53-A32A-23500AC62A46}" = Adobe GoLive CS (DEU)
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{51E2F9B3-A972-4F58-B4EF-4D9676D9F5D1}" = Nero RescueAgent
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
"{6C3CF7AC-5AB0-42D9-93C0-68166A57AFB6}" = Nero Express
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{91110407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-003F-0407-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9e9c626b-bc7f-446d-bcb1-8753133d589f}" = Nero 9 Essentials
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{B85727B8-7B0F-4B47-8CF4-70D23C87295A}" = Eudora
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DBB7021A-3437-446F-ACE5-7261644A972C}" = Toshiba TEMPRO
"{E08CC458-41FB-4BB5-9B08-2C83DB55A5B9}" = Nero BackItUp and Burn
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{EC1F15E1-F3CC-46EE-B7A5-849A08ED60DC}}_is1" = PantsOff 2.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FEB650EB-7639-444E-9FC2-C33EE6ED1A37}" = TOSHIBA Remote Control Manager
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe GoLive CS2 Deutsch" = Adobe GoLive CS2 Deutsch
"Adobe Illustrator 9.0.2" = Adobe Illustrator 9.0.2
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe SVG Viewer" = Adobe SVG Viewer
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Audacity_is1" = Audacity 2.0.2
"ChatZum Toolbar" = ChatZum Toolbar
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 7.1.1 Home Edition
"FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box
"FUSSBALL MANAGER 11" = FUSSBALL MANAGER 11
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"Mozilla Thunderbird (6.0.2)" = Mozilla Thunderbird (6.0.2)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA.Updatus" = NVIDIA Updatus
"WinLiveSuite_Wave3" = Windows Live Essentials
"Xenu's Link Sleuth" = Xenu's Link Sleuth
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 22.08.2012 15:24:41 | Computer Name = stefan-TOSH | Source = BackItUp5 | ID = 6277
Description = Job execution failed because the selected target for job does not
exist.
Error - 22.08.2012 15:24:41 | Computer Name = stefan-TOSH | Source = BackItUp5 | ID = 3374
Description = Backup process failed.
Error - 23.08.2012 01:51:18 | Computer Name = stefan-TOSH | Source = BackItUp5 | ID = 6277
Description = Job execution failed because the selected target for job does not
exist.
Error - 23.08.2012 01:51:18 | Computer Name = stefan-TOSH | Source = BackItUp5 | ID = 3374
Description = Backup process failed.
Error - 23.08.2012 11:24:44 | Computer Name = stefan-TOSH | Source = BackItUp5 | ID = 6277
Description = Job execution failed because the selected target for job does not
exist.
Error - 23.08.2012 11:24:44 | Computer Name = stefan-TOSH | Source = BackItUp5 | ID = 3374
Description = Backup process failed.
Error - 23.08.2012 13:46:02 | Computer Name = stefan-TOSH | Source = BackItUp5 | ID = 6277
Description = Job execution failed because the selected target for job does not
exist.
Error - 23.08.2012 13:46:02 | Computer Name = stefan-TOSH | Source = BackItUp5 | ID = 3374
Description = Backup process failed.
Error - 23.08.2012 15:24:42 | Computer Name = stefan-TOSH | Source = BackItUp5 | ID = 6277
Description = Job execution failed because the selected target for job does not
exist.
Error - 23.08.2012 15:24:42 | Computer Name = stefan-TOSH | Source = BackItUp5 | ID = 3374
Description = Backup process failed.
[ System Events ]
Error - 19.06.2012 14:33:08 | Computer Name = stefan-TOSH | Source = bowser | ID = 8003
Description =
Error - 30.06.2012 18:16:08 | Computer Name = stefan-TOSH | Source = DCOM | ID = 10010
Description =
Error - 12.07.2012 03:23:52 | Computer Name = stefan-TOSH | Source = DCOM | ID = 10010
Description =
Error - 12.07.2012 06:03:24 | Computer Name = stefan-TOSH | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 22.07.2012 03:36:50 | Computer Name = stefan-TOSH | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?20.?07.?2012 um 16:53:45 unerwartet heruntergefahren.
