| |
| |||||||
Log-Analyse und Auswertung: Trojan.Maljava - InfektionWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
15.11.2012, 17:45
| #1 |
 |  Trojan.Maljava - Infektion Guten Tag, Vor kurzem hat mein Virenscanner (Norton 360) zwei mal den Trojaner Trojan.Maljava nach einem vollständingen Scan gefunden. Norton hat anschließend den/die Trojaner in Quarantäne gesteckt. Wenn man dann auf die Details klickt, steht dort, dass die Dateien gelöscht wurden. Ich bin mir jedoch nicht sicher, ob jetzt auch wirklich alles sauber ist, da mir so etwas vor einigen Jahren auch passierte, aber der PC immernoch infiziert zu sein schien. Deshalb wäre ich Ihnen sehr dankbar, wenn Sie vielleicht mal ein Auge auf die Loggs werfen könnten. Ich würde gerne meine Passwörter ändern, ohne ein erneutes Risiko einzugehen. ^^ Hier die Loggs: Malwaryebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.15.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 *** :: TOSH123 [Administrator] 15.11.2012 17:12:51 mbam-log-2012-11-15 (17-12-51).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 270393 Laufzeit: 3 Minute(n), 16 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Falls Sie weitere Informationen benötigen, würde ich sie Ihnen gerne zur Verfügung stellen. Gruß Edit: Hab einen kleinen Fehler beim OTL-Log gemacht und muss es deshalb nochmal scannen. Die Ergebnisse folgen. Da ich den Post nicht mehr editieren kann, hier die anderen beiden Loggs: OTL.Txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 15.11.2012 18:50:48 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 6,00 Gb Total Physical Memory | 3,38 Gb Available Physical Memory | 56,39% Memory free 11,99 Gb Paging File | 9,11 Gb Available in Paging File | 75,98% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 232,73 Gb Total Space | 118,07 Gb Free Space | 50,73% Space Free | Partition Type: NTFS Drive D: | 232,64 Gb Total Space | 182,58 Gb Free Space | 78,48% Space Free | Partition Type: NTFS Computer Name: TOSH123 | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer USA Ltd) PRC - C:\Users\***\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) PRC - C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () PRC - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe (Symantec Corporation) PRC - C:\Programme\Plantronics\GameCom780\GameCom780.exe () PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG) PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION) PRC - c:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\RocketDock\RocketDock.exe () ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\4f6f91ae9ca4f02c6a2083e617272935\UIAutomationProvider.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\083743887fa1ba3dfd4f0eb24ece8f4a\System.Runtime.DurableInstancing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\6c7220ad98939122378c63ae47b8dc79\SMDiagnostics.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\d132fe6c8f229528089a5084824567a9\System.Runtime.Serialization.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\8a8079623eab0ba9e106436885a0281d\System.Xml.Linq.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\ecc3a90b9f37eef16697078780e54544\Accessibility.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\33a04e96b79ad7d5f9f73990d78cc6d7\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () MOD - C:\Programme\Plantronics\GameCom780\VMixPLGC.dll () MOD - C:\Programme\Plantronics\GameCom780\GameCom780.exe () MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll () MOD - C:\Program Files (x86)\RocketDock\RocketDock.exe () MOD - C:\Program Files (x86)\RocketDock\RocketDock.dll () ========== Services (SafeList) ========== SRV:64bit: - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc File not found SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (MSMQTriggers) -- C:\Windows\SysNative\mqtgsvc.exe (Microsoft Corporation) SRV:64bit: - (IISADMIN) -- C:\Windows\SysNative\inetsrv\inetinfo.exe (Microsoft Corporation) SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation) SRV:64bit: - (MSMQ) -- C:\Windows\SysNative\mqsvc.exe (Microsoft Corporation) SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll () SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (N360) -- C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe (Symantec Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation) SRV - (TosCoSrv) -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (GameConsoleService) -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.) SRV - (TemproMonitoringService) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH) SRV - (NAUpdate) -- c:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (TOSHIBA eco Utility Service) -- C:\Programme\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation) SRV - (TPCHSrv) -- C:\Programme\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation) SRV - (TOSHIBA HDD SSD Alert Service) -- C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION) SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) ========== Driver Services (SafeList) ========== DRV:64bit: - (rzudd) -- C:\Windows\SysNative\drivers\rzudd.sys (Razer USA Ltd) DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\N360x64\0604000.009\srtspx64.sys (Symantec Corporation) DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\0604000.009\srtsp64.sys (Symantec Corporation) DRV:64bit: - (ccSet_N360) -- C:\Windows\SysNative\drivers\N360x64\0604000.009\ccsetx64.sys (Symantec Corporation) DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\0604000.009\symefa64.sys (Symantec Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\N360x64\0604000.009\symnets.sys (Symantec Corporation) DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\0604000.009\ironx64.sys (Symantec Corporation) DRV:64bit: - (MotioninJoyXFilter) -- C:\Windows\SysNative\drivers\MijXfilt.sys (MotioninJoy) DRV:64bit: - (PlantronicsGC) -- C:\Windows\SysNative\drivers\PLTGC.sys (C-Media Electronics Inc) DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\0604000.009\symds64.sys (Symantec Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (RMCAST) -- C:\Windows\SysNative\drivers\rmcast.sys (Microsoft Corporation) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (rtl8192se) -- C:\Windows\SysNative\drivers\rtl8192se.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (RzSynapse) -- C:\Windows\SysNative\drivers\RzSynapse.sys (Razer USA Ltd) DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (CnxtHdmiAudService) -- C:\Windows\SysNative\drivers\CHDMI64.sys (Conexant Systems Inc.) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.) DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (MQAC) -- C:\Windows\SysNative\drivers\mqac.sys (Microsoft Corporation) DRV:64bit: - (FwLnk) -- C:\Windows\SysNative\drivers\FwLnk.sys (TOSHIBA Corporation) DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation) DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV:64bit: - (VCSVADHWSer) -- C:\Windows\SysNative\drivers\vcsvad.sys (Avnex) DRV:64bit: - (scramby_out) -- C:\Windows\SysNative\drivers\scramby_out.sys (RapidSolution Software AG) DRV:64bit: - (scramby) -- C:\Windows\SysNative\drivers\scramby.sys (RapidSolution Software AG) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20121114.008\ex64.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20121114.008\eng64.sys (Symantec Corporation) DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20121106.001\BHDrvx64.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20121114.001\IDSviA64.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (AODDriver4.1) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices) DRV - (AODDriver4.0) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices) DRV - (Null) -- C:\Windows\SysWow64\NULL () DRV - (speedfan) -- SysWOW64\speedfan.sys (Almico Software) DRV - (WinRing0_1_2_0) -- C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys (OpenLibSys.org) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {16AC41CA-2216-4DF7-90A9-F9A9552CACB7} IE:64bit: - HKLM\..\SearchScopes\{16AC41CA-2216-4DF7-90A9-F9A9552CACB7}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {B35AF1AD-D413-4B59-91A0-D786D8A69E4A} IE - HKLM\..\SearchScopes\{B35AF1AD-D413-4B59-91A0-D786D8A69E4A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage IE - HKU\S-1-5-21-3823257520-3918744310-912333811-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com IE - HKU\S-1-5-21-3823257520-3918744310-912333811-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com/?l=dis&o=102875&gct=hp IE - HKU\S-1-5-21-3823257520-3918744310-912333811-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-3823257520-3918744310-912333811-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll (McAfee, Inc.) IE - HKU\S-1-5-21-3823257520-3918744310-912333811-1000\..\SearchScopes,DefaultScope = {B35AF1AD-D413-4B59-91A0-D786D8A69E4A} IE - HKU\S-1-5-21-3823257520-3918744310-912333811-1000\..\SearchScopes\{3837B8AE-2BC7-4673-BC8E-40FECC1AE8F9}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2 IE - HKU\S-1-5-21-3823257520-3918744310-912333811-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-3823257520-3918744310-912333811-1000\..\SearchScopes\{9AB4D5C1-8229-45BD-BD24-EE406E97D5F1}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=HIP&o=102875&src=kw&q={searchTerms}&locale=&apn_ptnrs=6F&apn_dtid=YYYYYYYYDE&apn_uid=e033a78d-3767-44b7-9254-7fa687202a51&apn_sauid=BC10926E-E19B-4ED4-A8C7-C088817E9A0E IE - HKU\S-1-5-21-3823257520-3918744310-912333811-1000\..\SearchScopes\{E9E0C626-18F1-4810-8FA7-78EAD1605D37}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms} IE - HKU\S-1-5-21-3823257520-3918744310-912333811-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3823257520-3918744310-912333811-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:11.1.1.5 - 3 FF - prefs.js..extensions.enabledAddons: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2012.5.7.2 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.3&q=" FF - prefs.js..network.proxy.gopher: "" FF - prefs.js..network.proxy.gopher_port: 0 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011.05.20 18:54:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPlgn\ [2012.09.17 22:32:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\ [2012.11.15 09:42:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.27 21:09:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.27 21:09:39 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.05.21 06:13:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.10.23 19:37:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\rfastspu.default\extensions [2012.09.23 22:49:24 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\rfastspu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.06.19 01:04:14 | 000,002,402 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\rfastspu.default\searchplugins\askcom.xml [2012.11.11 20:36:33 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\rfastspu.default\searchplugins\icqplugin-1.xml [2012.03.17 18:34:53 | 000,001,056 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\rfastspu.default\searchplugins\icqplugin.xml [2012.10.27 21:09:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.11.15 09:42:51 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\COFFPLGN [2012.09.17 22:32:00 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPLGN [2012.10.27 21:09:39 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.02.16 14:24:45 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.07 18:37:55 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.16 14:24:45 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.16 14:24:45 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.16 14:24:45 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.16 14:24:45 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.com CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll CHR - plugin: Norton Confidential (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\npcoplgn.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - Extension: Norton Identity Protection = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~2\mcafee\sitead~1\mcieplg.dll (McAfee, Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.) O4:64bit: - HKLM..\Run: [GamecomSound] C:\Programme\Plantronics\GameCom780\GameCom780.exe () O4:64bit: - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [MsmqIntCert] C:\Windows\SysNative\mqrt.dll (Microsoft Corporation) O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe () O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [TosNC] C:\Programme\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Programme\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Programme\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Programme\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe File not found O4 - HKLM..\Run: [NBAgent] c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [Razer Synapse] C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer USA Ltd) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) O4 - HKU\.DEFAULT..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA) O4 - HKU\S-1-5-18..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3823257520-3918744310-912333811-1000..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe File not found O4 - HKU\S-1-5-21-3823257520-3918744310-912333811-1000..\Run: [Akamai NetSession Interface] C:\Users\***\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKU\S-1-5-21-3823257520-3918744310-912333811-1000..\Run: [PlayNC Launcher] File not found O4 - HKU\S-1-5-21-3823257520-3918744310-912333811-1000..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe () O4 - HKU\S-1-5-21-3823257520-3918744310-912333811-1000..\Run: [Spotify Web Helper] C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () O4 - HKU\S-1-5-21-3823257520-3918744310-912333811-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - HKU\S-1-5-21-3823257520-3918744310-912333811-1000..\Run: [Vidalia] "C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe" File not found O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\.DEFAULT..\RunOnce: [] File not found O4 - HKU\S-1-5-18..\RunOnce: [] File not found O4 - HKU\S-1-5-19..\RunOnce: [] File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [] File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0 O7 - HKU\S-1-5-21-3823257520-3918744310-912333811-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-21-3823257520-3918744310-912333811-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{459AF30A-A07C-46E6-8C65-47F88C88AD10}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{963CF84D-9ECD-4382-A868-0DDE606D042D}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{963CF84D-9ECD-4382-A868-0DDE606D042D}: NameServer = 8.8.8.8,8.8.4.4 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~2\mcafee\sitead~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~2\mcafee\sitead~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\SysWOW64\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-3823257520-3918744310-912333811-1000 Winlogon: Shell - (expstart.exe) - expstart.exe () O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{635ee9fc-2715-11e0-a451-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{635ee9fc-2715-11e0-a451-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.15 17:07:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.15 17:07:30 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.11.15 17:07:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.11.15 16:31:55 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012.11.15 16:31:55 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012.11.15 16:31:55 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012.11.07 18:41:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer [2012.11.07 18:41:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Razer [2012.11.06 16:47:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Razer [2012.11.03 02:09:19 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump [2012.11.03 01:42:34 | 000,203,104 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys [2012.11.03 01:42:34 | 000,102,368 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys [2012.11.02 22:25:53 | 000,000,000 | ---D | C] -- C:\Temp [2012.10.29 03:19:02 | 000,148,480 | ---- | C] (Razer USA Ltd) -- C:\Windows\SysWow64\rztouchdll.dll [2012.10.29 03:18:58 | 000,617,472 | ---- | C] (Razer USA Ltd) -- C:\Windows\SysWow64\rzdevicedll.dll [2012.10.29 03:18:56 | 000,165,888 | ---- | C] (Razer USA Ltd) -- C:\Windows\SysWow64\rzaudiodll.dll [2012.10.29 00:15:19 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log [2012.10.29 00:15:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Samsung [2012.10.29 00:15:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Samsung [2012.10.29 00:14:56 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\samsung [2012.10.28 22:51:32 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll [2012.10.28 22:50:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung [2012.10.28 22:50:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung [2012.10.28 12:03:03 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Info [2012.10.27 21:09:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.10.27 18:42:21 | 000,000,000 | ---D | C] -- C:\Users\***\4tune_-_Battlepaket_Teil_1 [2012.10.25 03:18:26 | 000,113,664 | ---- | C] (Razer USA Ltd) -- C:\Windows\SysNative\drivers\rzudd.sys [2012.10.23 20:37:32 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Mathe 2 [2012.10.23 20:37:26 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Mathe 1 [2012.10.22 17:15:19 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\My Curse [2012.10.22 17:15:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse [2012.10.21 18:59:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft [2012.10.20 02:04:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Audacity [2012.10.20 02:02:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.15 18:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.15 18:36:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.15 18:36:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.15 17:08:29 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.15 16:44:05 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.11.15 09:52:54 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.15 09:52:54 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.15 09:42:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.15 09:42:10 | 532,856,831 | -HS- | M] () -- C:\hiberfil.sys [2012.11.13 18:01:18 | 000,000,351 | ---- | M] () -- C:\Users\***\Documents\Hawk Diss.rtf [2012.11.08 18:41:24 | 000,000,498 | ---- | M] () -- C:\Users\***\Documents\2.0.rtf [2012.11.08 18:40:48 | 000,000,715 | ---- | M] () -- C:\Users\***\Documents\Zeilen.rtf [2012.11.07 18:45:45 | 000,324,768 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.11.07 18:33:40 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01005.Wdf [2012.11.06 16:58:36 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_rzudd_01009.Wdf [2012.11.06 05:40:40 | 001,802,966 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.06 05:40:40 | 000,772,710 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.06 05:40:40 | 000,715,058 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.06 05:40:40 | 000,174,802 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.06 05:40:40 | 000,142,440 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.05 20:46:25 | 000,000,484 | ---- | M] () -- C:\Users\***\Documents\Chillstep.rtf [2012.10.31 18:57:21 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012.10.31 00:22:28 | 000,000,625 | ---- | M] () -- C:\Users\***\Documents\wejoispg.rtf [2012.10.29 03:19:02 | 000,148,480 | ---- | M] (Razer USA Ltd) -- C:\Windows\SysWow64\rztouchdll.dll [2012.10.29 03:18:58 | 000,617,472 | ---- | M] (Razer USA Ltd) -- C:\Windows\SysWow64\rzdevicedll.dll [2012.10.29 03:18:56 | 000,165,888 | ---- | M] (Razer USA Ltd) -- C:\Windows\SysWow64\rzaudiodll.dll [2012.10.28 22:45:14 | 001,780,860 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.10.27 00:03:32 | 001,781,409 | ---- | M] () -- C:\Users\***\Documents\Double half face.png [2012.10.25 03:18:26 | 000,113,664 | ---- | M] (Razer USA Ltd) -- C:\Windows\SysNative\drivers\rzudd.sys [2012.10.21 02:29:24 | 000,000,601 | ---- | M] () -- C:\Users\***\Documents\Wörter 2.rtf [2012.10.21 02:29:16 | 000,000,194 | ---- | M] () -- C:\Users\***\Documents\Wörter.rtf [2012.10.20 02:02:41 | 000,001,014 | ---- | M] () -- C:\Users\***\Desktop\Audacity.lnk [2012.10.20 00:37:22 | 000,001,206 | ---- | M] () -- C:\Users\***\Text Raptext.rtf [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.15 17:07:32 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.15 16:44:05 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.11.13 18:01:18 | 000,000,351 | ---- | C] () -- C:\Users\***\Documents\Hawk Diss.rtf [2012.11.08 18:41:24 | 000,000,498 | ---- | C] () -- C:\Users\***\Documents\2.0.rtf [2012.11.08 18:40:48 | 000,000,715 | ---- | C] () -- C:\Users\***\Documents\Zeilen.rtf [2012.11.07 18:33:40 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01005.Wdf [2012.11.06 16:58:36 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_rzudd_01009.Wdf [2012.11.04 02:56:48 | 000,000,484 | ---- | C] () -- C:\Users\***\Documents\Chillstep.rtf [2012.10.31 18:57:21 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012.10.31 00:22:28 | 000,000,625 | ---- | C] () -- C:\Users\***\Documents\wejoispg.rtf [2012.10.27 00:03:31 | 001,781,409 | ---- | C] () -- C:\Users\***\Documents\Double half face.png [2012.10.21 02:29:24 | 000,000,601 | ---- | C] () -- C:\Users\***\Documents\Wörter 2.rtf [2012.10.21 02:29:16 | 000,000,194 | ---- | C] () -- C:\Users\***\Documents\Wörter.rtf [2012.10.20 02:02:40 | 000,001,014 | ---- | C] () -- C:\Users\***\Desktop\Audacity.lnk [2012.10.20 02:02:37 | 000,001,026 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk [2012.10.20 00:37:22 | 000,001,206 | ---- | C] () -- C:\Users\***\Text Raptext.rtf [2012.09.26 20:57:14 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.09.26 20:57:14 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.09.26 20:57:14 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.09.26 20:57:14 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.09.26 12:51:27 | 000,000,402 | ---- | C] () -- C:\Windows\PLTGC.ini.cfl [2012.09.26 12:51:09 | 000,003,489 | ---- | C] () -- C:\Windows\PLTGC.ini.cfg [2012.09.26 12:51:09 | 000,000,432 | ---- | C] () -- C:\Windows\PLTGC.ini.imi [2012.09.25 02:19:00 | 000,000,858 | ---- | C] () -- C:\Users\***\AppData\Local\recently-used.xbel [2012.07.25 20:15:29 | 000,925,184 | ---- | C] () -- C:\Windows\expstart.exe [2012.07.25 19:05:17 | 000,062,736 | R--- | C] () -- C:\Users\***\diablo_3.zip [2012.07.21 14:09:04 | 000,507,336 | ---- | C] () -- C:\Windows\SysWow64\setup.exe [2012.04.06 02:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.04.06 02:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.03.09 13:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011.12.17 13:25:16 | 001,780,860 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.10.26 20:49:49 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.09.29 20:27:43 | 000,000,447 | ---- | C] () -- C:\Windows\PLTGC.ini [2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.05.28 23:25:00 | 000,266,752 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.05.28 23:24:01 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.05.23 21:27:42 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.05.23 21:27:42 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2011.01.23 18:54:11 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2011.01.23 18:40:10 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe [2011.01.23 18:29:22 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011.05.29 15:47:15 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Teeworlds [2011.05.29 16:00:13 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Toshiba [2011.05.24 16:19:51 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\.# [2012.10.20 12:04:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity [2012.06.30 23:00:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Avnex [2012.07.05 14:15:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Downloaded Installations [2012.11.15 09:45:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox [2012.04.12 21:45:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2012.06.06 20:38:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla [2011.10.28 13:25:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FireShot [2012.06.19 01:03:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeHideIP [2012.06.01 13:14:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2012.03.02 15:03:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2012.07.25 17:00:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView [2011.12.27 19:39:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LolClient [2012.05.25 12:24:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LolClient2 [2011.05.29 18:26:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2012.09.03 21:04:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\RIFT [2012.11.03 23:58:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung [2012.07.06 16:05:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\six-updater [2012.07.06 16:04:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\six-zsync [2012.09.29 12:32:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Spotify [2011.05.21 10:10:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\T-Online [2012.07.12 19:09:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Teeworlds [2011.06.23 21:52:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tific [2012.08.14 19:15:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TIPP10 [2011.05.20 19:18:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Toshiba [2012.02.05 11:49:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client [2011.05.23 19:36:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinBatch [2011.07.03 15:14:15 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Teeworlds [2011.07.03 15:26:46 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Toshiba ========== Purity Check ========== < End of report > Extras.Txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 15.11.2012 18:50:48 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
6,00 Gb Total Physical Memory | 3,38 Gb Available Physical Memory | 56,39% Memory free
11,99 Gb Paging File | 9,11 Gb Available in Paging File | 75,98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,73 Gb Total Space | 118,07 Gb Free Space | 50,73% Space Free | Partition Type: NTFS
Drive D: | 232,64 Gb Total Space | 182,58 Gb Free Space | 78,48% Space Free | Partition Type: NTFS
Computer Name: TOSH123 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-3823257520-3918744310-912333811-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- C:\program files (x86)\t-online\t-online_software_6\browser\Browser.exe "%1" (Deutsche Telekom AG)
htmlfile [opennew] -- C:\program files (x86)\t-online\t-online_software_6\browser\Browser.exe "%1" (Deutsche Telekom AG)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- C:\program files (x86)\t-online\t-online_software_6\browser\Browser.exe "%1" (Deutsche Telekom AG)
htmlfile [opennew] -- C:\program files (x86)\t-online\t-online_software_6\browser\Browser.exe "%1" (Deutsche Telekom AG)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09FF1053-FAF6-487E-A700-4869C655644B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{118AEAD3-D813-4DCD-B16C-0EB6C6A190F8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1E08FFA4-E8F5-48D9-9B57-CC810E54E9EB}" = rport=137 | protocol=17 | dir=out | app=system |
"{2047E809-8BF7-49E4-B08B-2FCD8566386C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{21374643-E1B7-4BE9-92D0-CB7255FC6CE2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{27D87AA0-48AE-4AF9-A4B1-7011A2D11733}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{287279B2-B1A7-4332-9802-6159A833B7BF}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2900D95A-006A-4D05-B042-F74A6AB35304}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3734584A-1474-438E-990C-C819542F7B63}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{382AF8B4-EDA7-41C0-9BC8-4A8DA21175DE}" = lport=139 | protocol=6 | dir=in | app=system |
"{3A0DF544-F01D-42F0-8DF7-492B85976D25}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4B3EB1B5-3CBF-4EA8-A6C4-48ACAE52EA74}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4BA04662-0AB5-4D6A-8FCA-7F0F06D98225}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{50935B2E-D6ED-44F5-AA4B-E6C741CBA644}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5A3B1C42-A07F-474A-A9B5-69FA9C9A2497}" = lport=138 | protocol=17 | dir=in | app=system |
"{5D96D458-FB38-44AC-90FC-A10CA6FB9593}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{626AACA8-6138-4A0F-BDDF-A9A9B7E13A5C}" = rport=139 | protocol=6 | dir=out | app=system |
"{639913A6-8910-46F7-8FFD-039B92EC25D6}" = rport=445 | protocol=6 | dir=out | app=system |
"{6817D3C4-F149-44AA-94C4-CE938BFFCB7D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{84A854B5-86D1-462B-812D-A0C1D4EDBCA6}" = lport=445 | protocol=6 | dir=in | app=system |
"{89F6CD0C-7704-4F4F-B26F-C883FFBE3ECF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9F354B65-ED6A-4ED5-9C18-C06A83DAB9C1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9F992736-36BC-457C-9D2A-03209263EB3E}" = lport=137 | protocol=17 | dir=in | app=system |
"{A5B3BE83-43AE-4C2A-9CA1-FFCB12501B86}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AC75A1DD-9187-4F23-BCF9-A36F27D574F0}" = lport=6881 | protocol=6 | dir=in | name=blizzard downloader: 6881 |
"{AE57CCD1-D6FF-4D39-8EC5-D699853BBC41}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B0A492DE-2E32-45BC-91EF-F4779E79CD47}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B62B0212-70F1-4E04-9F0F-D8EC3AEEA7AD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C423930B-DA89-48A8-BDA4-BBEB56F99815}" = rport=138 | protocol=17 | dir=out | app=system |
"{CD649C2A-E97A-465D-8C21-FC699A19E3BB}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CE593701-4AD9-472D-9063-2C13315ECB42}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{D24239B0-DE81-4986-86D2-BDAD5659D5CE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D85495F2-8853-44EA-A9E8-A9FF82252CC8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DB4E409C-E2E2-46A7-8ED1-6DAA23138440}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0441D3FE-A8B6-48D4-A717-2C127FD7F05A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{060714DE-244F-4852-A837-6048B7AD3555}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{078FA9A9-8413-4B01-8E60-728F7FE05745}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{09CEAD91-5482-40B2-9095-14096D3B2D88}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{0A2432AE-CC45-4AE5-91F7-BA030EFFB176}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0BB205A3-4648-440E-B17B-AA63ED16D053}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\oddworld abes exoddus\exoddus.exe |
"{0BE0D12F-A459-40C0-8B0E-9F45A4DF5B2A}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{0C55E6D1-6416-4F06-A1CC-943933A7FC5C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
"{0CDB8C1F-9341-4EDB-8580-8DE22C7D0396}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0D389E43-4A07-4BF2-A37B-50E1145EA031}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0EFE0478-2830-4314-8CA3-07F12688EF3D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{169E524F-68D3-43ED-AAB5-5B86F325ACC4}" = protocol=6 | dir=out | app=system |
"{197EFC26-C4AD-4B1D-B00A-E90F2A70BD56}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{20310882-67E5-446D-A499-F3EF1BF7D775}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{210EF0E0-630D-4522-B435-7B9B2B4F74D8}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{22728355-91A3-45B1-9DA9-7C7FA7F111A2}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2 demo\bin32\crysis2launcher.exe |
"{2BC2FB64-BF1A-4DF4-8C70-5A2D5B846748}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis sp demo\bin32\crysis.exe |
"{357D51F0-BC95-4DC8-B22C-A6432B388D08}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{370522EF-5A0C-4ADE-92EC-5A7BB4154A10}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{39401F21-56CC-4B83-9A84-CE23096B70AB}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{3D9044C4-6082-4D22-AE35-D6B24D8F153B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{3DD96AA9-5EBE-4648-B5BB-BF551F4B0CF3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\oddworld abes oddysee\abewin.exe |
"{3E0E3B7D-EA84-42FD-82C9-E9F004C7977A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3F3147B1-7C8A-41BD-AC4E-B698C9FB5ABD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{41E73F6A-B9C8-4E00-B0D1-4DB16155D061}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"{4280680D-5D9F-458C-A65D-900397F8A42A}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age 2\dragonage2launcher.exe |
"{43BA76AC-5D84-42FE-A670-CB8795CC361C}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2 demo\bin32\crysis2launcher.exe |
"{44BFA79C-BF4D-441F-ADE9-DA54E9243636}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{45F91E21-DFBD-400C-A53F-2A76C6963E5D}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{4B50E700-2FD7-4585-B058-C9EC0CFEC656}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age 2\bin_ship\dragonage2.exe |
"{50F0B485-93EE-42DA-BDB2-2DDE401A368F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{50FA4C5A-6588-42C3-BA17-54C16885F057}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{57126AF8-65EB-40EA-A2C2-1453F23F51A5}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis sp demo\bin32\crysis.exe |
"{5B4A919C-D10F-4B42-9266-3A23204963F9}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{5F10234C-8FBA-4D04-B27D-41490AD94AB8}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age 2\dragonage2launcher.exe |
"{6463A93E-EAD2-4552-A681-3054FC58683C}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{684624C8-2A3F-48BE-9D44-FA5E11A7AC99}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{72C15B4C-EB7F-4845-914A-7F3B55220099}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{78BF2E36-3655-4ED6-89C9-CF03FBE6849C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{85DA6223-22AA-4AFA-89F4-5F43C5F2BA45}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{876E217A-44A9-40C4-AF18-E8E6FFD4C7B3}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{8A2A3E9A-AF26-4F71-85D1-DE8B6E3ABC00}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"{8B414A8A-78AA-4212-9D11-22F5C09ED962}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{9088D857-C848-4650-88CE-5F1047AAD0A9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9A24BDC7-995E-4F25-8381-2B115B4223FD}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"{ACC1EC85-4793-4F57-BE84-D66AC3887FD2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AF168823-1909-4970-9C67-1BEFAB62AB60}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B8A55767-11AF-4101-AA10-00EA24CD7720}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\oddworld abes exoddus\exoddus.exe |
"{BA8A01A3-BFAE-4A2A-9EDC-14CE1097690C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BC7D06CD-02FC-4E57-9E0C-1512FF257C41}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{BEDEBD35-40B2-4566-87A9-4595D6F174A2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"{C8EBEEB2-6DBB-4D7E-A193-9471BF35CDFD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{CB380EA5-BAFB-4486-9D09-D86EA70B09E9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CBD60ED3-C6DF-4AAB-9096-595292B7CBA1}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age 2\bin_ship\dragonage2.exe |
"{CCADDE70-3659-49F1-8FE4-263466DE09EA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CED1F4A4-41D7-4C60-AA5A-3B2A78693175}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{D0979B06-125B-412B-8279-935C00C17FC8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D25C7D30-BD18-4800-A6E1-C724A33F83F9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{D8DA9A03-ECC9-42D1-868C-71737CB36F37}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{DCC77A6E-9E27-41CE-928D-E6ACD9B9F43E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{DCDBA3DE-7C4C-43E5-82C5-CED8C97CF8AA}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{E15E8923-09E9-4872-8C14-AE6CCD0170FC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E34396F2-11B1-4284-A03A-3D58AC732F3C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
"{E4612DE6-F271-4B64-A411-4B38372430F4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\oddworld abes oddysee\abewin.exe |
"{E68B66FE-873A-4336-BCC8-18564B2D7A17}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{E744FBFD-3B90-4ECA-8309-BA8F2A533D3F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E83CADE8-8B4C-4C6B-B8E2-0F3007118125}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E8889F38-1C20-4FA9-8389-123E12D58056}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{EEFD8A19-1CBB-4DF6-B348-24FE728E09C1}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{F09B2300-F4BE-4E2F-AB68-5B184AE03F3E}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{F4058DB7-887E-43F3-985C-A81DC949B154}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{30EDAA78-1816-4ECF-A3C9-475D9ADA9954}C:\users\***\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\akamai\netsession_win.exe |
"TCP Query User{F37A9193-CA4F-4048-A3E2-E46F85B6776E}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"UDP Query User{86E859AD-89C2-40B2-BAF5-0698E66B7CE4}C:\users\***\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\akamai\netsession_win.exe |
"UDP Query User{A65508BF-9C01-471E-86F4-CAEF49B5B07D}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0857F88E-C72B-B4C4-6019-5A6D2050229C}" = AMD Catalyst Install Manager
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416025FF}" = Java(TM) 6 Update 25 (64-bit)
"{2BA8381A-F47A-0A1A-8CDC-9EED42CBF73A}" = AMD Media Foundation Decoders
"{389D85F6-D005-095E-3C49-3675754B41F8}" = AMD Drag and Drop Transcoding
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"{A762DDE6-D6AC-ECDC-DFBE-E35A0FCFB0AD}" = AMD Fuel
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{C5CFDA3B-64EC-21EE-6652-0E9AFC41FF8F}" = ccc-utility64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"{F4F0546E-E0F2-5D87-A502-B0B2FBFDD7CD}" = AMD Accelerated Video Transcoding
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_AUDIO_HDA_HDMI" = Conexant Audio Driver For AMD HDMI Codec
"GIMP-2_is1" = GIMP 2.8.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01B9D184-F3C5-48B2-6DBA-56D5DCD85E97}" = CCC Help Chinese Traditional
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{062BC4B4-891A-C58D-B335-7A6358BB438C}" = CCC Help English
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{073B89C3-BA88-41B5-965F-B35A88EAE838}" = TOSHIBA Supervisor Password
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}" = Razer Synapse 2.0
"{0E4545D7-2B4B-1EF1-505E-1B9E512980F1}" = CCC Help Portuguese
"{0FF68F26-416C-4954-ACA5-6AD5F9DE99C1}" = Nero Multimedia Suite 10 Essentials
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{15DA32B6-4726-AABE-E3BD-761DA0DE4132}" = CCC Help Norwegian
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2290A680-4083-410A-ADCC-7092C67FC052}" = TOSHIBA Online Product Information
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{2764C49D-4BFD-A240-F64D-E11AF855C714}" = CCC Help Swedish
"{29E21CFC-5DEE-6441-AD4A-C15655BFC146}" = CCC Help Chinese Standard
"{2C03DD9D-D28B-9D33-22DA-AB1C007B8412}" = CCC Help Spanish
"{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}" = Six Updater
"{2DE1BCDB-48F7-723F-1DF0-FAB7B4184CE4}" = CCC Help Danish
"{2FF505C2-318E-7B51-FA77-51B9E6F0677D}" = CCC Help Czech
"{30E02033-8A23-ABF8-474C-1CD0C7504659}" = CCC Help French
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{3D047C6C-19EE-46E3-C14B-9FA84260DF9B}" = Photo Service - powered by myphotobook
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{43BAB72A-5430-FD3B-ADBD-02105E4AEE03}" = CCC Help Thai
"{492B292A-8A5E-EE0D-5EAA-B303CCB1F14D}" = CCC Help Italian
"{496CD607-9E63-4809-8C10-3EDD85AF7FC3}" = S4 League_EU
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B487EAF-EC47-EDEF-599B-CA45F17DD5D0}" = Catalyst Control Center Graphics Previews Common
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{59FB5F5C-B127-D725-72CF-D8ECEF40163D}" = CCC Help Finnish
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6DFCEE0F-17DA-93D0-65EE-C280DA539FFD}" = CCC Help Korean
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{78482808-3AE8-5650-52AD-2E73D0C6BB43}" = Catalyst Control Center Localization All
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BE504E9-0677-87AC-07D2-1A1428E17A92}" = Catalyst Control Center InstallProxy
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D4B4AB4-C554-66E3-1214-5C109C504220}" = Catalyst Control Center InstallProxy
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}" = TOSHIBA Hardware Setup
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92AF2F5A-4407-4A03-A80A-5A2582264746}" = Crysis(R) SP Demo
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{9ECE13D2-C028-44CB-8A96-A65196E7BBE7}_is1" = Convert AVI to MP4 1.3
"{A2S166A0-F031-4E27-A057-C69733219434}_is1" = TERA
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite DCP-135C
"{A60C5BE1-9644-01E7-5E8A-5F0318D268C6}" = AMD VISION Engine Control Center
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A74F16FA-1D5B-405B-8D8D-1BC6F9DAED8B}" = Amazon.de
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9674831-B5FC-32DA-D7F7-067DB3FC36C8}" = CCC Help Polish
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B24A294A-5BA2-E73D-2064-80BB7A940102}" = CCC Help Japanese
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{BECC92A2-F74A-9003-214D-7F2B059B61D1}" = CCC Help Turkish
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C9FB868B-2086-4EE2-BD4F-BFBA36B131F4}" = NCsoft Launcher
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1953F1B-F323-B5BC-4513-BC82EFED21DD}" = CCC Help Dutch
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D9D98127-FC22-6734-079B-F68E15BDCC8F}" = Application Profiles
"{DBB7021A-3437-446F-ACE5-7261644A972C}" = Toshiba TEMPRO
"{DDB9AF26-1CA1-99F6-A3E5-3D76D6D45BE7}" = CCC Help Greek
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0FA217A-9661-02A8-E259-A2702CBD8C40}" = CCC Help German
"{E0FAA369-B0E3-48B8-9447-4873103B0012}" = TOSHIBA ConfigFree
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E72F1051-B87E-4EF4-AE9F-8FDD229CC438}" = Catalyst Control Center - Branding
"{EB3C9064-9140-4279-9E51-965119402151}" = Plantronics® GameCom 780 Software for Dolby® Headphone
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBD2E918-2C91-A25B-DFA8-E9E96673061D}" = CCC Help Russian
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F950EC87-8370-F6BC-4996-1C2A0B486E5F}" = CCC Help Hungarian
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface Service
"Audacity_is1" = Audacity 2.0.2
"BattlEye for A2" = BattlEye Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"Diablo III" = Diablo III
"EADM" = EA Download Manager
"eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Photo Service - powered by myphotobook
"FileZilla Client" = FileZilla Client 3.5.3
"Fraps" = Fraps
"Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3.12.1228
"Game Booster_is1" = Game Booster 3
"Google Chrome" = Google Chrome
"Guild Wars 2" = Guild Wars 2
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360" = Norton 360
"NCLauncher_GameForge" = NC Launcher (GameForge)
"OpenAL" = OpenAL
"RocketDock_is1" = RocketDock 1.3.5
"SpeedFan" = SpeedFan (remove only)
"StarCraft II" = StarCraft II
"Steam App 15700" = Oddworld: Abe's Oddysee
"Steam App 15710" = Oddworld: Abe's Exoddus
"Steam App 33910" = ARMA 2
"Steam App 33930" = ARMA 2: Operation Arrowhead
"TIPP10_is1" = TIPP10 Version 2.1.0
"TmNationsForever_is1" = TmNationsForever
"TOSHIBA Game Console" = WildTangent ORB Game Console
"VLC media player" = VLC media player 1.1.11
"WildTangent toshiba Master Uninstall" = WildTangent-Spiele
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"WT088682" = Bejeweled 2 Deluxe
"WT088696" = Chuzzle Deluxe
"WT088759" = Polar Bowler
"WT089367" = Farm Mania 2
"WT089378" = Jewel Quest II
"WT089380" = Penguins!