Error - 22.07.2012 03:37:06 | Computer Name = stefan-TOSH | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 22.07.2012 03:37:40 | Computer Name = stefan-TOSH | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Notebook Performance Tuning Service (TEMPRO) erreicht.
Error - 05.08.2012 04:43:49 | Computer Name = stefan-TOSH | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?04.?08.?2012 um 11:26:39 unerwartet heruntergefahren.
Error - 05.08.2012 04:44:04 | Computer Name = stefan-TOSH | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 05.08.2012 04:44:38 | Computer Name = stefan-TOSH | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Notebook Performance Tuning Service (TEMPRO) erreicht.
< End of report >
|
|
19.09.2012, 16:49
| #2 |
| /// Malware-holic   | chatzum und safe searcher von softonic hi
__________________otl.txt fehlt finger weg von softonic ! lade lieber vom hersteller direkt oder zb von chip.de
__________________ |
|
19.09.2012, 16:56
| #3 |
| | chatzum und safe searcher von softonic jepp, das mit softonic weiß ich mit verspätung jetzt auch. es war leider bei google zu verlockend platziert...
__________________otl.txt: OTL Logfile: Code:
ATTFilter OTL logfile created on: 19.09.2012 17:27:30 - Run 4 OTL by OldTimer - Version 3.2.63.0 Folder = C:\Users\stefan\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,80 Gb Total Physical Memory | 2,22 Gb Available Physical Memory | 58,35% Memory free 7,60 Gb Paging File | 5,90 Gb Available in Paging File | 77,73% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 293,75 Gb Total Space | 206,45 Gb Free Space | 70,28% Space Free | Partition Type: NTFS Computer Name: STEFAN-TOSH | User Name: stefan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.18 20:00:57 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\stefan\Desktop\OTL.exe PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.07.12 18:32:22 | 001,239,952 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe PRC - [2012.01.12 12:23:20 | 000,018,432 | ---- | M] () -- C:\Users\stefan\AppData\LocalLow\WOT\IE\WOTUpdater.exe PRC - [2011.10.21 11:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe PRC - [2010.07.04 19:13:56 | 000,095,576 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe PRC - [2010.05.05 07:20:00 | 001,604,200 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2010.03.09 01:23:22 | 001,086,760 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe PRC - [2010.03.03 14:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.03.03 14:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.02.22 13:23:50 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe PRC - [2010.01.15 14:08:38 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2009.12.25 15:21:16 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe PRC - [2009.07.28 20:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe PRC - [2009.07.21 11:43:44 | 000,701,752 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe PRC - [2009.03.10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe PRC - [2009.01.26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2009.10.21 09:30:36 | 000,531,520 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv) SRV:64bit: - [2009.07.28 14:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv) SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.09.06 03:25:06 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.12 18:32:22 | 001,239,952 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service) SRV - [2012.01.12 12:23:20 | 000,018,432 | ---- | M] () [Auto | Running] -- C:\Users\stefan\AppData\LocalLow\WOT\IE\WOTUpdater.exe -- (WOTUpdater) SRV - [2011.12.19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Stopped] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc) SRV - [2011.06.21 19:12:30 | 000,341,296 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2) SRV - [2010.05.11 09:40:52 | 000,124,368 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) SRV - [2010.05.05 07:20:00 | 001,604,200 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2010.04.06 14:53:14 | 000,258,928 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\Toshiba\TECO\TecoService.exe -- (TOSHIBA eco Utility Service) SRV - [2010.03.03 14:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.03.03 14:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.02.25 13:07:14 | 000,196,464 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2010.02.23 17:57:42 | 000,835,952 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Programme\Toshiba\TPHM\TPCHSrv.exe -- (TPCHSrv) SRV - [2010.02.05 17:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Programme\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service) SRV - [2010.01.28 16:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService) SRV - [2010.01.15 14:08:38 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009.11.05 22:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV - [2009.10.06 09:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo) SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.03.10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.12.19 12:44:24 | 000,060,536 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips) DRV:64bit: - [2011.11.29 06:59:46 | 000,074,872 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs) DRV:64bit: - [2011.10.26 14:23:36 | 000,057,976 | ---- | M] (GFI Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\sbredrv.sys -- (SBRE) DRV:64bit: - [2011.08.01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011.07.28 19:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) DRV:64bit: - [2010.10.01 07:15:22 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2010.07.15 09:44:20 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv) DRV:64bit: - [2010.07.15 09:44:20 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv) DRV:64bit: - [2010.06.14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk) DRV:64bit: - [2010.05.18 16:02:48 | 000,164,464 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:64bit: - [2010.05.12 12:14:54 | 000,159,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm) DRV:64bit: - [2010.05.12 12:14:52 | 000,125,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) DRV:64bit: - [2010.05.12 12:14:52 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) DRV:64bit: - [2010.05.08 18:38:56 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64) DRV:64bit: - [2010.05.03 14:44:02 | 000,331,880 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.04.07 11:19:26 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010.04.07 11:19:26 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010.04.07 11:19:08 | 010,322,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010.03.10 18:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010.01.15 12:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.10.10 04:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2009.09.17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.07.30 21:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter) DRV:64bit: - [2009.07.30 19:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst) DRV:64bit: - [2009.07.14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ) DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:00:24 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpials.sys -- (acpials) DRV:64bit: - [2009.07.13 22:12:00 | 000,019,824 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec) DRV:64bit: - [2009.06.29 16:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm) DRV:64bit: - [2009.06.29 10:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv) DRV:64bit: - [2009.06.29 10:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir) DRV:64bit: - [2009.06.22 17:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect) DRV:64bit: - [2009.06.20 04:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.06.19 19:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.19 21:59:00 | 000,014,848 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecirhid.sys -- (enecirhid) DRV:64bit: - [2008.04.24 18:16:00 | 000,006,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecirhidma.sys -- (enecirhidma) DRV - [2011.10.26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE) DRV - [2010.07.15 09:44:20 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv) DRV - [2010.07.15 09:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv) DRV - [2010.06.14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{BAEA3748-400A-42B0-BE42-93DFE860EF04}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{9B353701-BE29-466F-A081-C6332A5573E6}: "URL" = hxxp://search.chatzum.com/?q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba.msn.com IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{65195299-6063-4F2D-89AC-4B98E12AED25}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2 IE - HKCU\..\SearchScopes\{9B353701-BE29-466F-A081-C6332A5573E6}: "URL" = hxxp://search.chatzum.com/?q={searchTerms} IE - HKCU\..\SearchScopes\{F16F3DA1-6596-4314-A4AC-B8ABC7703386}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: support@lastpass.com:2.0.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Eudora OSE 1.0\extensions\\Components: C:\Program Files (x86)\Eudora OSE\components [2011.07.08 19:05:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Eudora OSE 1.0\extensions\\Plugins: C:\Program Files (x86)\Eudora OSE\plugins [2011.07.08 19:24:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.18 22:19:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.09.20 13:31:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.07.08 19:05:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\stefan\AppData\Roaming\mozilla\Extensions [2011.07.08 19:05:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\stefan\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.09.18 23:07:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\stefan\AppData\Roaming\mozilla\Firefox\Profiles\qrkuslod.default\extensions [2012.09.18 22:27:24 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\stefan\AppData\Roaming\mozilla\Firefox\Profiles\qrkuslod.default\extensions\support@lastpass.com [2012.09.18 19:53:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\stefan\AppData\Roaming\mozilla\Firefox_alt\Profiles\8ekonxol.default\extensions [2012.07.29 19:23:05 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\stefan\AppData\Roaming\mozilla\Firefox_alt\Profiles\8ekonxol.default\extensions\support@lastpass.com [2012.04.18 16:43:53 | 000,000,000 | ---D | M] (WOT) -- C:\Users\stefan\AppData\Roaming\mozilla\Firefox_alt\Profiles\8ekonxol.default\extensions\wotstats@mywot.com [2012.09.18 23:07:18 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\stefan\AppData\Roaming\mozilla\firefox\profiles\qrkuslod.