"WT089381" = Slingo Supreme
"WT089388" = Zuma Deluxe
"WT089395" = Plants vs. Zombies - Game of the Year
"WT089404" = Fishdom
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3823257520-3918744310-912333811-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"101a9f93b8f0bb6f" = Curse Client
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 07.11.2012 13:04:14 | Computer Name = TOSH123 | Source = Windows Search Service | ID = 3058
Description =
Error - 07.11.2012 13:04:14 | Computer Name = TOSH123 | Source = Windows Search Service | ID = 7010
Description =
Error - 08.11.2012 09:00:41 | Computer Name = TOSH123 | Source = VSS | ID = 8194
Description =
Error - 08.11.2012 13:41:43 | Computer Name = TOSH123 | Source = Application Hang | ID = 1002
Description = Programm LolClient.exe, Version 2.0.2.12610 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in
der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1c68 Startzeit: 01cdbdd5dd0bc4f1 Endzeit: 5 Anwendungspfad: D:\League
of Legends\RADS\projects\lol_air_client\releases\0.0.0.220\deploy\LolClient.exe
Berichts-ID:
871048ce-29cb-11e2-ba55-00266ca7fdce
Error - 09.11.2012 09:54:12 | Computer Name = TOSH123 | Source = VSS | ID = 8194
Description =
Error - 09.11.2012 11:46:57 | Computer Name = TOSH123 | Source = VSS | ID = 8194
Description =
Error - 12.11.2012 16:07:45 | Computer Name = TOSH123 | Source = VSS | ID = 8194
Description =
Error - 12.11.2012 17:27:02 | Computer Name = TOSH123 | Source = VSS | ID = 8194
Description =
Error - 13.11.2012 12:53:30 | Computer Name = TOSH123 | Source = VSS | ID = 8194
Description =
Error - 14.11.2012 16:21:30 | Computer Name = TOSH123 | Source = VSS | ID = 8194
Description =
[ System Events ]
Error - 13.11.2012 17:25:46 | Computer Name = TOSH123 | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "WINDOWS" den Befehl "chkdsk" aus.
Error - 13.11.2012 17:25:46 | Computer Name = TOSH123 | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "WINDOWS" den Befehl "chkdsk" aus.
Error - 13.11.2012 17:25:46 | Computer Name = TOSH123 | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "WINDOWS" den Befehl "chkdsk" aus.
Error - 13.11.2012 17:25:46 | Computer Name = TOSH123 | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "WINDOWS" den Befehl "chkdsk" aus.
Error - 13.11.2012 17:25:46 | Computer Name = TOSH123 | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "WINDOWS" den Befehl "chkdsk" aus.
Error - 13.11.2012 17:25:46 | Computer Name = TOSH123 | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "WINDOWS" den Befehl "chkdsk" aus.
Error - 13.11.2012 17:25:46 | Computer Name = TOSH123 | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "WINDOWS" den Befehl "chkdsk" aus.
Error - 14.11.2012 10:13:06 | Computer Name = TOSH123 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 15.11.2012 04:42:38 | Computer Name = TOSH123 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 15.11.2012 04:46:49 | Computer Name = TOSH123 | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst MMCSS erreicht.
< End of report >
Geändert von Tenerok (15.11.2012 um 18:02 Uhr) |
|
17.11.2012, 02:06
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojan.Maljava - Infektion Hallo und
__________________ Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Zitat:
 Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner siehe http://www.trojaner-board.de/125889-...tml#post941520
__________________ |
|
17.11.2012, 03:45
| #3 |
| | Trojan.Maljava - Infektion Hallo cosinus,
__________________Erstmal danke, dass du dir Zeit für mein Problem nimmst. Da ich mir nicht vollkommen sicher war, wie lange es bis zu einer Antwort dauern könnte, hatte ich einige Sachen selbst in die Hand genommen: Da ich mehrere Versionen von Java auf meinem Rechner hatte, hatte ich die älteren Versionen gelöscht und die Neuste installiert. Außerdem hatte ich die temporären Daten von Java gelöscht. Selbes gilt für zwei Spiele, die ich nicht mehr spiele. Ich weiß es nun besser und werde in Zukunft den Schritten folgen. Hier der Log von Norton: Code:
ATTFilter Kategorie:Scan - Ergebnisse Datum/Uhrzeit,Risiko,Aktivität,Status,Scandauer (T:S:M:S),Insgesamt gescannte Elemente,Dateien und Verzeichnisse,Registrierungseinträge,Prozesse und Elemente beim Start,Netzwerk- und Browserelemente,Andere,Vertrauenswürdige Dateien,Übersprungene Dateien,Insgesamt erkannte Sicherheitsrisiken,Insgesamt behobene Sicherheitsrisiken,"Sicherkeitsrisiken insgesamt, die ein Eingreifen erfordern",Virus,Tracking Cookies,Virus behoben,Tracking Cookies behoben 15.11.2012 16:03:37,Infos,Quick Scan - Ergebnisse,Abgeschlossen,0:00:05:40,12.286,3.856,741,7.027,655,7,1.537,0,0,0,0,,,, 14.11.2012 21:24:12,Infos,Quick Scan - Ergebnisse,Abgeschlossen,0:00:06:48,12.416,3.841,741,7.173,654,7,1.533,0,0,0,0,,,, 13.11.2012 17:52:01,Infos,Vollständiger Systemscan - Ergebnisse,Abgeschlossen,0:01:20:04,615.952,607.181,741,7.289,734,7,13.498,22.568,3,3,0,2,1,2,1 11.11.2012 15:17:34,Infos,Quick Scan - Ergebnisse,Abgeschlossen,0:00:04:04,12.263,3.854,741,7.003,658,7,1.531,0,0,0,0,,,, 13.11.2012 20:46:33,Infos,Quick Scan - Ergebnisse,Abgeschlossen,0:00:05:56,11.821,3.822,741,6.604,647,7,1.503,0,0,0,0,,,, 11.11.2012 20:38:27,Infos,Quick Scan - Ergebnisse,Abgeschlossen,0:00:03:41,11.804,3.767,741,6.553,736,7,1.518,120,1,1,0,,1,,1 10.11.2012 14:30:44,Infos,Quick Scan - Ergebnisse,Abgeschlossen,0:00:03:41,11.208,3.687,741,6.063,710,7,1.451,0,1,1,0,,1,,1 15.11.2012 21:06:21,Infos,Vollständiger Systemscan - Ergebnisse,Abgeschlossen,0:01:12:24,546.340,538.074,747,6.800,712,7,13.354,22.843,0,0,0,,,, 15.11.2012 19:21:33,Infos,Quick Scan - Ergebnisse,Abgeschlossen,0:00:03:15,12.279,3.869,747,6.928,728,7,1.553,185,1,1,0,,1,,1 Kategorie:Behobene Sicherheitsrisiken Datum/Uhrzeit,Risiko,Aktivität,Status,Empfohlene Aktion,Pfad - Dateiname 13.11.2012 17:20:47,Hoch,Trojan.Maljava erkannt von Virenscanner,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\***\appdata\locallow\sun\java\deployment\cache\6.0\39\5731f227-5ceb465d 13.11.2012 17:20:47,Hoch,Trojan.Maljava erkannt von Virenscanner,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\***\appdata\locallow\sun\java\deployment\cache\6.0\39\5731f227-5ceb465d 13.11.2012 16:35:46,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich, 11.11.2012 20:38:26,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich, 10.11.2012 14:30:44,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich, 15.11.2012 19:21:33,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich, Kategorie:Quarantäne Datum/Uhrzeit,Risiko,Aktivität,Status,Empfohlene Aktion,Pfad - Dateiname 13.11.2012 17:20:47,Hoch,Trojan.Maljava erkannt von Virenscanner,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\***\appdata\locallow\sun\java\deployment\cache\6.0\39\5731f227-5ceb465d 13.11.2012 17:20:47,Hoch,Trojan.Maljava erkannt von Virenscanner,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\***\appdata\locallow\sun\java\deployment\cache\6.0\39\5731f227-5ceb465d Kategorie:Firewall - Netzwerk und Verbindungen Datum/Uhrzeit,Risiko,Aktivität,Status,Empfohlene Aktion,Kategorie,Physische Gateway-Adresse,Subnetz-Identifikation,Gateway-IP-Adresse 15.11.2012 22:57:28,Infos,"Die Verbindung mit einem neu erkannten Netzwerk an Adapter \"Software Loopback Interface 1\" (IP-Adresse: 127.0.0.1) wird geschützt.",Erkannt,Keine Aktion erforderlich,Firewall - Netzwerk und Verbindungen,,, 15.11.2012 22:57:28,Infos,"Die Verbindung mit einem neu erkannten Netzwerk an Adapter \"Software Loopback Interface 1\" (IP-Adresse: ::1) wird geschützt.",Erkannt,Keine Aktion erforderlich,Firewall - Netzwerk und Verbindungen,,, 15.11.2012 22:58:14,Infos,"Die Verbindung mit einem neu erkannten Netzwerk an Adapter \"Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC\" (IP-Adresse: 192.168.2.100) wird geschützt.",Erkannt,Keine Aktion erforderlich,Firewall - Netzwerk und Verbindungen,,, 15.11.2012 22:58:14,Infos,"Die Verbindung mit einem neu erkannten Netzwerk an Adapter \"Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC\" (IP-Adresse: fe80::982c:10bc:9bb1:696b%12) wird geschützt.",Erkannt,Keine Aktion erforderlich,Firewall - Netzwerk und Verbindungen,,, 15.11.2012 22:58:21,Infos,Sie haben eine Verbindung mit einem geschützten Netzwerk hergestellt. (74 31 70 F0 01 EC),Geschützt,Keine Aktion erforderlich,,74 31 70 F0 01 EC,, 15.11.2012 22:58:21,Infos,Sie haben eine Verbindung mit einem geschützten Netzwerk hergestellt. (127.0.0.0/255.0.0.0),Geschützt,Keine Aktion erforderlich,,,127.0.0.0/255.0.0.0, 15.11.2012 22:58:33,Infos,"Die Verbindung mit einem neu erkannten Netzwerk an Adapter \"Teredo Tunneling Pseudo-Interface\" (IP-Adresse: 2001::5ef5:79fb:3ce3:10e4:b003:3bfd) wird geschützt.",Erkannt,Keine Aktion erforderlich,Firewall - Netzwerk und Verbindungen,,, 15.11.2012 22:58:33,Infos,"Die Verbindung mit einem neu erkannten Netzwerk an Adapter \"Teredo Tunneling Pseudo-Interface\" (IP-Adresse: fe80::3ce3:10e4:b003:3bfd%19) wird geschützt.",Erkannt,Keine Aktion erforderlich,Firewall - Netzwerk und Verbindungen,,, 16.11.2012 12:41:40,Infos,"Die Verbindung mit einem neu erkannten Netzwerk an Adapter \"Software Loopback Interface 1\" (IP-Adresse: 127.0.0.1) wird geschützt.",Erkannt,Keine Aktion erforderlich,Firewall - Netzwerk und Verbindungen,,, 16.11.2012 12:41:40,Infos,"Die Verbindung mit einem neu erkannten Netzwerk an Adapter \"Software Loopback Interface 1\" (IP-Adresse: ::1) wird geschützt.",Erkannt,Keine Aktion erforderlich,Firewall - Netzwerk und Verbindungen,,, 16.11.2012 12:42:07,Infos,"Die Verbindung mit einem neu erkannten Netzwerk an Adapter \"Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC\" (IP-Adresse: 192.168.2.100) wird geschützt.",Erkannt,Keine Aktion erforderlich,Firewall - Netzwerk und Verbindungen,,, 16.11.2012 12:42:07,Infos,"Die Verbindung mit einem neu erkannten Netzwerk an Adapter \"Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC\" (IP-Adresse: fe80::982c:10bc:9bb1:696b%12) wird geschützt.",Erkannt,Keine Aktion erforderlich,Firewall - Netzwerk und Verbindungen,,, 16.11.2012 12:42:23,Infos,Sie haben eine Verbindung mit einem geschützten Netzwerk hergestellt. (74 31 70 F0 01 EC),Geschützt,Keine Aktion erforderlich,,74 31 70 F0 01 EC,, 16.11.2012 12:42:25,Infos,Sie haben eine Verbindung mit einem geschützten Netzwerk hergestellt. (127.0.0.0/255.0.0.0),Geschützt,Keine Aktion erforderlich,,,127.0.0.0/255.0.0.0, 16.11.2012 12:42:25,Infos,Sie haben eine Verbindung mit einem geschützten Netzwerk hergestellt. (::0),Geschützt,Keine Aktion erforderlich,,,,::0 16.11.2012 12:42:26,Infos,"Die Verbindung mit einem neu erkannten Netzwerk an Adapter \"Teredo Tunneling Pseudo-Interface\" (IP-Adresse: 2001::5ef5:73b8:cd3:2973:3f57:fd9b) wird geschützt.",Erkannt,Keine Aktion erforderlich,Firewall - Netzwerk und Verbindungen,,, 16.11.2012 12:42:26,Infos,"Die Verbindung mit einem neu erkannten Netzwerk an Adapter \"Teredo Tunneling Pseudo-Interface\" (IP-Adresse: fe80::cd3:2973:3f57:fd9b%19) wird geschützt.",Erkannt,Keine Aktion erforderlich,Firewall - Netzwerk und Verbindungen,,, Kategorie:Firewall - Aktivitäten Datum/Uhrzeit,Risiko,Aktivität,Status,Empfohlene Aktion,Kategorie,Programmname,Programmpfad,Standardaktionen,Durchgeführte Aktion,Lokaler Computer,Beschreibung des Datenverkehrs 15.11.2012 22:55:59,Infos,Es ist kein Benutzer eingeloggt. ,Erkannt,Keine Aktion erforderlich,Firewall - Aktivitäten,,,,,, 15.11.2012 22:57:23,Infos,Firewall wurde aktiviert. ,Erkannt,Keine Aktion erforderlich,Firewall - Aktivitäten,,,,,, 15.11.2012 22:57:23,Infos,Firewall-Konfiguration wurde aktualisiert: 189 Regeln.,Erkannt,Keine Aktion erforderlich,Firewall - Aktivitäten,,,,,, 15.11.2012 22:58:18,Infos,"Firewall-Einstellung \"AlertThreadEnable\" geändert.",Erkannt,Keine Aktion erforderlich,Firewall - Aktivitäten,,,,,, 15.11.2012 22:58:20,Infos,Firewall-Konfiguration wurde aktualisiert: 191 Regeln.,Erkannt,Keine Aktion erforderlich,Firewall - Aktivitäten,,,,,, 15.11.2012 22:58:17,Infos,Sie haben Firewall-Regeln für den Zugriff von Local Security Authority Process auf Ihre Netzwerkressourcen erstellt.,Benutzerdefiniert,Keine Aktion erforderlich,,Local Security Authority Process,C:\Windows\System32\lsass.exe,Keine Aktion erforderlich,Benutzerkonfigurierte Regeln,"0.0.0.0, 1028","Eingehend TCP, Port 1028" 15.11.2012 22:58:17,Infos,Sie haben den Zugriff von Local Security Authority Process auf Ihre Netzwerkressourcen zugelassen.,Zugelassen,Keine Aktion erforderlich,,Local Security Authority