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.09.18 22:19:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012.09.06 03:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.09.06 04:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.06 04:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.09.06 04:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.09.06 04:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.06 04:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.06 04:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (WOT) - {9E571C81-21E7-496B-9E6B-127E60263022} - C:\Users\stefan\AppData\LocalLow\WOT\IE\WOT.dll (WOT Services Oy) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (ChatZum Toolbar) - {37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1} - C:\Program Files (x86)\ChatZum Toolbar\tbunsq1EF4.tmp\tbcore3.dll File not found O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (ChatZum Toolbar) - {37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1} - C:\Program Files (x86)\ChatZum Toolbar\tbunsq1EF4.tmp\tbcore3.dll File not found O4:64bit: - HKLM..\Run: [] File not found O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [HSON] C:\Programme\Toshiba\TBS\HSON.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Programme\Toshiba\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [SmoothView] C:\Programme\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [TosNC] C:\Programme\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Programme\Toshiba\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Programme\Toshiba\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Programme\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited) O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.) O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA) O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TRCMan] C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA) O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - Startup: C:\Users\stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9935A45-0E92-4724-AA91-4C92A548D3B3}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F2FFEA6A-B985-408D-8B5B-04832E8B3D5F}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\cdo - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.09.18 22:59:29 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll [2012.09.18 22:59:29 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec [2012.09.18 22:59:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll [2012.09.18 22:59:29 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll [2012.09.18 22:59:29 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieakeng.dll [2012.09.18 22:59:29 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll [2012.09.18 22:59:29 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\IEAdvpack.dll [2012.09.18 22:59:29 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll [2012.09.18 22:59:29 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SetIEInstalledDate.exe [2012.09.18 22:59:29 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tdc.ocx [2012.09.18 22:59:29 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmler.dll [2012.09.18 22:59:29 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe [2012.09.18 22:59:28 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dat [2012.09.18 22:59:28 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl [2012.09.18 22:59:28 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll [2012.09.18 22:59:28 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll [2012.09.18 22:59:28 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll [2012.09.18 22:59:28 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ie4uinit.exe [2012.09.18 22:59:28 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll [2012.09.18 22:59:27 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wextract.exe [2012.09.18 22:59:27 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iexpress.exe [2012.09.18 22:59:27 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inseng.dll [2012.09.18 22:59:27 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll [2012.09.18 22:59:27 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\icardie.dll [2012.09.18 22:59:27 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll [2012.09.18 22:59:26 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieaksie.dll [2012.09.18 22:59:26 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieakui.dll [2012.09.18 22:59:26 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe [2012.09.18 22:59:26 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\occache.dll [2012.09.18 22:59:26 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\admparse.dll [2012.09.18 22:59:26 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\pngfilt.dll [2012.09.18 22:59:25 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msls31.dll [2012.09.18 22:59:25 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll [2012.09.18 22:59:24 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll [2012.09.18 22:59:24 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll [2012.09.18 22:59:24 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieaksie.dll [2012.09.18 22:59:24 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe [2012.09.18 22:59:24 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieakui.dll [2012.09.18 22:59:24 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieakeng.dll [2012.09.18 22:59:24 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\occache.dll [2012.09.18 22:59:24 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll [2012.09.18 22:59:24 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\IEAdvpack.dll [2012.09.18 22:59:24 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\admparse.dll [2012.09.18 22:59:24 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SetIEInstalledDate.exe [2012.09.18 22:59:24 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\pngfilt.dll [2012.09.18 22:59:24 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\imgutil.dll [2012.09.18 22:59:24 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshta.exe [2012.09.18 22:59:24 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe [2012.09.18 22:59:23 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll [2012.09.18 22:59:23 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll [2012.09.18 22:59:23 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tdc.ocx [2012.09.18 22:59:23 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmler.dll [2012.09.18 22:59:22 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dat [2012.09.18 22:59:22 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll [2012.09.18 22:59:22 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll [2012.09.18 22:59:22 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\html.iec [2012.09.18 22:59:22 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll [2012.09.18 22:59:22 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll [2012.09.18 22:59:22 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe [2012.09.18 22:59:22 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll [2012.09.18 22:59:22 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\icardie.dll [2012.09.18 22:59:22 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll [2012.09.18 22:59:21 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl [2012.09.18 22:59:21 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll [2012.09.18 22:59:21 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll [2012.09.18 22:59:21 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iexpress.exe [2012.09.18 22:59:21 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wextract.exe [2012.09.18 22:59:21 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inseng.dll [2012.09.18 22:59:21 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll [2012.09.18 22:59:21 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll [2012.09.18 22:57:43 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WMVDECOD.DLL [2012.09.18 22:57:43 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WMVDECOD.DLL [2012.09.18 22:57:43 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dxgmms1.sys [2012.09.18 22:57:43 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cdd.dll [2012.09.18 22:57:42 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mf.dll [2012.09.18 22:57:42 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mf.dll [2012.09.18 22:57:42 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ExplorerFrame.dll [2012.09.18 22:57:42 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ExplorerFrame.dll [2012.09.18 22:57:42 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsPrint.dll [2012.09.18 22:57:42 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsGdiConverter.dll [2012.09.18 22:57:42 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsPrint.dll [2012.09.18 22:57:42 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsGdiConverter.dll [2012.09.18 22:57:42 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfreadwrite.dll [2012.09.18 22:57:42 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsRasterService.dll [2012.09.18 22:57:42 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfps.dll [2012.09.18 22:57:42 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfreadwrite.dll [2012.09.18 22:57:42 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsRasterService.dll [2012.09.18 22:28:15 | 000,000,000 | ---D | C] -- C:\Users\stefan\AppData\Local\Macromedia [2012.09.18 22:26:29 | 000,696,240 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2012.09.18 22:26:27 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Macromed [2012.09.18 22:19:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012.09.18 22:19:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.09.18 21:36:18 | 000,000,000 | ---D | C] -- C:\Users\stefan\AppData\Roaming\Malwarebytes [2012.09.18 21:23:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.09.18 21:23:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.18 21:23:18 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2012.09.18 21:23:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.09.18 21:08:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2012.09.18 21:08:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.09.18 21:08:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2012.09.18 20:12:49 | 000,000,000 | ---D | C] -- C:\_OTL [2012.09.18 