Process,C:\Windows\System32\lsass.exe,Keine Aktion erforderlich,Zulassen,"::0, 1028","Eingehend TCP, Port 1028" 15.11.2012 22:58:19,Infos,Sie haben Firewall-Regeln für den Zugriff von Message Queuing Service auf Ihre Netzwerkressourcen erstellt.,Benutzerdefiniert,Keine Aktion erforderlich,,Message Queuing Service,C:\Windows\System32\mqsvc.exe,Keine Aktion erforderlich,Benutzerkonfigurierte Regeln,"localhost (::1), 1801","Eingehend TCP, Port 1801" 15.11.2012 22:58:20,Infos,Sie haben Firewall-Regeln für den Zugriff von Message Queuing Service auf Ihre Netzwerkressourcen erstellt.,Benutzerdefiniert,Keine Aktion erforderlich,,Message Queuing Service,C:\Windows\System32\mqsvc.exe,Keine Aktion erforderlich,Benutzerkonfigurierte Regeln,"0.0.0.0, 1029","Eingehend TCP, Port 1029" 15.11.2012 22:58:21,Infos,Sie haben Firewall-Regeln für den Zugriff von Message Queuing Service auf Ihre Netzwerkressourcen erstellt.,Benutzerdefiniert,Keine Aktion erforderlich,,Message Queuing Service,C:\Windows\System32\mqsvc.exe,Keine Aktion erforderlich,Benutzerkonfigurierte Regeln,"0.0.0.0, 2107","Eingehend TCP, Port 2107" 15.11.2012 22:58:21,Infos,Sie haben Firewall-Regeln für den Zugriff von Message Queuing Service auf Ihre Netzwerkressourcen erstellt.,Benutzerdefiniert,Keine Aktion erforderlich,,Message Queuing Service,C:\Windows\System32\mqsvc.exe,Keine Aktion erforderlich,Benutzerkonfigurierte Regeln,"0.0.0.0, 2103","Eingehend TCP, Port 2103" 15.11.2012 22:58:21,Infos,Sie haben Firewall-Regeln für den Zugriff von Message Queuing Service auf Ihre Netzwerkressourcen erstellt.,Benutzerdefiniert,Keine Aktion erforderlich,,Message Queuing Service,C:\Windows\System32\mqsvc.exe,Keine Aktion erforderlich,Benutzerkonfigurierte Regeln,"0.0.0.0, 2105","Eingehend TCP, Port 2105" 15.11.2012 22:58:21,Infos,Firewall-Konfiguration wurde aktualisiert: 195 Regeln.,Erkannt,Keine Aktion erforderlich,Firewall - Aktivitäten,,,,,, 15.11.2012 22:58:21,Infos,Sie haben Firewall-Regeln für den Zugriff von Anwendung für Dienste und Controller auf Ihre Netzwerkressourcen erstellt.,Benutzerdefiniert,Keine Aktion erforderlich,,Anwendung für Dienste und Controller,C:\Windows\System32\services.exe,Keine Aktion erforderlich,Benutzerkonfigurierte Regeln,"0.0.0.0, 1030","Eingehend TCP, Port 1030" 15.11.2012 22:58:23,Infos,Firewall-Konfiguration wurde aktualisiert: 196 Regeln.,Erkannt,Keine Aktion erforderlich,Firewall - Aktivitäten,,,,,, 15.11.2012 22:58:23,Infos,Firewall-Regeln wurden automatisch erstellt für Spoolersubsystem-Anwendung.,Geschützt,Keine Aktion erforderlich,,Spoolersubsystem-Anwendung,C:\Windows\System32\spoolsv.exe,Keine Aktion erforderlich,Regeln automatisch erstellen,"0.0.0.0, 1033","Eingehend TCP, Port 1033" 15.11.2012 22:58:38,Infos,Benutzer hat sich eingeloggt. ,Erkannt,Keine Aktion erforderlich,Firewall - Aktivitäten,,,,,, 16.11.2012 01:03:45,Infos,Es ist kein Benutzer eingeloggt. ,Erkannt,Keine Aktion erforderlich,Firewall - Aktivitäten,,,,,, 16.11.2012 12:41:35,Infos,Firewall wurde aktiviert. ,Erkannt,Keine Aktion erforderlich,Firewall - Aktivitäten,,,,,, 16.11.2012 12:41:37,Infos,Firewall-Konfiguration wurde aktualisiert: 196 Regeln.,Erkannt,Keine Aktion erforderlich,Firewall - Aktivitäten,,,,,, 16.11.2012 12:42:20,Infos,"Firewall-Einstellung \"AlertThreadEnable\" geändert.",Erkannt,Keine Aktion erforderlich,Firewall - Aktivitäten,,,,,, 16.11.2012 12:42:30,Infos,Firewall-Konfiguration wurde aktualisiert: 196 Regeln.,Erkannt,Keine Aktion erforderlich,Firewall - Aktivitäten,,,,,, 16.11.2012 12:42:16,Infos,Sie haben Firewall-Regeln für den Zugriff von Anwendung für Dienste und Controller auf Ihre Netzwerkressourcen erstellt.,Benutzerdefiniert,Keine Aktion erforderlich,,Anwendung für Dienste und Controller,C:\Windows\System32\services.exe,Keine Aktion erforderlich,Benutzerkonfigurierte Regeln,"0.0.0.0, 1031","Eingehend TCP, Port 1031" 16.11.2012 12:42:16,Infos,Sie haben den Zugriff von Anwendung für Dienste und Controller auf Ihre Netzwerkressourcen zugelassen.,Zugelassen,Keine Aktion erforderlich,,Anwendung für Dienste und Controller,C:\Windows\System32\services.exe,Keine Aktion erforderlich,Zulassen,"::0, 1031","Eingehend TCP, Port 1031" 16.11.2012 12:42:43,Infos,Benutzer hat sich eingeloggt. ,Erkannt,Keine Aktion erforderlich,Firewall - Aktivitäten,,,,,, 16.11.2012 12:49:44,Infos,Firewall-Regeln wurden automatisch erstellt für Java(TM) Platform SE binary.,Geschützt,Keine Aktion erforderlich,,Java(TM) Platform SE binary,C:\Program Files\Java\jre7\bin\javaw.exe,Keine Aktion erforderlich,Regeln automatisch erstellen,"7f00:1::d8b0:d605:80fa:ffff, 1194","Eingehend TCP, Port 1194" 16.11.2012 13:11:58,Infos,Firewall-Konfiguration wurde aktualisiert: 173 Regeln.,Erkannt,Keine Aktion erforderlich,Firewall - Aktivitäten,,,,,, 16.11.2012 13:48:23,Infos,Firewall-Konfiguration wurde aktualisiert: 175 Regeln.,Erkannt,Keine Aktion erforderlich,Firewall - Aktivitäten,,,,,, 16.11.2012 13:48:22,Infos,Firewall-Regeln wurden automatisch erstellt für Spoolersubsystem-Anwendung.,Geschützt,Keine Aktion erforderlich,,Spoolersubsystem-Anwendung,C:\Windows\System32\spoolsv.exe,Keine Aktion erforderlich,Regeln automatisch erstellen,"TOSH123 (192.168.2.100), 2194","Ausgehend TCP, dcom" 16.11.2012 13:48:23,Infos,Firewall-Konfiguration wurde aktualisiert: 175 Regeln.,Erkannt,Keine Aktion erforderlich,Firewall - Aktivitäten,,,,,, 16.11.2012 13:48:23,Infos,Firewall-Regeln wurden automatisch erstellt für Spoolersubsystem-Anwendung.,Geschützt,Keine Aktion erforderlich,,Spoolersubsystem-Anwendung,C:\Windows\System32\spoolsv.exe,Keine Aktion erforderlich,Regeln automatisch erstellen,"TOSH123 (192.168.2.100), 2195","Ausgehend TCP, Port 49157" 16.11.2012 14:06:26,Infos,Firewall-Konfiguration wurde aktualisiert: 177 Regeln.,Erkannt,Keine Aktion erforderlich,Firewall - Aktivitäten,,,,,, 16.11.2012 14:06:25,Infos,Firewall-Regeln wurden automatisch erstellt für HitmanPro 3.6.,Geschützt,Keine Aktion erforderlich,,HitmanPro 3.6,C:\Users\***\Desktop\hitman362\HitmanPro36_x64.exe,Keine Aktion erforderlich,Regeln automatisch erstellen,"TOSH123 (192.168.2.100), 2598","Ausgehend TCP, www-http" 16.11.2012 14:06:45,Infos,Firewall-Konfiguration wurde aktualisiert: 177 Regeln.,Erkannt,Keine Aktion erforderlich,Firewall - Aktivitäten,,,,,, 16.11.2012 14:06:43,Infos,Firewall-Regeln wurden automatisch erstellt für HitmanPro 3.6.,Geschützt,Keine Aktion erforderlich,,HitmanPro 3.6,C:\Users\***\Desktop\hitman362\HitmanPro36_x64.exe,Keine Aktion erforderlich,Regeln automatisch erstellen,"TOSH123 (192.168.2.100), 2602","Ausgehend TCP, www-http" 16.11.2012 14:07:24,Infos,Firewall-Konfiguration wurde aktualisiert: 177 Regeln.,Erkannt,Keine Aktion erforderlich,Firewall - Aktivitäten,,,,,, 16.11.2012 14:07:24,Infos,Firewall-Regeln wurden automatisch erstellt für HitmanPro 3.6.,Geschützt,Keine Aktion erforderlich,,HitmanPro 3.6,C:\Users\***\Desktop\hitman362\HitmanPro36_x64.exe,Keine Aktion erforderlich,Regeln automatisch erstellen,"TOSH123 (192.168.2.100), 2607","Ausgehend TCP, https" 16.11.2012 15:51:47,Infos,Firewall-Konfiguration wurde aktualisiert: 179 Regeln.,Erkannt,Keine Aktion erforderlich,Firewall - Aktivitäten,,,,,, 16.11.2012 15:51:45,Infos,Sie haben Firewall-Regeln für den Zugriff von adwcleaner auf Ihre Netzwerkressourcen erstellt.,Benutzerdefiniert,Keine Aktion erforderlich,,adwcleaner,C:\Users\***\Downloads\adwcleaner.exe,Keine Aktion erforderlich,Benutzerkonfigurierte Regeln,"TOSH123 (192.168.2.100), 4525","Ausgehend TCP, www-http" 16.11.2012 16:37:06,Infos,Firewall-Konfiguration wurde aktualisiert: 181 Regeln.,Erkannt,Keine Aktion erforderlich,Firewall - Aktivitäten,,,,,, 16.11.2012 16:37:04,Infos,Firewall-Regeln wurden automatisch erstellt für Emsisoft Anti-Malware Service.,Geschützt,Keine Aktion erforderlich,,Emsisoft Anti-Malware Service,C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe,Keine Aktion erforderlich,Regeln automatisch erstellen,"TOSH123 (192.168.2.100), 5929","Ausgehend TCP, www-http" 16.11.2012 16:47:14,Infos,Firewall-Konfiguration wurde aktualisiert: 183 Regeln.,Erkannt,Keine Aktion erforderlich,Firewall - Aktivitäten,,,,,, 16.11.2012 16:47:13,Infos,Sie haben Firewall-Regeln für den Zugriff von Hostprozess für Windows-Aufgaben auf Ihre Netzwerkressourcen erstellt.,Benutzerdefiniert,Keine Aktion erforderlich,,Hostprozess für Windows-Aufgaben,C:\Windows\System32\taskhost.exe,Keine Aktion erforderlich,Benutzerkonfigurierte Regeln,"TOSH123 (192.168.2.100), 6082","Ausgehend TCP, www-http" 16.11.2012 23:16:54,Infos,Firewall-Regeln wurden automatisch erstellt für League of Legends (TM) Client.,Geschützt,Keine Aktion erforderlich,,League of Legends (TM) Client,D:\League of Legends\rads\solutions\lol_game_client_sln\releases\0.0.0.200\deploy\League of Legends.exe,Keine Aktion erforderlich,Regeln automatisch erstellen,"TOSH123 (192.168.2.100), 15981","Ausgehend TCP, http-proxy-1" 16.11.2012 23:17:02,Infos,Firewall-Regeln wurden automatisch erstellt für League of Legends (TM) Client.,Geschützt,Keine Aktion erforderlich,,League of Legends (TM) Client,D:\League of Legends\rads\solutions\lol_game_client_sln\releases\0.0.0.200\deploy\League of Legends.exe,Keine Aktion erforderlich,Regeln automatisch erstellen,"TOSH123 (192.168.2.100), 15998","Ausgehend TCP, www-http" 16.11.2012 23:38:12,Infos,Firewall-Regeln wurden automatisch erstellt für League of Legends (TM) Client.,Geschützt,Keine Aktion erforderlich,,League of Legends (TM) Client,D:\League of Legends\rads\solutions\lol_game_client_sln\releases\0.0.0.200\deploy\League of Legends.exe,Keine Aktion erforderlich,Regeln automatisch erstellen,"TOSH123 (192.168.2.100), 56584","Ausgehend UDP, Port 5149" 17.11.2012 00:14:27,Infos,Firewall-Regeln wurden automatisch erstellt für League of Legends (TM) Client.,Geschützt,Keine Aktion erforderlich,,League of Legends (TM) Client,D:\League of Legends\rads\solutions\lol_game_client_sln\releases\0.0.0.200\deploy\League of Legends.exe,Keine Aktion erforderlich,Regeln automatisch erstellen,"TOSH123 (192.168.2.100), 64527","Ausgehend UDP, Port 5121" 17.11.2012 01:18:39,Infos,Firewall-Regeln wurden automatisch erstellt für League of Legends (TM) Client.,Geschützt,Keine Aktion erforderlich,,League of Legends (TM) Client,D:\League of Legends\rads\solutions\lol_game_client_sln\releases\0.0.0.200\deploy\League of Legends.exe,Keine Aktion erforderlich,Regeln automatisch erstellen,"TOSH123 (192.168.2.100), 53092","Ausgehend UDP, Port 5139" 17.11.2012 02:00:36,Infos,Firewall-Konfiguration wurde aktualisiert: 179 Regeln.,Erkannt,Keine Aktion erforderlich,Firewall - Aktivitäten,,,,,, 17.11.2012 02:04:28,Infos,Firewall-Konfiguration wurde aktualisiert: 181 Regeln.,Erkannt,Keine Aktion erforderlich,Firewall - Aktivitäten,,,,,, 17.11.2012 02:04:27,Infos,Firewall-Regeln wurden automatisch erstellt für Spoolersubsystem-Anwendung.,Geschützt,Keine Aktion erforderlich,,Spoolersubsystem-Anwendung,C:\Windows\System32\spoolsv.exe,Keine Aktion erforderlich,Regeln automatisch erstellen,"TOSH123 (192.168.2.100), 17845","Ausgehend TCP, dcom" 17.11.2012 02:04:28,Infos,Firewall-Konfiguration wurde aktualisiert: 181 Regeln.,Erkannt,Keine Aktion erforderlich,Firewall - Aktivitäten,,,,,, 17.11.2012 02:04:28,Infos,Firewall-Regeln wurden automatisch erstellt für Spoolersubsystem-Anwendung.,Geschützt,Keine Aktion erforderlich,,Spoolersubsystem-Anwendung,C:\Windows\System32\spoolsv.exe,Keine Aktion erforderlich,Regeln automatisch erstellen,"TOSH123 (192.168.2.100), 17846","Ausgehend TCP, Port 49157" 15.11.2012 20:52:32,Infos,"Regel \"Standardblockierung EPMAPSMB\" blockiert (***-PC.Speedport_W_723V_1_26_000 (192.168.2.101), Port dcom(135) ). Eingehende TCP-Verbindung. ",Erkannt,Keine Aktion erforderlich,Firewall - Aktivitäten,,,,,, 15.11.2012 20:52:38,Infos,"Regel \"Standardblockierung EPMAPSMB\" blockiert (***-PC.Speedport_W_723V_1_26_000 (192.168.2.101), Port dcom(135) ). Eingehende TCP-Verbindung. ",Erkannt,Keine Aktion erforderlich,Firewall - Aktivitäten,,,,,, 15.11.2012 21:24:30,Infos,"Regel \"Standardblockierung EPMAPSMB\" blockiert (***-PC.Speedport_W_723V_1_26_000 (192.168.2.101), Port dcom(135) ). Eingehende TCP-Verbindung. ",Erkannt,Keine Aktion erforderlich,Firewall - Aktivitäten,,,,,, 15.11.2012 21:24:33,Infos,"Regel \"Standardblockierung EPMAPSMB\" blockiert (***-PC.Speedport_W_723V_1_26_000 (192.168.2.101), Port dcom(135) ). Eingehende TCP-Verbindung. ",Erkannt,Keine Aktion erforderlich,Firewall - Aktivitäten,,,,,, 15.11.2012 21:24:39,Infos,"Regel \"Standardblockierung