20:00:55 | 000,600,576 | ---- | C] (OldTimer Tools) -- C:\Users\stefan\Desktop\OTL.exe [2012.09.18 19:58:56 | 000,000,000 | ---D | C] -- C:\Users\stefan\AppData\Local\adaware [2012.09.18 19:58:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection [2012.09.18 19:58:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus [2012.09.18 19:58:15 | 000,060,536 | ---- | C] (GFI Software) -- C:\windows\SysNative\drivers\sbhips.sys [2012.09.18 19:58:14 | 000,057,976 | ---- | C] (GFI Software) -- C:\windows\SysNative\drivers\sbredrv.sys [2012.09.18 19:58:14 | 000,045,936 | ---- | C] (GFI Software) -- C:\windows\SysNative\sbbd.exe [2012.09.18 19:58:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2012.09.18 19:58:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus [2012.09.18 19:54:17 | 000,000,000 | ---D | C] -- C:\Users\stefan\AppData\Roaming\Ad-Aware Antivirus [2012.09.18 15:36:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PrtScr [2012.09.17 20:47:32 | 000,000,000 | ---D | C] -- C:\Users\stefan\AppData\Local\www.rene-zeidler.de [2012.09.17 20:47:27 | 000,000,000 | ---D | C] -- C:\Users\stefan\AppData\Roaming\www.rene-zeidler.de [2012.09.17 20:47:27 | 000,000,000 | ---D | C] -- C:\ProgramData\www.rene-zeidler.de [2012.09.11 21:15:02 | 000,000,000 | ---D | C] -- C:\Users\stefan\AppData\Roaming\allTunes [2012.09.11 15:19:54 | 000,000,000 | ---D | C] -- C:\Users\stefan\AppData\Roaming\Audacity [2012.09.11 15:19:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity [2012.09.09 21:53:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.09.09 21:52:58 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\npDeployJava1.dll [2012.09.09 21:52:58 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe [2012.09.09 21:52:47 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll [2012.08.30 08:22:05 | 000,000,000 | ---D | C] -- C:\Users\stefan\Desktop\Stefan - FC Zell [2012.08.26 20:02:08 | 000,000,000 | ---D | C] -- C:\Users\stefan\Desktop\iltis ========== Files - Modified Within 30 Days ========== [2012.09.19 16:58:32 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012.09.19 08:14:53 | 000,000,000 | ---- | M] () -- C:\Users\stefan\defogger_reenable [2012.09.18 23:13:37 | 3059,748,864 | -HS- | M] () -- C:\hiberfil.sys [2012.09.18 22:59:29 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll [2012.09.18 22:59:29 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec [2012.09.18 22:59:29 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll [2012.09.18 22:59:29 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll [2012.09.18 22:59:29 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieakeng.dll [2012.09.18 22:59:29 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll [2012.09.18 22:59:29 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\IEAdvpack.dll [2012.09.18 22:59:29 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll [2012.09.18 22:59:29 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\SetIEInstalledDate.exe [2012.09.18 22:59:29 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\tdc.ocx [2012.09.18 22:59:29 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmler.dll [2012.09.18 22:59:29 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe [2012.09.18 22:59:28 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dat [2012.09.18 22:59:28 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl [2012.09.18 22:59:28 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll [2012.09.18 22:59:28 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll [2012.09.18 22:59:28 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll [2012.09.18 22:59:28 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ie4uinit.exe [2012.09.18 22:59:28 | 000,072,822 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf [2012.09.18 22:59:28 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll [2012.09.18 22:59:27 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\wextract.exe [2012.09.18 22:59:27 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iexpress.exe [2012.09.18 22:59:27 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inseng.dll [2012.09.18 22:59:27 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll [2012.09.18 22:59:27 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\icardie.dll [2012.09.18 22:59:27 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll [2012.09.18 22:59:26 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieaksie.dll [2012.09.18 22:59:26 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieakui.dll [2012.09.18 22:59:26 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe [2012.09.18 22:59:26 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\occache.dll [2012.09.18 22:59:26 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\admparse.dll [2012.09.18 22:59:26 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\pngfilt.dll [2012.09.18 22:59:25 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msls31.dll [2012.09.18 22:59:25 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll [2012.09.18 22:59:24 | 002,312,704 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll [2012.09.18 22:59:24 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll [2012.09.18 22:59:24 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieaksie.dll [2012.09.18 22:59:24 