EPMAPSMB\" blockiert (***-PC.Speedport_W_723V_1_26_000 (192.168.2.101), Port dcom(135) ). Eingehende TCP-Verbindung. ",Erkannt,Keine Aktion erforderlich,Firewall - Aktivitäten,,,,,, 15.11.2012 21:24:51,Infos,"Regel \"Standardblockierung EPMAPSMB\" blockiert (***-PC.Speedport_W_723V_1_26_000 (192.168.2.101), Port dcom(135) ). Eingehende TCP-Verbindung. ",Erkannt,Keine Aktion erforderlich,Firewall - Aktivitäten,,,,,, 15.11.2012 21:24:54,Infos,"Regel \"Standardblockierung EPMAPSMB\" blockiert (***-PC.Speedport_W_723V_1_26_000 (192.168.2.101), Port dcom(135) ). Eingehende TCP-Verbindung. ",Erkannt,Keine Aktion erforderlich,Firewall - Aktivitäten,,,,,, 15.11.2012 21:25:00,Infos,"Regel \"Standardblockierung EPMAPSMB\" blockiert (***-PC.Speedport_W_723V_1_26_000 (192.168.2.101), Port dcom(135) ). Eingehende TCP-Verbindung. ",Erkannt,Keine Aktion erforderlich,Firewall - Aktivitäten,,,,,, 15.11.2012 21:56:51,Infos,"Regel \"Standardblockierung EPMAPSMB\" blockiert (192.168.2.101, Port dcom(135) ). Eingehende TCP-Verbindung. ",Erkannt,Keine Aktion erforderlich,Firewall - Aktivitäten,,,,,, 15.11.2012 21:57:12,Infos,"Regel \"Standardblockierung EPMAPSMB\" blockiert (192.168.2.101, Port dcom(135) ). Eingehende TCP-Verbindung. ",Erkannt,Keine Aktion erforderlich,Firewall - Aktivitäten,,,,,, 15.11.2012 21:57:00,Infos,"Regel \"Standardblockierung EPMAPSMB\" blockiert (192.168.2.101, Port dcom(135) ). Eingehende TCP-Verbindung. ",Erkannt,Keine Aktion erforderlich,Firewall - Aktivitäten,,,,,, 15.11.2012 21:56:54,Infos,"Regel \"Standardblockierung EPMAPSMB\" blockiert (192.168.2.101, Port dcom(135) ). Eingehende TCP-Verbindung. ",Erkannt,Keine Aktion erforderlich,Firewall - Aktivitäten,,,,,, 15.11.2012 21:57:15,Infos,"Regel \"Standardblockierung EPMAPSMB\" blockiert (192.168.2.101, Port dcom(135) ). Eingehende TCP-Verbindung. ",Erkannt,Keine Aktion erforderlich,Firewall - Aktivitäten,,,,,, 15.11.2012 21:57:21,Infos,"Regel \"Standardblockierung EPMAPSMB\" blockiert (192.168.2.101, Port dcom(135) ). Eingehende TCP-Verbindung. ",Erkannt,Keine Aktion erforderlich,Firewall - Aktivitäten,,,,,, 15.11.2012 22:29:12,Infos,"Regel \"Standardblockierung EPMAPSMB\" blockiert (192.168.2.101, Port dcom(135) ). Eingehende TCP-Verbindung. ",Erkannt,Keine Aktion erforderlich,Firewall - Aktivitäten,,,,,, 15.11.2012 22:29:15,Infos,"Regel \"Standardblockierung EPMAPSMB\" blockiert (192.168.2.101, Port dcom(135) ). Eingehende TCP-Verbindung. ",Erkannt,Keine Aktion erforderlich,Firewall - Aktivitäten,,,,,, 15.11.2012 22:29:21,Infos,"Regel \"Standardblockierung EPMAPSMB\" blockiert (192.168.2.101, Port dcom(135) ). Eingehende TCP-Verbindung. ",Erkannt,Keine Aktion erforderlich,Firewall - Aktivitäten,,,,,, 15.11.2012 22:29:33,Infos,"Regel \"Standardblockierung EPMAPSMB\" blockiert (192.168.2.101, Port dcom(135) ). Eingehende TCP-Verbindung. ",Erkannt,Keine Aktion erforderlich,Firewall - Aktivitäten,,,,,, 15.11.2012 22:29:36,Infos,"Regel \"Standardblockierung EPMAPSMB\" blockiert (192.168.2.101, Port dcom(135) ). Eingehende TCP-Verbindung. ",Erkannt,Keine Aktion erforderlich,Firewall - Aktivitäten,,,,,, 15.11.2012 22:29:42,Infos,"Regel \"Standardblockierung EPMAPSMB\" blockiert (192.168.2.101, Port dcom(135) ). Eingehende TCP-Verbindung. ",Erkannt,Keine Aktion erforderlich,Firewall - Aktivitäten,,,,,, Kategorie:Intrusion Prevention Datum/Uhrzeit,Risiko,Aktivität,Status,Empfohlene Aktion,Kategorie,Standardaktionen,Durchgeführte Aktion 15.11.2012 22:58:17,Infos,Intrusion Prevention wurde aktiviert.,Erkannt,Keine Aktion erforderlich,Intrusion Prevention,Keine Aktion erforderlich,Keine Aktion erforderlich 15.11.2012 22:58:17,Infos,Version der Intrusion Prevention-Engine: 5.1.1.7 Version des Definitionssatzes: 20121114.001,Erkannt,Keine Aktion erforderlich,Intrusion Prevention,Keine Aktion erforderlich,Keine Aktion erforderlich 15.11.2012 22:58:16,Infos,Intrusion Prevention überwacht 2394 Signaturen. Treiberversion: 11.1.1.5,Erkannt,Keine Aktion erforderlich,Intrusion Prevention,Keine Aktion erforderlich,Keine Aktion erforderlich 16.11.2012 12:42:36,Infos,Version der Intrusion Prevention-Engine: 5.1.1.7 Version des Definitionssatzes: 20121114.001,Erkannt,Keine Aktion erforderlich,Intrusion Prevention,Keine Aktion erforderlich,Keine Aktion erforderlich 16.11.2012 12:42:36,Infos,Intrusion Prevention überwacht 2394 Signaturen. Treiberversion: 11.1.1.5,Erkannt,Keine Aktion erforderlich,Intrusion Prevention,Keine Aktion erforderlich,Keine Aktion erforderlich 16.11.2012 12:42:36,Infos,Intrusion Prevention wurde aktiviert.,Erkannt,Keine Aktion erforderlich,Intrusion Prevention,Keine Aktion erforderlich,Keine Aktion erforderlich 16.11.2012 13:03:47,Infos,Intrusion Prevention überwacht 2401 Signaturen. Treiberversion: 11.1.1.5,Erkannt,Keine Aktion erforderlich,Intrusion Prevention,Keine Aktion erforderlich,Keine Aktion erforderlich 16.11.2012 13:03:47,Infos,Version der Intrusion Prevention-Engine: 5.1.1.7 Version des Definitionssatzes: 20121115.001,Erkannt,Keine Aktion erforderlich,Intrusion Prevention,Keine Aktion erforderlich,Keine Aktion erforderlich 16.11.2012 13:03:47,Infos,Intrusion Prevention wurde aktiviert.,Erkannt,Keine Aktion erforderlich,Intrusion Prevention,Keine Aktion erforderlich,Keine Aktion erforderlich Kategorie:Download-Insight Datum/Uhrzeit,Risiko,Aktivität,Status,Pfad - Dateiname 15.11.2012 16:43:29,Infos,Download-Insight stellte den Start von defogger.exe fest,Zugriff zugelassen,c:\users\***\downloads\defogger.exe 15.11.2012 16:46:24,Infos,Download-Insight stellte den Start von otl.exe fest,Zugriff zugelassen,c:\users\***\downloads\otl.exe 15.11.2012 17:07:09,Infos,Download-Insight stellte den Start von mbam-setup-1.65.0.1400.exe fest,Zugriff zugelassen,c:\users\***\downloads\mbam-setup-1.65.0.1400.exe 15.11.2012 17:50:04,Infos,Download-Insight stellte den Start von defogger(1).exe fest,Zugriff zugelassen,c:\users\***\downloads\defogger(1).exe 15.11.2012 19:52:26,Infos,Download-Insight stellte den Start von jre-7u9-windows-x64.exe fest,Zugriff zugelassen,c:\users\***\downloads\jre-7u9-windows-x64.exe 16.11.2012 15:49:20,Infos,Download-Insight stellte den Start von adwcleaner.exe fest,Zugriff zugelassen,c:\users\***\downloads\adwcleaner.exe 16.11.2012 15:55:49,Infos,Download-Insight stellte den Start von adwcleaner_2.0.0.7.exe fest,Zugriff zugelassen,c:\users\***\desktop\adwcleaner_2.0.0.7.exe 16.11.2012 16:34:35,Infos,Download-Insight stellte den Start von emsisoftantimalwaresetup_7.0.0.12.exe fest,Zugriff zugelassen,c:\users\***\downloads\emsisoftantimalwaresetup_7.0.0.12.exe 15.11.2012 16:43:28,Infos,Download-Insight analysierte Defogger.exe,Zugriff zugelassen,c:\Users\***\Downloads\Defogger.exe 15.11.2012 16:46:21,Infos,Download-Insight analysierte OTL.exe,Zugriff zugelassen,c:\Users\***\Downloads\OTL.exe 15.11.2012 17:07:04,Infos,Download-Insight analysierte mbam-setup-1.65.0.1400.exe,Zugriff zugelassen,c:\Users\***\Downloads\mbam-setup-1.65.0.1400.exe 15.11.2012 17:49:56,Infos,Download-Insight analysierte Defogger(1).exe,Zugriff zugelassen,c:\Users\***\Downloads\Defogger(1).exe 15.11.2012 19:51:49,Infos,Download-Insight analysierte jre-7u9-windows-x64.exe,Zugriff zugelassen,c:\Users\***\Downloads\jre-7u9-windows-x64.exe 16.11.2012 15:49:16,Infos,Download-Insight analysierte adwcleaner.exe,Zugriff zugelassen,c:\Users\***\Downloads\adwcleaner.exe 16.11.2012 15:55:33,Infos,Download-Insight analysierte adwcleaner_2.0.0.7.exe,Zugriff zugelassen,c:\Users\***\Downloads\adwcleaner_2.0.0.7.exe 16.11.2012 16:34:32,Infos,Download-Insight analysierte EmsisoftAntiMalwareSetup_7.0.0.12.exe,Zugriff zugelassen,c:\Users\***\Downloads\EmsisoftAntiMalwareSetup_7.0.0.12.exe Kategorie:AntiSpam Datum/Uhrzeit,Risiko,Aktivität,Status,Empfohlene Aktion 16.11.2012 13:03:43,Infos,AntiSpam-Definitionsversion 20121115.006 wurde heruntergeladen,Erkannt,Keine Aktion erforderlich Kategorie:Identität Datum/Uhrzeit,Risiko,Aktivität,Status,Empfohlene Aktion 10.11.2012 13:17:09,Infos,Verwende Antiphishing-Definitionsversion 20121110.007,Erkannt,Keine Aktion erforderlich 10.11.2012 13:17:11,Infos,Antiphishing-Definitionsversion 20121110.007 wurde heruntergeladen,Erkannt,Keine Aktion erforderlich 10.11.2012 16:17:26,Infos,Verwende Antiphishing-Definitionsversion 20121110.008,Erkannt,Keine Aktion erforderlich 10.11.2012 16:17:30,Infos,Antiphishing-Definitionsversion 20121110.008 wurde heruntergeladen,Erkannt,Keine Aktion erforderlich 10.11.2012 23:17:41,Infos,Verwende Antiphishing-Definitionsversion 20121110.012,Erkannt,Keine Aktion erforderlich 10.11.2012 23:17:44,Infos,Antiphishing-Definitionsversion 20121110.012 wurde heruntergeladen,Erkannt,Keine Aktion erforderlich 11.11.2012 13:20:11,Infos,Verwende Antiphishing-Definitionsversion 20121111.005,Erkannt,Keine Aktion erforderlich 11.11.2012 13:20:13,Infos,Antiphishing-Definitionsversion 20121111.005 wurde heruntergeladen,Erkannt,Keine Aktion erforderlich 12.11.2012 12:15:33,Infos,Verwende Antiphishing-Definitionsversion 20121112.006,Erkannt,Keine Aktion erforderlich 12.11.2012 12:15:36,Infos,Antiphishing-Definitionsversion 20121112.006 wurde heruntergeladen,Erkannt,Keine Aktion erforderlich 12.11.2012 19:16:26,Infos,Verwende Antiphishing-Definitionsversion 20121112.010,Erkannt,Keine Aktion erforderlich 12.11.2012 19:16:31,Infos,Antiphishing-Definitionsversion 20121112.010 wurde heruntergeladen,Erkannt,Keine Aktion erforderlich 12.11.2012 22:26:40,Infos,Verwende Antiphishing-Definitionsversion 20121112.011,Erkannt,Keine Aktion erforderlich 12.11.2012 22:26:46,Infos,Antiphishing-Definitionsversion 20121112.011 wurde heruntergeladen,Erkannt,Keine Aktion erforderlich 13.11.2012 16:10:34,Infos,Verwende Antiphishing-Definitionsversion 20121113.005,Erkannt,Keine Aktion erforderlich 13.11.2012 16:10:37,Infos,Antiphishing-Definitionsversion 20121113.005 wurde heruntergeladen,Erkannt,Keine Aktion erforderlich 13.11.2012 20:42:18,Infos,Verwende Antiphishing-Definitionsversion 20121113.008,Erkannt,Keine Aktion erforderlich 13.11.2012 20:42:26,Infos,Antiphishing-Definitionsversion 20121113.008 wurde heruntergeladen,Erkannt,Keine Aktion erforderlich 14.11.2012 15:34:07,Infos,Verwende Antiphishing-Definitionsversion 20121114.008,Erkannt,Keine Aktion erforderlich 14.11.2012 15:34:09,Infos,Antiphishing-Definitionsversion 20121114.008 wurde heruntergeladen,Erkannt,Keine Aktion erforderlich 14.11.2012 21:18:41,Infos,Verwende Antiphishing-Definitionsversion 20121114.011,Erkannt,Keine Aktion erforderlich 14.11.2012 21:18:44,Infos,Antiphishing-Definitionsversion 20121114.011 wurde heruntergeladen,Erkannt,Keine Aktion erforderlich 15.11.2012 00:09:52,Infos,Verwende Antiphishing-Definitionsversion 20121114.013,Erkannt,Keine Aktion erforderlich 15.11.2012 00:09:54,Infos,Antiphishing-Definitionsversion 20121114.013 wurde heruntergeladen,Erkannt,Keine Aktion erforderlich 15.11.2012 10:04:00,Infos,Verwende Antiphishing-Definitionsversion 20121115.005,Erkannt,Keine Aktion erforderlich 15.11.2012 10:04:03,Infos,Antiphishing-Definitionsversion 20121115.005 wurde heruntergeladen,Erkannt,Keine Aktion erforderlich 15.11.2012 15:58:59,Infos,Verwende Antiphishing-Definitionsversion 20121115.008,Erkannt,Keine Aktion erforderlich 15.11.2012 15:59:04,Infos,Antiphishing-Definitionsversion 20121115.008 wurde heruntergeladen,Erkannt,Keine Aktion erforderlich 15.11.2012 19:45:55,Infos,Verwende Antiphishing-Definitionsversion 20121115.010,Erkannt,Keine Aktion erforderlich 15.11.2012 19:45:58,Infos,Antiphishing-Definitionsversion 20121115.010 wurde heruntergeladen,Erkannt,Keine Aktion erforderlich 15.11.2012 20:20:59,Infos,Verwende Antiphishing-Definitionsversion 20121115.011,Erkannt,Keine Aktion erforderlich 15.11.2012 20:21:01,Infos,Antiphishing-Definitionsversion 20121115.011 wurde heruntergeladen,Erkannt,Keine Aktion erforderlich 15.11.2012 23:31:16,Infos,Verwende Antiphishing-Definitionsversion 20121115.012,Erkannt,Keine Aktion erforderlich 15.11.2012 23:31:19,Infos,Antiphishing-Definitionsversion 20121115.012 wurde heruntergeladen,Erkannt,Keine Aktion erforderlich 16.11.2012 13:03:36,Infos,Verwende Antiphishing-Definitionsversion 20121116.007,Erkannt,Keine Aktion erforderlich 16.11.2012 13:03:40,Infos,Antiphishing-Definitionsversion 20121116.007 wurde heruntergeladen,Erkannt,Keine Aktion erforderlich 16.11.2012 16:58:32,Infos,Verwende Antiphishing-Definitionsversion 20121116.008,Erkannt,Keine Aktion erforderlich 16.11.2012 16:58:37,Infos,Antiphishing-Definitionsversion 20121116.008 wurde heruntergeladen,Erkannt,Keine