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe [2012.09.18 22:59:24 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieakui.dll [2012.09.18 22:59:24 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieakeng.dll [2012.09.18 22:59:24 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\occache.dll [2012.09.18 22:59:24 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll [2012.09.18 22:59:24 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\IEAdvpack.dll [2012.09.18 22:59:24 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\admparse.dll [2012.09.18 22:59:24 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\SetIEInstalledDate.exe [2012.09.18 22:59:24 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\pngfilt.dll [2012.09.18 22:59:24 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\imgutil.dll [2012.09.18 22:59:24 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshta.exe [2012.09.18 22:59:24 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe [2012.09.18 22:59:23 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\html.iec [2012.09.18 22:59:23 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll [2012.09.18 22:59:23 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll [2012.09.18 22:59:23 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\tdc.ocx [2012.09.18 22:59:23 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmler.dll [2012.09.18 22:59:22 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dat [2012.09.18 22:59:22 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll [2012.09.18 22:59:22 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll [2012.09.18 22:59:22 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll [2012.09.18 22:59:22 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\url.dll [2012.09.18 22:59:22 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe [2012.09.18 22:59:22 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll [2012.09.18 22:59:22 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\icardie.dll [2012.09.18 22:59:22 | 000,072,822 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf [2012.09.18 22:59:22 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll [2012.09.18 22:59:21 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl [2012.09.18 22:59:21 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll [2012.09.18 22:59:21 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll [2012.09.18 22:59:21 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iexpress.exe [2012.09.18 22:59:21 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wextract.exe [2012.09.18 22:59:21 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inseng.dll [2012.09.18 22:59:21 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll [2012.09.18 22:59:21 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll [2012.09.18 22:57:43 | 001,888,256 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\WMVDECOD.DLL [2012.09.18 22:57:43 | 001,619,456 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\WMVDECOD.DLL [2012.09.18 22:57:43 | 000,265,088 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dxgmms1.sys [2012.09.18 22:57:43 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\cdd.dll [2012.09.18 22:57:42 | 004,068,864 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mf.dll [2012.09.18 22:57:42 | 003,181,568 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mf.dll [2012.09.18 22:57:42 | 001,863,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ExplorerFrame.dll [2012.09.18 22:57:42 | 001,495,040 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ExplorerFrame.dll [2012.09.18 22:57:42 | 000,662,528 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\XpsPrint.dll [2012.09.18 22:57:42 | 000,470,016 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\XpsGdiConverter.dll [2012.09.18 22:57:42 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\XpsPrint.dll [2012.09.18 22:57:42 | 000,283,648 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\XpsGdiConverter.dll [2012.09.18 22:57:42 | 000,257,024 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mfreadwrite.dll [2012.09.18 22:57:42 | 000,229,888 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\XpsRasterService.dll [2012.09.18 22:57:42 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mfps.dll [2012.09.18 22:57:42 | 000,196,608 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mfreadwrite.dll [2012.09.18 22:57:42 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\XpsRasterService.dll [2012.09.18 22:26:29 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2012.09.18 22:26:29 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl [2012.09.18 22:19:06 | 000,001,141 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.09.18 22:07:22 | 000,016,080 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.18 22:07:22 | 000,016,080 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.18 20:00:57 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\stefan\Desktop\OTL.exe [2012.09.18 16:34:07 | 001,472,002 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012.09.18 16:34:07 | 000,643,866 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2012.09.18 16:34:07 | 000,607,190 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012.09.18 16:34:07 | 000,126,394 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2012.09.18 16:34:07 | 000,103,568 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012.09.17 22:08:48 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012.09.17 19:36:19 | 000,000,432 | ---- | M] () -- C:\windows\BRWMARK.INI [2012.09.09 21:52:37 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll [2012.09.09 21:52:35 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\npDeployJava1.dll [2012.09.09 21:52:35 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\deployJava1.dll [2012.09.09 21:52:35 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe [2012.09.09 21:52:35 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe [2012.09.09 21:52:35 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\java.exe [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2012.08.31 17:35:15 | 000,065,643 | ---- | M] () -- C:\Users\stefan\Desktop\NEWS_MESSAGE_783_1346427302190071000.pdf ========== Files Created - No Company Name ========== [2012.09.19 08:14:53 | 000,000,000 | ---- | C] () -- C:\Users\stefan\defogger_reenable [2012.09.18 22:59:28 | 000,072,822 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf [2012.09.18 22:59:22 | 000,072,822 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf [2012.09.18 22:19:06 | 000,001,153 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.09.18 22:19:06 | 000,001,141 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.09.17 22:08:48 | 000,002,025 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012.09.11 15:19:38 | 000,001,030 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk [2012.08.31 17:35:13 | 000,065,643 | ---- | C] () -- C:\Users\stefan\Desktop\NEWS_MESSAGE_783_1346427302190071000.pdf [2012.01.08 22:13:29 | 000,015,428 | ---- | C] () -- C:\Users\stefan\RefEdit.exd [2011.08.21 16:43:09 | 000,021,970 | ---- | C] () -- C:\Users\stefan\geburtsurkunde_frederik.psd [2011.07.17 10:33:18 | 001,500,444 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2011.07.16 18:07:52 | 000,000,432 | ---- | C] () -- C:\windows\BRWMARK.INI [2011.07.16 18:07:52 | 000,000,034 | ---- | C] () -- C:\windows\SysWow64\BD7025.DAT [2011.03.13 19:06:11 | 002,336,384 | ---- | C] () -- C:\windows\SysWow64\BootMan.exe [2011.03.13 19:06:11 | 000,086,408 | ---- | C] () -- C:\windows\SysWow64\setupempdrv03.exe [2011.03.13 19:06:11 | 000,014,848 | ---- | C] () -- C:\windows\SysWow64\EuEpmGdi.dll [2011.03.13 19:06:11 | 000,014,216 | ---- | C] () -- C:\windows\SysWow64\epmntdrv.sys [2011.03.13 19:06:11 | 000,008,456 | ---- | C] () -- C:\windows\SysWow64\EuGdiDrv.sys [2011.03.12 16:07:41 | 000,210,944 | ---- | C] () -- C:\windows\SysWow64\Msvcrt10.dll [2011.03.10 19:31:23 | 000,016,384 | ---- | C] () -- C:\windows\SysWow64\FileOps.exe [2011.03.10 19:22:54 | 000,000,400 | ---- | C] () -- C:\windows\ODBC.INI [2010.10.01 07:43:12 | 000,001,959 | ---- | C] () -- C:\Users\stefan\Manual.lnk [2010.10.01 07:30:26 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini ========== LOP Check ========== [2012.09.18 20:37:29 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Ad-Aware Antivirus [2012.09.11 21:15:02 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\allTunes [2011.07.11 19:17:52 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Amazon [2012.09.17 17:15:27 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Audacity [2012.05.13 10:44:05 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012.03.25 17:19:58 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012.04.16 20:57:35 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Downloaded Installations [2011.08.18 20:16:34 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\FRITZ! [2011.08.18 20:10:35 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\FRITZ!fax für FRITZ!Box [2012.08.11 23:49:49 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\IrfanView [2012.07.13 10:14:51 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Nitro PDF [2011.07.08 19:30:12 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Qualcomm [2011.07.11 19:37:47 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Samsung [2011.07.17 10:59:42 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\SoftGrid Client [2011.07.08 19:05:50 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Thunderbird [2011.03.09 18:05:11 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Toshiba [2011.07.17 10:34:13 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\TP [2011.03.09 17:59:36 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\WinBatch [2012.09.17 20:47:27 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\www.rene-zeidler.de [2009.07.14 07:08:49 | 000,023,562 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > |
|
20.09.2012, 15:16
| #4 |
| /// Malware-holic | chatzum und safe searcher von softonic öffne malwarebytes, berichte, poste logs mit funden. lade den CCleaner standard: CCleaner Download - CCleaner 3.22.1800 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu chatzum und safe searcher von softonic |
| ad-aware, audacity, chatzum, downloader, error, excel, failed, firefox, flash player, home, homepage, iexplore.exe, install.exe, internet, internet explorer, logfile, mozilla, realtek, registry, remote control, safe searcher, scan, security, server, siteadvisor, softonic, software, svchost.exe, usb, windows |
Linear-Darstellung