Aktion erforderlich 16.11.2012 23:59:40,Infos,Verwende Antiphishing-Definitionsversion 20121116.012,Erkannt,Keine Aktion erforderlich 16.11.2012 23:59:43,Infos,Antiphishing-Definitionsversion 20121116.012 wurde heruntergeladen,Erkannt,Keine Aktion erforderlich Kategorie:Norton-Produktmanipulationsschutz Datum/Uhrzeit,Risiko,Aktivität,Status,Empfohlene Aktion,Datum,Quelle,Quell-PID,Ziel,Ziel-PID,Aktion,Reaktion,Terminalsitzung 15.11.2012 16:30:28,Mittel,Nicht autorisierter Zugriff blockiert (Zugriff auf Prozessdaten),Blockiert,Keine Aktion erforderlich,15.11.2012 16:30:28,C:\USERS\***\APPDATA\LOCAL\TEMP\MSI1A0F.TMP,2988,C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccsvchst.exe,3640,Zugriff auf Prozessdaten,Nicht autorisierter Zugriff blockiert,1 15.11.2012 16:30:37,Mittel,Nicht autorisierter Zugriff blockiert (Zugriff auf Prozessdaten),Blockiert,Keine Aktion erforderlich,15.11.2012 16:30:37,C:\USERS\***\APPDATA\LOCAL\TEMP\MSI1A0F.TMP,2988,C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccsvchst.exe,3640,Zugriff auf Prozessdaten,Nicht autorisierter Zugriff blockiert,1 15.11.2012 17:12:54,Mittel,Nicht autorisierter Zugriff blockiert (Zugriff auf Prozessdaten),Blockiert,Keine Aktion erforderlich,15.11.2012 17:12:54,C:\PROGRAM FILES (X86)\MALWAREBYTES' ANTI-MALWARE\MBAM.EXE,6980,C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccsvchst.exe,1684,Zugriff auf Prozessdaten,Nicht autorisierter Zugriff blockiert,1 15.11.2012 19:54:52,Mittel,Nicht autorisierter Zugriff blockiert (Zugriff auf Prozessdaten),Blockiert,Keine Aktion erforderlich,15.11.2012 19:54:52,C:\WINDOWS\INSTALLER\MSI3D20.TMP,6584,C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccsvchst.exe,3640,Zugriff auf Prozessdaten,Nicht autorisierter Zugriff blockiert,1 15.11.2012 19:56:36,Mittel,Nicht autorisierter Zugriff blockiert (Zugriff auf Prozessdaten),Blockiert,Keine Aktion erforderlich,15.11.2012 19:56:36,C:\WINDOWS\INSTALLER\MSID744.TMP,2896,C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccsvchst.exe,3640,Zugriff auf Prozessdaten,Nicht autorisierter Zugriff blockiert,1 15.11.2012 19:59:25,Mittel,Nicht autorisierter Zugriff blockiert (Zugriff auf Prozessdaten),Blockiert,Keine Aktion erforderlich,15.11.2012 19:59:25,C:\WINDOWS\INSTALLER\MSI6AF1.TMP,6004,C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccsvchst.exe,3640,Zugriff auf Prozessdaten,Nicht autorisierter Zugriff blockiert,1 15.11.2012 20:01:59,Mittel,Nicht autorisierter Zugriff blockiert (Zugriff auf Prozessdaten),Blockiert,Keine Aktion erforderlich,15.11.2012 20:01:59,C:\WINDOWS\INSTALLER\MSIC229.TMP,6920,C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccsvchst.exe,3640,Zugriff auf Prozessdaten,Nicht autorisierter Zugriff blockiert,1 15.11.2012 20:07:25,Mittel,Nicht autorisierter Zugriff blockiert (Zugriff auf Prozessdaten),Blockiert,Keine Aktion erforderlich,15.11.2012 20:07:25,C:\WINDOWS\INSTALLER\MSIBB3D.TMP,2808,C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccsvchst.exe,3640,Zugriff auf Prozessdaten,Nicht autorisierter Zugriff blockiert,1 15.11.2012 20:13:04,Mittel,Nicht autorisierter Zugriff blockiert (Zugriff auf Prozessdaten),Blockiert,Keine Aktion erforderlich,15.11.2012 20:13:04,C:\WINDOWS\INSTALLER\MSIE555.TMP,6640,C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccsvchst.exe,3640,Zugriff auf Prozessdaten,Nicht autorisierter Zugriff blockiert,1 15.11.2012 21:07:38,Mittel,Nicht autorisierter Zugriff blockiert (Zugriff auf Prozessdaten),Blockiert,Keine Aktion erforderlich,15.11.2012 21:07:38,C:\WINDOWS\SYSTEM32\CONHOST.EXE,3600,C:\Program Files (x86)\Norton 360\Engine64\6.4.0.9\buvss.exe,7048,Zugriff auf Prozessdaten,Nicht autorisierter Zugriff blockiert, 15.11.2012 21:12:17,Mittel,Nicht autorisierter Zugriff blockiert (Zugriff auf Prozessdaten),Blockiert,Keine Aktion erforderlich,15.11.2012 21:12:17,C:\PROGRAM FILES (X86)\MALWAREBYTES' ANTI-MALWARE\MBAM.EXE,5968,C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccsvchst.exe,1684,Zugriff auf Prozessdaten,Nicht autorisierter Zugriff blockiert,1 15.11.2012 22:04:09,Mittel,Nicht autorisierter Zugriff blockiert (Registrierungssicherheitsschlüssel einrichten),Blockiert,Keine Aktion erforderlich,15.11.2012 22:04:09,C:\WINDOWS\SYSTEM32\SVCHOST.EXE,724,HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHDRVX64\0000\Control\,0,Registrierungssicherheitsschlüssel einrichten,Nicht autorisierter Zugriff blockiert, 15.11.2012 23:02:22,Mittel,Nicht autorisierter Zugriff blockiert (Zugriff auf Prozessdaten),Blockiert,Keine Aktion erforderlich,15.11.2012 23:02:22,C:\PROGRAM FILES (X86)\MALWAREBYTES' ANTI-MALWARE\MBAM.EXE,5720,C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccsvchst.exe,1612,Zugriff auf Prozessdaten,Nicht autorisierter Zugriff blockiert,1 15.11.2012 23:03:14,Mittel,Nicht autorisierter Zugriff blockiert (Zugriff auf Prozessdaten),Blockiert,Keine Aktion erforderlich,15.11.2012 23:03:14,C:\WINDOWS\SYSTEM32\CONHOST.EXE,3724,C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\cltlmh.exe,5004,Zugriff auf Prozessdaten,Nicht autorisierter Zugriff blockiert, 15.11.2012 23:03:26,Mittel,Nicht autorisierter Zugriff blockiert (Zugriff auf Prozessdaten),Blockiert,Keine Aktion erforderlich,15.11.2012 23:03:26,C:\PROGRAM FILES (X86)\MALWAREBYTES' ANTI-MALWARE\MBAM.EXE,5720,C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccsvchst.exe,1612,Zugriff auf Prozessdaten,Nicht autorisierter Zugriff blockiert,1 16.11.2012 12:47:21,Mittel,Nicht autorisierter Zugriff blockiert (Zugriff auf Prozessdaten),Blockiert,Keine Aktion erforderlich,16.11.2012 12:47:21,C:\WINDOWS\SYSTEM32\CONHOST.EXE,6120,C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\cltlmh.exe,824,Zugriff auf Prozessdaten,Nicht autorisierter Zugriff blockiert, 16.11.2012 12:48:14,Mittel,Nicht autorisierter Zugriff blockiert (Zugriff auf Prozessdaten),Blockiert,Keine Aktion erforderlich,16.11.2012 12:48:14,C:\WINDOWS\SYSTEM32\MRT.EXE,1144,C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccsvchst.exe,1776,Zugriff auf Prozessdaten,Nicht autorisierter Zugriff blockiert, 16.11.2012 12:48:33,Mittel,Nicht autorisierter Zugriff blockiert (Zugriff auf Prozessdaten),Blockiert,Keine Aktion erforderlich,16.11.2012 12:48:33,C:\WINDOWS\SYSTEM32\MRT.EXE,1144,C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccsvchst.exe,1776,Zugriff auf Prozessdaten,Nicht autorisierter Zugriff blockiert, 16.11.2012 12:48:39,Mittel,Nicht autorisierter Zugriff blockiert (Zugriff auf Prozessdaten),Blockiert,Keine Aktion erforderlich,16.11.2012 12:48:39,C:\WINDOWS\SYSTEM32\MRT.EXE,1144,C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccsvchst.exe,3532,Zugriff auf Prozessdaten,Nicht autorisierter Zugriff blockiert, 16.11.2012 12:55:17,Mittel,Nicht autorisierter Zugriff blockiert (Zugriff auf Prozessdaten),Blockiert,Keine Aktion erforderlich,16.11.2012 12:55:17,C:\WINDOWS\SYSTEM32\MSIEXEC.EXE,4244,C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccsvchst.exe,1776,Zugriff auf Prozessdaten,Nicht autorisierter Zugriff blockiert, 16.11.2012 12:55:18,Mittel,Nicht autorisierter Zugriff blockiert (Zugriff auf Prozessdaten),Blockiert,Keine Aktion erforderlich,16.11.2012 12:55:18,C:\WINDOWS\SYSTEM32\MSIEXEC.EXE,4244,C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccsvchst.exe,1776,Zugriff auf Prozessdaten,Nicht autorisierter Zugriff blockiert, 16.11.2012 13:02:09,Mittel,Nicht autorisierter Zugriff blockiert (Zugriff auf Prozessdaten),Blockiert,Keine Aktion erforderlich,16.11.2012 13:02:09,C:\WINDOWS\SYSTEM32\MSIEXEC.EXE,4244,C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccsvchst.exe,1776,Zugriff auf Prozessdaten,Nicht autorisierter Zugriff blockiert, 16.11.2012 13:02:11,Mittel,Nicht autorisierter Zugriff blockiert (Zugriff auf Prozessdaten),Blockiert,Keine Aktion erforderlich,16.11.2012 13:02:11,C:\WINDOWS\SYSTEM32\MSIEXEC.EXE,4244,C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccsvchst.exe,3532,Zugriff auf Prozessdaten,Nicht autorisierter Zugriff blockiert, 16.11.2012 13:12:02,Mittel,Nicht autorisierter Zugriff blockiert (Zugriff auf Prozessdaten),Blockiert,Keine Aktion erforderlich,16.11.2012 13:12:02,C:\PROGRAM FILES (X86)\MALWAREBYTES' ANTI-MALWARE\MBAM.EXE,920,C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccsvchst.exe,1776,Zugriff auf Prozessdaten,Nicht autorisierter Zugriff blockiert,1 16.11.2012 14:05:20,Mittel,Nicht autorisierter Zugriff blockiert (Zugriff auf Prozessdaten),Blockiert,Keine Aktion erforderlich,16.11.2012 14:05:20,C:\PROGRAM FILES (X86)\MALWAREBYTES' ANTI-MALWARE\MBAM.EXE,2832,C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccsvchst.exe,1776,Zugriff auf Prozessdaten,Nicht autorisierter Zugriff blockiert,1 16.11.2012 16:44:56,Mittel,Nicht autorisierter Zugriff blockiert (Zugriff auf Prozessdaten),Blockiert,Keine Aktion erforderlich,16.11.2012 16:44:56,C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\A2SERVICE.EXE,5640,C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccsvchst.exe,1776,Zugriff auf Prozessdaten,Nicht autorisierter Zugriff blockiert, 16.11.2012 18:46:23,Mittel,Nicht autorisierter Zugriff blockiert (Zugriff auf Prozessdaten),Blockiert,Keine Aktion erforderlich,16.11.2012 18:46:23,C:\PROGRAM FILES (X86)\MALWAREBYTES' ANTI-MALWARE\MBAM.EXE,5408,C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccsvchst.exe,1776,Zugriff auf Prozessdaten,Nicht autorisierter Zugriff blockiert,1 17.11.2012 00:49:14,Mittel,Nicht autorisierter Zugriff blockiert (Registrierungssicherheitsschlüssel einrichten),Blockiert,Keine Aktion erforderlich,17.11.2012 00:49:14,C:\WINDOWS\SYSTEM32\SVCHOST.EXE,716,HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ROOT\LEGACY_BHDRVX64\0000\Control\,0,Registrierungssicherheitsschlüssel einrichten,Nicht autorisierter Zugriff blockiert, Kategorie:Leistungswarnmeldung Datum/Uhrzeit,Risiko,Aktivität,Status,Empfohlene Aktion 15.11.2012 18:04:21,Infos,Hohe CPU-Auslastung durch: otl.exe ,Erkannt,Keine Aktion erforderlich 15.11.2012 19:56:21,Infos,Hohe Auf Datenträger schreiben-Auslastung durch: Hostprozess für Windows-Dienste ,Erkannt,Keine Aktion erforderlich 16.11.2012 17:03:42,Infos,Hohe Von Datenträger lesen-Auslastung durch: Emsisoft Anti-Malware Service ,Erkannt,Keine Aktion erforderlich 16.11.2012 23:19:27,Infos,Hohe CPU-Auslastung durch: Firefox ,Erkannt,Keine Aktion erforderlich 16.11.2012 23:25:26,Infos,Hohe CPU-Auslastung durch: League of Legends (TM) Client ,Erkannt,Keine Aktion erforderlich 16.11.2012 23:43:27,Infos,Hohe CPU-Auslastung durch: League of Legends (TM) Client ,Erkannt,Keine Aktion erforderlich 17.11.2012 00:44:26,Infos,Hohe CPU-Auslastung durch: League of Legends (TM) Client ,Erkannt,Keine Aktion erforderlich 17.11.2012 01:54:26,Infos,Hohe CPU-Auslastung durch: League of Legends (TM) Client ,Erkannt,Keine Aktion erforderlich Kategorie:Backup Datum/Uhrzeit,Risiko,Aktivität,Status,Empfohlene Aktion,Aktion,Status,Speicherort,Medientyp,Ergebnis,Gesichert 12.11.2012 21:09:10,Infos,Backup abgeschlossen auf C:,Abgebrochen,Kein(e),Backup,Abgebrochen,C:,Interne Festplatte,Abgebrochen,"C:\Users\***\AppData\Local\Akamai\readme.txt, C:\Users\***\AppData\Local\AMD\Fuel\ClientProxyLog_1.txt, C:\Users\***\AppData\Local\AMD\Fuel\ClientProxyLog_2.txt, C:\Users\***\AppData\Local\AMD\Fuel\ClientProxyLog_3.txt, C:\Users\***\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\background.html, C:\Users\***s\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\images\48_Norton_Ext_Icon.png, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\images\SafeBrowse\sb_nortoncertified.png, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\images\SafeBrowse\sb_safeAnnotation.png, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\images\SafeBrowse\sb_safeshopAnnotation.png, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\images\SafeBrowse\sb_unknownAnnotation.png, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\images\SafeBrowse\sb_unsafeAnnotation.png, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\images\SafeBrowse\sb_unsafeshopAnnotation.png, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\images\SafeBrowse\sb_unsafeshoppagebadAnnotation.png, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\images\SafeBrowse\sb_webnuisanceAnnotation.png, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\images\StatusButton\coBA_dangerous.png, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\images\StatusButton\coBA_Safe.png, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\images\StatusButton\coBA_suspicious.png, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\images\StatusButton\coBA_unknown.png, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\RedirectPages\blocked-norton-logo.png, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\RedirectPages\blocked-redx.png, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\RedirectPages\blocked_btn_click.png, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\RedirectPages\blocked_btn_default.png, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\RedirectPages\blocked_btn_hover.png, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\RedirectPages\BrowserBadRedirect.html, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\RedirectPages\KnownBadRedirect.html, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\RedirectPages\PageBadRedirect.html, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\RedirectPages\SuspiciousRedirect.html, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\rfastspu.default\urlclassifierkey3.txt, C:\Users\***\AppData\Roaming\Nero\Nero 10\Nero BackItUp\Cache\BIU66EC.txt, C:\Users\***\AppData\Roaming\Nero\Nero 10\Nero BackItUp\Cache\BIU8094.txt, C:\Users\***\AppData\Roaming\Nero\Nero 10\Nero BackItUp\Cache\NeroBackItUp.txt, C:\Users\***\Desktop\Injektiv etc\Dat dmh.png" 12.11.2012 22:27:34,Infos,Backup abgeschlossen auf C:,Abgebrochen,Kein(e),Backup,Abgebrochen,C:,Interne Festplatte,Abgebrochen, 13.11.2012 17:53:56,Infos,Backup abgeschlossen auf C:,Erfolgreich,Kein(e),Backup,Erfolgreich,C:,Interne Festplatte,,"C:\Users\***\AppData\Local\Akamai\readme.txt, C:\Users\***\AppData\Local\AMD\Fuel\ClientProxyLog_1.txt, C:\Users\***\AppData\Local\AMD\Fuel\ClientProxyLog_2.txt, C:\Users\***\AppData\Local\AMD\Fuel\ClientProxyLog_3.txt, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\rfastspu.default\urlclassifierkey3.txt, C:\Users\***\AppData\Roaming\Nero\Nero 10\Nero BackItUp\Cache\BIU2818.txt, C:\Users\***\Documents\Rap\Grobes Gerüst.rtf, C:\USERS\***\APPDATA\LOCAL\AMD\FUEL\CLIENTPROXYLOG.TXT, C:\USERS\***\APPDATA\ROAMING\NERO\NERO 10\NERO BACKITUP\CACHE\BIUD2C8.TXT, C:\USERS\***\APPDATA\ROAMING\NERO\NERO 10\NERO BACKITUP\CACHE\PROGRESSBARINFORMATION.TXT" 14.11.2012 21:22:19,Infos,Backup abgeschlossen auf C:,Erfolgreich,Kein(e),Backup,Erfolgreich,C:,Interne Festplatte,,"C:\Users\***\AppData\Local\Akamai\readme.txt, C:\Users\***\AppData\Local\AMD\Fuel\ClientProxyLog_1.txt, C:\Users\***\AppData\Local\AMD\Fuel\ClientProxyLog_2.txt, C:\Users\***\AppData\Local\AMD\Fuel\ClientProxyLog_3.txt, C:\Users\***\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\rfastspu.default\urlclassifierkey3.txt, C:\Users\***\Documents\Hawk Diss.rtf, C:\Users\***\Documents\Rap\Front Nice Dee.rtf, C:\Users\***\Documents\Rap\Grobes Gerüst.rtf, C:\Users\***\Documents\Rap\Konter.rtf, C:\Users\***\Documents\Rap\Reime 1231.rtf, C:\USERS\***\APPDATA\LOCAL\AMD\FUEL\CLIENTPROXYLOG.TXT, C:\USERS\***\APPDATA\ROAMING\NERO\NERO 10\NERO BACKITUP\CACHE\BIUEAFA.TXT" 15.11.2012 20:13:28,Infos,Backup abgeschlossen auf C:,Abgebrochen,Kein(e),Backup,Abgebrochen,C:,Interne Festplatte,Abgebrochen, 15.11.2012 21:08:17,Infos,Backup abgeschlossen auf C:,Erfolgreich,Kein(e),Backup,Erfolgreich,C:,Interne Festplatte,,"C:\Users\***\4tune_-_Battlepaket_Teil_1\4tune - Battlepaket Teil 1\01 4tune vs. ChanZe (Bar4Bar.com Runde 1).mp3, C:\Users\***\4tune_-_Battlepaket_Teil_1\4tune - Battlepaket Teil 1\02 4tune vs. T-ser (Bar4Bar.com Runde 2) produced by Dollar John.mp3, C:\Users\***\4tune_-_Battlepaket_Teil_1\4tune - Battlepaket Teil 1\03 4tune - vs. Freak-a-Zoidz (Bar4Bar.com Runde 3).mp3, C:\Users\***\4tune_-_Battlepaket_Teil_1\4tune - Battlepaket Teil 1\04 4tune vs. Soar (Bar4Bar.com Runde 4).mp3, C:\Users\***\4tune_-_Battlepaket_Teil_1\4tune - Battlepaket Teil 1\05 4tune vs. WWR - HR (Mzee Audio Battle Tunier 2011).mp3, C:\Users\***\4tune_-_Battlepaket_Teil_1\4tune - Battlepaket Teil 1\06 4tune vs. WWR - RR (Mzee Audio Battle Tunier 2011).mp3, C:\Users\***\4tune_-_Battlepaket_Teil_1\4tune - Battlepaket Teil 1\07 4tune vs. KingROV - HR (Mzee Audio Battle Tunier 2011).mp3, C:\Users\***\4tune_-_Battlepaket_Teil_1\4tune - Battlepaket Teil 1\08 4tune vs. TZD - HR (Mzee Audio Battle Tunier 2011).mp3, C:\Users\***\4tune_-_Battlepaket_Teil_1\4tune - Battlepaket Teil 1\09 4tune aka MCHeiser vs. TZD - RR (Mzee Audio Battle Tunier 2011).mp3, C:\Users\***\4tune_-_Battlepaket_Teil_1\4tune - Battlepaket Teil 1\10 4tune vs. Battleboi Basti - Finale HR (Mzee Audio Battle Tunier 2011).mp3, C:\Users\***\4tune_-_Battlepaket_Teil_1\4tune - Battlepaket Teil 1\11 4tune vs. Battleboi Basti - Finale RR (Mzee Audio Battle Tunier 2011).mp3, C:\Users\***\4tune_-_Battlepaket_Teil_1\4tune - Battlepaket Teil 1\12 4tune - Juliensblogbattle 2012 Qualifikation.mp3, C:\Users\***\4tune_-_Battlepaket_Teil_1\4tune - Battlepaket Teil 1\13 4tune - VBT 2012 (Splash) Qualifikation (produced by Dollar John).mp3, C:\Users\***\4tune_-_Battlepaket_Teil_1\4tune - Battlepaket Teil 1\14 4tune vs. Solanior - Vorrunde 1 (VBT 2012).mp3, C:\Users\***\4tune_-_Battlepaket_Teil_1\4tune - Battlepaket Teil 1\15 4tune aka Terence Skillz vs. JaymiL Round1 (RBA 2007).mp3, C:\Users\***\4tune_-_Battlepaket_Teil_1\4tune - Battlepaket Teil 1\16 4tune aka Terence Skillz vs. JaymiL Round2 (RBA 2007).mp3, C:\Users\***\4tune_-_Battlepaket_Teil_1\4tune - Battlepaket Teil 1\17 4tune aka Terence Skillz vs. JaymiL Round3 (RBA 2007).mp3, C:\Users\***\4tune_-_Battlepaket_Teil_1\4tune - Battlepaket Teil 1\18 Dollar John - VBT 2012 Qualifikation.mp3, C:\Users\***\4tune_-_Battlepaket_Teil_1\4tune - Battlepaket Teil 1\19 Dollar John vs. Kauderwelsch - Vorrunde 1 (VBT 2012).mp3, C:\Users\***\4tune_-_Battlepaket_Teil_1\4tune - Battlepaket Teil 1\20 Happy Beckmann - VBT Qualifikation 2012.mp3, C:\Users\***\4tune_-_Battlepaket_Teil_1\4tune - Battlepaket Teil 1\21 Happy Beckmann vs. TripleFight - Vorrunde 1 (VBT 2012).mp3, C:\Users\***\4tune_-_Battlepaket_Teil_1\4tune - Battlepaket Teil 1\22 Reimebude - Müllsik Snippet.mp3, C:\Users\***\4tune_-_Battlepaket_Teil_1\4tune - Battlepaket Teil 1\Cover.jpg, C:\Users\***\4tune_-_Battlepaket_Teil_1\4tune - Battlepaket Teil 1\lies mal du juliensohn.txt, C:\Users\***\AppData\Local\Akamai\readme.txt, C:\Users\***\AppData\Local\AMD\Fuel\ClientProxyLog_1.txt, C:\Users\***\AppData\Local\AMD\Fuel\ClientProxyLog_2.txt, C:\Users\***\AppData\Local\AMD\Fuel\ClientProxyLog_3.txt, C:\Users\***\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2012-11-15 (17-12-51).txt, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\rfastspu.default\urlclassifierkey3.txt, C:\Users\***\Desktop\Info\Info I Blatt 2.pdf, C:\Users\***\Desktop\Info\skript.pdf, C:\Users\***\Desktop\Mathe 1\Ana digga.rtf, C:\Users\***\Desktop\Mathe 1\AnalysisI1213.pdf, C:\Users\***\Desktop\Mathe 1\AnalysisI121312.pdf, C:\Users\***\Desktop\Mathe 1\analysis_blatt01.pdf, C:\Users\***\Desktop\Mathe 1\analysis_blatt02.pdf, C:\Users\***\Desktop\Mathe 1\analysis_blatt03.pdf, C:\Users\***\Desktop\Mathe 1\blatt04.pdf, C:\Users\***\Desktop\Mathe 1\Info.pdf, C:\Users\***\Desktop\Mathe 1\Injektiv etc\blatt00.pdf, C:\Users\***\Desktop\Mathe 1\Injektiv etc\blatt01.pdf, C:\Users\***\Desktop\Mathe 1\Injektiv etc\Dat dmh.png, C:\Users\***\Desktop\Mathe 1\Injektiv etc\Dokument.rtf, C:\Users\***\Desktop\Mathe 1\Injektiv etc\Gute Mathe-Seite.rtf, C:\Users\***\Desktop\Mathe 1\Injektiv etc\i1.pdf, C:\Users\***\Desktop\Mathe 1\Injektiv etc\Info 1 Übungsblatt.rtf, C:\Users\***\Desktop\Mathe 1\Injektiv etc\Injektiv 2.png, C:\Users\***\Desktop\Mathe 1\Injektiv etc\Injektiv etc..png, C:\Users\***\Desktop\Mathe 1\Injektiv etc\Parabel blabla.png, C:\Users\***\Desktop\Mathe 1\Injektiv etc\Plan.rtf, C:\Users\***\Desktop\Mathe 1\Injektiv etc\Symbole.rtf, C:\Users\***\Desktop\Mathe 1\Injektiv etc\Übung Aufgaben (Lin.Alg.1).rtf, C:\Users\***\Desktop\Mathe 1\Injektiv etc\Übung Info.rtf, C:\Users\***\Desktop\Mathe 1\Naga Fix.rtf, C:\Users\***\Desktop\Mathe 1\skript3.pdf, C:\Users\***\Desktop\Mathe 2\AnalysisI1213.pdf, C:\Users\***\Desktop\Mathe 2\Ayeah.rtf, C:\Users\***\Desktop\Mathe 2\blatt02.pdf, C:\Users\***\Desktop\Mathe 2\blatt03.pdf, C:\Users\***\Desktop\Mathe 2\deckblattalgebra.pdf, C:\Users\***\Desktop\Mathe 2\HA Lin. 2.rtf, C:\Users\***\Desktop\Mathe 2\Lineare Algebra 2.pdf, C:\Users\***\Desktop\Mathe 2\LoL yeah.png, C:\Users\***\Desktop\Mathe 2\ox-lolmap_large.jpg, C:\Users\***\Desktop\Mathe 2\udyr.png, C:\Users\***\Documents\Double half face.png, C:\Users\***\Documents\Rap\Grobes Gerüst.rtf, C:\Users\***\Documents\Rap\Konter.rtf, C:\Users\***\Downloads\Extras.Txt, C:\Users\***\Downloads\OTL.Txt, C:\Users\***\Text Raptext.rtf, C:\USERS\***\APPDATA\LOCAL\AMD\FUEL\CLIENTPROXYLOG.TXT, C:\USERS\***\APPDATA\ROAMING\NERO\NERO 10\NERO BACKITUP\CACHE\BIU470D.TXT" Kategorie:Norton Community Watch Datum/Uhrzeit,Risiko,Aktivität,Status,Empfohlene Aktion,Aktualisierungsdatum,Detailstatus,Übertragen von,Beschreibung,Übertragungsdetails 15.11.2012 10:04:06,Infos,Norton Community Watch-Feedback,Warten,Keine Aktion erforderlich,15.11.2012 15:24:05,Ihr Element konnte momentan nicht an Symantec gesendet werden. Ein weiterer Versuch erfolgt in Kürze.,Norton 360 Online,Norton Community Watch-Feedback,"Signature ID: DLLMM <br>Signature Set Version: 20121114.001 <br>Application Name: \Program Files (x86)\Mozilla Firefox\mozjs.dll <br>Date Detected: Thu, 15 Nov 2012 09:04:06 GMT <br>Application File Checksum: CC726292A4FDEC2857688CA3C32A510D <br>Flags: 0x00000000 <br> <br>OS-Country:49 <br>OS-Language:German <br>Processor:AMD64 Family 16 Model 6 Stepping 3 <br>System:Windows 7 build 7601 Service Pack 1 <br>Platform-GUID:37994671-827C-4E63-9D6E-045340E9CB61 <br>DateSubmitted:Thu, 15 Nov 2012 14:24:03 GMT <br>Product:Norton 360 6.4.0.9" 10.11.2012 13:01:19,Infos,Norton Community Watch-Feedback,Gesendet,Keine Aktion erforderlich,11.11.2012 13:30:34,,Norton 360 Online,Norton Community Watch-Feedback,URL Reputation Message 13.11.2012 16:10:41,Infos,Norton Community Watch-Feedback,Warten,Keine Aktion erforderlich,13.11.2012 16:11:13,Ihr Element konnte momentan nicht an Symantec gesendet werden. Ein weiterer Versuch erfolgt in Kürze.,Norton 360 Online,Norton Community Watch-Feedback,"Signature ID: DLLMM <br>Signature Set Version: 20121110.005 <br>Application Name: \Program Files (x86)\Mozilla Firefox\xul.dll <br>Date Detected: Tue, 13 Nov 2012 15:10:40 GMT <br>Application File Checksum: 819FA5F084B3174CF702320CE58AA7E6 <br>Application File Information: 16.0.2.4680 <br>Flags: 0x00000000 <br> <br>OS-Country:49 <br>OS-Language:German <br>Processor:AMD64 Family 16 Model 6 Stepping 3 <br>System:Windows 7 build 7601 Service Pack 1 <br>Platform-GUID:37994671-827C-4E63-9D6E-045340E9CB61 <br>DateSubmitted:Tue, 13 Nov 2012 15:11:09 GMT <br>Product:Norton 360 6.4.0.9" 15.11.2012 10:04:06,Infos,Statistische IPS-Übermittlung,Gesendet,Keine Aktion erforderlich,15.11.2012 20:59:07,,Norton 360 Online,Statistische IPS-Übermittlung,"Signature ID: DLLMM <br>Signature Set Version: 20121114.001 <br>Application Name: \Program Files (x86)\Mozilla Firefox\mozjs.dll <br>Date Detected: Thu, 15 Nov 2012 09:04:06 GMT <br>Application File Checksum: 3EEB04E502BA582CDCEC4270DEA93052 <br>Flags: 0x00000000 <br> <br>OS-Country:49 <br>OS-Language:German <br>Processor:AMD64 Family 16 Model 6 Stepping 3 <br>System:Windows 7 build 7601 Service Pack 1 <br>Platform-GUID:37994671-827C-4E63-9D6E-045340E9CB61 <br>DateSubmitted:Thu, 15 Nov 2012 19:58:59 GMT <br>Product:Norton 360 6.4.0.9" 12.11.2012 17:34:55,Infos,Norton Community Watch-Feedback,Warten,Keine Aktion erforderlich,12.11.2012 21:07:49,Ihr Element konnte momentan nicht an Symantec gesendet werden. Ein weiterer Versuch erfolgt in Kürze.,Norton 360 Online,Norton Community Watch-Feedback,URL Reputation Message 13.11.2012 16:10:41,Infos,Statistische IPS-Übermittlung,Warten,Keine Aktion erforderlich,13.11.2012 16:11:34,Ihr Element konnte momentan nicht an Symantec gesendet werden. Ein weiterer Versuch erfolgt in Kürze.,Norton 360 Online,Statistische IPS-Übermittlung,"Signature ID: DLLMM <br>Signature Set Version: 20121110.005 <br>Application Name: \Program Files (x86)\Mozilla Firefox\mozjs.dll <br>Date Detected: Tue, 13 Nov 2012 15:10:41 GMT <br>Application File Checksum: 3EEB04E502BA582CDCEC4270DEA93052 <br>Flags: 0x00000000 <br> <br>OS-Country:49 <br>OS-Language:German <br>Processor:AMD64 Family 16 Model 6 Stepping 3 <br>System:Windows 7 build 7601 Service Pack 1 <br>Platform-GUID:37994671-827C-4E63-9D6E-045340E9CB61 <br>DateSubmitted:Tue, 13 Nov 2012 15:11:13 GMT <br>Product:Norton 360 6.4.0.9" 14.11.2012 15:34:11,Infos,Statistische IPS-Übermittlung,Gesendet,Keine Aktion erforderlich,14.11.2012 16:43:36,,Norton 360 Online,Statistische IPS-Übermittlung,"Signature ID: DLLMM <br>Signature Set Version: 20121113.006 <br>Application Name: \Program Files (x86)\Mozilla Firefox\xul.dll <br>Date Detected: Wed, 14 Nov 2012 14:34:11 GMT <br>Application File Checksum: 8CD185DE199848A58F0A1A1D189C84F6 <br>Application File Information: 16.0.2.4680 <br>Flags: 0x00000000 <br> <br>OS-Country:49 <br>OS-Language:German <br>Processor:AMD64 Family 16 Model 6 Stepping 3 <br>System:Windows 7 build 7601 Service Pack 1 <br>Platform-GUID:37994671-827C-4E63-9D6E-045340E9CB61 <br>DateSubmitted:Wed, 14 Nov 2012 15:43:32 GMT <br>Product:Norton 360 6.4.0.9" 16.11.2012 13:03:44,Infos,Statistische IPS-Übermittlung,Gesendet,Keine Aktion erforderlich,16.11.2012 15:01:49,,Norton 360 Online,Statistische IPS-Übermittlung,"Signature ID: DLLMM <br>Signature Set Version: 20121115.001 <br>Application Name: \Program Files (x86)\Mozilla Firefox\mozjs.dll <br>Date Detected: Fri, 16 Nov 2012 12:03:44 GMT <br>Application File Checksum: 3EEB04E502BA582CDCEC4270DEA93052 <br>Flags: 0x00000000 <br> <br>OS-Country:49 <br>OS-Language:German <br>Processor:AMD64 Family 16 Model 6 Stepping 3 <br>System:Windows 7 build 7601 Service Pack 1 <br>Platform-GUID:37994671-827C-4E63-9D6E-045340E9CB61 <br>DateSubmitted:Fri, 16 Nov 2012 14:01:47 GMT <br>Product:Norton 360 6.4.0.9" 15.11.2012 10:04:06,Infos,Norton Community Watch-Feedback,Warten,Keine Aktion erforderlich,15.11.2012 20:59:11,Ihr Element konnte momentan nicht an Symantec gesendet werden. Ein weiterer Versuch erfolgt in Kürze.,Norton 360 Online,Norton Community Watch-Feedback,"Signature ID: DLLMM <br>Signature Set Version: 20121114.001 <br>Application Name: \Program Files (x86)\Mozilla Firefox\xul.dll <br>Date Detected: Thu, 15 Nov 2012 09:04:06 GMT <br>Application File Checksum: 819FA5F084B3174CF702320CE58AA7E6 <br>Application File Information: 16.0.2.4680 <br>Flags: 0x00000000 <br> <br>OS-Country:49 <br>OS-Language:German <br>Processor:AMD64 Family 16 Model 6 Stepping 3 <br>System:Windows 7 build 7601 Service Pack 1 <br>Platform-GUID:37994671-827C-4E63-9D6E-045340E9CB61 <br>DateSubmitted:Thu, 15 Nov 2012 19:59:08 GMT <br>Product:Norton 360 6.4.0.9" 16.11.2012 13:03:44,Infos,Norton Community Watch-Feedback,Warten,Keine Aktion erforderlich,16.11.2012 15:01:47,Ihr Element konnte momentan nicht an Symantec gesendet werden. Ein weiterer Versuch erfolgt in Kürze.,Norton 360 Online,Norton Community Watch-Feedback,"Signature ID: DLLMM <br>Signature Set Version: 20121115.001 <br>Application Name: \Program Files (x86)\Mozilla Firefox\mozjs.dll <br>Date Detected: Fri, 16 Nov 2012 12:03:44 GMT <br>Application File Checksum: CC726292A4FDEC2857688CA3C32A510D <br>Flags: 0x00000000 <br> <br>OS-Country:49 <br>OS-Language:German <br>Processor:AMD64 Family 16 Model 6 Stepping 3 <br>System:Windows 7 build 7601 Service Pack 1 <br>Platform-GUID:37994671-827C-4E63-9D6E-045340E9CB61 <br>DateSubmitted:Fri, 16 Nov 2012 14:01:45 GMT <br>Product:Norton 360 6.4.0.9" 15.11.2012 23:03:14,Infos,Norton Community Watch-Feedback,Warten,Keine Aktion erforderlich,16.11.2012 00:00:11,Ihr Element konnte momentan nicht an Symantec gesendet werden. Ein weiterer Versuch erfolgt in Kürze.,Norton 360 Online,Norton Community Watch-Feedback,URL Reputation Message 15.11.2012 17:06:49,Infos,Statistische IPS-Erkennungsübermittlung,Warten,Keine Aktion erforderlich,15.11.2012 17:07:10,Ihr Element konnte momentan nicht an Symantec gesendet werden. Ein weiterer Versuch erfolgt in Kürze.,Norton 360 Online,Statistische IPS-Erkennungsübermittlung,"Signature ID: 23318 <br>Local or Remote Attacker: 1 <br>Remote Port: 54494 <br>Local Port: 80 <br>Protocol: 6 <br>Signature Set Version: 20121114.001 <br>Application Name: \DEVICE\HARDDISKVOLUME2\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE <br>Offending URL: dl.cdn.chip.de/downloads/3914817/mbam-setup-1.65.0.1400.exe?1352995319-1353002819-ecdfd2-B-16f5482d32bc5fd840f33ceb484d1e53.exe <br>Date Detected: Thu, 15 Nov 2012 16:06:48 GMT <br>Application File Checksum: E60E9D5F229CB8DA347D48ADD6E8DC47 <br>Application File Information: 16.0.2.4680 <br>Network Data: 434D50520014000078DAED8F4B6FD34010C7C7B4500928205A55E2C44BAAB8D8D9875F418A2A275EB0859B84B5235E8755ECB549A5A40D8A6938F035B8F311F8749CD904A72AF48638EE4F5AED8CE63FFF99E987BDE0BA61C00E006C01A808E09A7AABFFA67A071F007EEEA9CC7804DB2ADF867B100DD24C7493A0F72A89D38C85B0C278DAD4F7AFD4457798FCD63CFED3E34D1467ECB2C793A6FEA0A9C7895A8F8757850F1BE17D88422E7A837EC6FA994858FF6516FDF8F65D299E358A5D885331E483B7EFC428DDB4DF861BEABB037BC0D9EB1153A32216848C8BD55839B50A796A159393B9254B3076D7E2AF70F0B798B3178C333EA9EBF9F3566BB95C6E7A5AF26C793A3D1BCB45ABC0E222119385F858D6D5C9B414E758108F12E2DAC89AD4B3E951DDC1D421EDB6831CFFF0BC435D840E171D0F79635A11EA8F5DEC53D55120CFF72AE4E62529F202837177BD5DA88ED96C370C78709C1E357614B74D15528488AFC2B290952466D7C46EE5D83E9194E4855349DF4615A54599DBBE2D71E950ABFCA26EDF5ABB7F825B17EE231E5F3A8FB6B1ED63AF35CBC7337351D69FE726B65CC74216B6115A79FC8F3D8EDF8346A3D168341A8D46A3D168341A8DE6DFF8058FEA99BE <br>Sub-signature ID: 70646 <br>Remote Address: 80.239.178.139 <br> <br>OS-Country:49 <br>OS-Language:German <br>Processor:AMD64 Family 16 Model 6 Stepping 3 <br>System:Windows 7 build 7601 Service Pack 1 <br>Platform-GUID:37994671-827C-4E63-9D6E-045340E9CB61 <br>DateSubmitted:Thu, 15 Nov 2012 16:06:49 GMT <br>Product:Norton 360 6.4.0.9" 14.11.2012 15:34:12,Infos,Norton Community Watch-Feedback,Warten,Keine Aktion erforderlich,14.11.2012 16:43:40,Ihr Element konnte momentan nicht an Symantec gesendet werden. Ein weiterer Versuch erfolgt in Kürze.,Norton 360 Online,Norton Community Watch-Feedback,"Signature ID: DLLMM <br>Signature Set Version: 20121113.006 <br>Application Name: \Program Files (x86)\Mozilla Firefox\xul.dll <br>Date Detected: Wed, 14 Nov 2012 14:34:12 GMT <br>Application File Checksum: 819FA5F084B3174CF702320CE58AA7E6 <br>Application File Information: 16.0.2.4680 <br>Flags: 0x00000000 <br> <br>OS-Country:49 <br>OS-Language:German <br>Processor:AMD64 Family 16 Model 6 Stepping 3 <br>System:Windows 7 build 7601 Service Pack 1 <br>Platform-GUID:37994671-827C-4E63-9D6E-045340E9CB61 <br>DateSubmitted:Wed, 14 Nov 2012 15:43:37 GMT <br>Product:Norton 360 6.4.0.9" 16.11.2012 13:03:43,Infos,Statistische IPS-Übermittlung,Warten,Keine Aktion erforderlich,16.11.2012 15:01:41,Ihr Element konnte momentan nicht an Symantec gesendet werden. Ein weiterer Versuch erfolgt in Kürze.,Norton 360 Online,Statistische IPS-Übermittlung,"Signature ID: DLLMM <br>Signature Set Version: 20121115.001 <br>Application Name: \Program Files (x86)\Mozilla Firefox\xul.dll <br>Date Detected: Fri, 16 Nov 2012 12:03:43 GMT <br>Application File Checksum: 8CD185DE199848A58F0A1A1D189C84F6 <br>Application File Information: 16.0.2.4680 <br>Flags: 0x00000000 <br> <br>OS-Country:49 <br>OS-Language:German <br>Processor:AMD64 Family 16 Model 6 Stepping 3 <br>System:Windows 7 build 7601 Service Pack 1 <br>Platform-GUID:37994671-827C-4E63-9D6E-045340E9CB61 <br>DateSubmitted:Fri, 16 Nov 2012 14:01:19 GMT <br>Product:Norton 360 6.4.0.9" 14.11.2012 15:18:20,Infos,Norton Community Watch-Feedback,Gesendet,Keine Aktion erforderlich,14.11.2012 16:43:31,,Norton 360 Online,Norton Community Watch-Feedback,URL Reputation Message 14.11.2012 15:34:12,Infos,Statistische IPS-Übermittlung,Warten,Keine Aktion erforderlich,14.11.2012 16:44:01,Ihr Element konnte momentan nicht an Symantec gesendet werden. Ein weiterer Versuch erfolgt in Kürze.,Norton 360 Online,Statistische IPS-Übermittlung,"Signature ID: DLLMM <br>Signature Set Version: 20121113.006 <br>Application Name: \Program Files (x86)\Mozilla Firefox\mozjs.dll <br>Date Detected: Wed, 14 Nov 2012 14:34:12 GMT <br>Application File Checksum: 3EEB04E502BA582CDCEC4270DEA93052 <br>Flags: 0x00000000 <br> <br>OS-Country:49 <br>OS-Language:German <br>Processor:AMD64 Family 16 Model 6 Stepping 3 <br>System:Windows 7 build 7601 Service Pack 1 <br>Platform-GUID:37994671-827C-4E63-9D6E-045340E9CB61 <br>DateSubmitted:Wed, 14 Nov 2012 15:43:40 GMT <br>Product:Norton 360 6.4.0.9" 14.11.2012 15:34:12,Infos,Norton Community Watch-Feedback,Warten,Keine Aktion erforderlich,14.11.2012 16:44:03,Ihr Element konnte momentan nicht an Symantec gesendet werden. Ein weiterer Versuch erfolgt in Kürze.,Norton 360 Online,Norton Community Watch-Feedback,"Signature ID: DLLMM <br>Signature Set Version: 20121113.006 <br>Application Name: \Program Files (x86)\Mozilla Firefox\mozjs.dll <br>Date Detected: Wed, 14 Nov 2012 14:34:12 GMT <br>Application File Checksum: CC726292A4FDEC2857688CA3C32A510D <br>Flags: 0x00000000 <br> <br>OS-Country:49 <br>OS-Language:German <br>Processor:AMD64 Family 16 Model 6 Stepping 3 <br>System:Windows 7 build 7601 Service Pack 1 <br>Platform-GUID:37994671-827C-4E63-9D6E-045340E9CB61 <br>DateSubmitted:Wed, 14 Nov 2012 15:44:02 GMT <br>Product:Norton 360 6.4.0.9" 16.11.2012 13:03:44,Infos,Norton Community Watch-Feedback,Warten,Keine Aktion erforderlich,16.11.2012 15:01:45,Ihr Element konnte momentan nicht an Symantec gesendet werden. Ein weiterer Versuch erfolgt in Kürze.,Norton 360 Online,Norton Community Watch-Feedback,"Signature ID: DLLMM <br>Signature Set Version: 20121115.001 <br>Application Name: \Program Files (x86)\Mozilla Firefox\xul.dll <br>Date Detected: Fri, 16 Nov 2012 12:03:43 GMT <br>Application File Checksum: 819FA5F084B3174CF702320CE58AA7E6 <br>Application File Information: 16.0.2.4680 <br>Flags: 0x00000000 <br> <br>OS-Country:49 <br>OS-Language:German <br>Processor:AMD64 Family 16 Model 6 Stepping 3 <br>System:Windows 7 build 7601 Service Pack 1 <br>Platform-GUID:37994671-827C-4E63-9D6E-045340E9CB61 <br>DateSubmitted:Fri, 16 Nov 2012 14:01:41 GMT <br>Product:Norton 360 6.4.0.9" 13.11.2012 16:10:41,Infos,Norton Community Watch-Feedback,Warten,Keine Aktion erforderlich,13.11.2012 16:11:37,Ihr Element konnte momentan nicht an Symantec gesendet werden. Ein weiterer Versuch erfolgt in Kürze.,Norton 360 Online,Norton Community Watch-Feedback,"Signature ID: DLLMM <br>Signature Set Version: 20121110.005 <br>Application Name: \Program Files (x86)\Mozilla Firefox\mozjs.dll <br>Date Detected: Tue, 13 Nov 2012 15:10:41 GMT <br>Application File Checksum: CC726292A4FDEC2857688CA3C32A510D <br>Flags: 0x00000000 <br> <br>OS-Country:49 <br>OS-Language:German <br>Processor:AMD64 Family 16 Model 6 Stepping 3 <br>System:Windows 7 build 7601 Service Pack 1 <br>Platform-GUID:37994671-827C-4E63-9D6E-045340E9CB61 <br>DateSubmitted:Tue, 13 Nov 2012 15:11:35 GMT <br>Product:Norton 360 6.4.0.9" 15.11.2012 10:04:06,Infos,Statistische IPS-Übermittlung,Gesendet,Keine Aktion erforderlich,15.11.2012 20:58:58,,Norton 360 Online,Statistische IPS-Übermittlung,"Signature ID: DLLMM <br>Signature Set Version: 20121114.001 <br>Application Name: \Program Files (x86)\Mozilla Firefox\xul.dll <br>Date Detected: Thu, 15 Nov 2012 09:04:06 GMT <br>Application File Checksum: 8CD185DE199848A58F0A1A1D189C84F6 <br>Application File Information: 16.0.2.4680 <br>Flags: 0x00000000 <br> <br>OS-Country:49 <br>OS-Language:German <br>Processor:AMD64 Family 16 Model 6 Stepping 3 <br>System:Windows 7 build 7601 Service Pack 1 <br>Platform-GUID:37994671-827C-4E63-9D6E-045340E9CB61 <br>DateSubmitted:Thu, 15 Nov 2012 19:58:56 GMT <br>Product:Norton 360 6.4.0.9" 13.11.2012 16:10:40,Infos,Statistische IPS-Übermittlung,Warten,Keine Aktion erforderlich,13.11.2012 16:11:08,Ihr Element konnte momentan nicht an Symantec gesendet werden. Ein weiterer Versuch erfolgt in Kürze.,Norton 360 Online,Statistische IPS-Übermittlung,"Signature ID: DLLMM <br>Signature Set Version: 20121110.005 <br>Application Name: \Program Files (x86)\Mozilla Firefox\xul.dll <br>Date Detected: Tue, 13 Nov 2012 15:10:39 GMT <br>Application File Checksum: 8CD185DE199848A58F0A1A1D189C84F6 <br>Application File Information: 16.0.2.4680 <br>Flags: 0x00000000 <br> <br>OS-Country:49 <br>OS-Language:German <br>Processor:AMD64 Family 16 Model 6 Stepping 3 <br>System:Windows 7 build 7601 Service Pack 1 <br>Platform-GUID:37994671-827C-4E63-9D6E-045340E9CB61 <br>DateSubmitted:Tue, 13 Nov 2012 15:10:54 GMT <br>Product:Norton 360 6.4.0.9" 11.11.2012 16:45:26,Infos,Statistische IPS-Erkennungsübermittlung,Gesendet,Keine Aktion erforderlich,11.11.2012 16:45:41,,Norton 360 Online,Statistische IPS-Erkennungsübermittlung,"Signature ID: 23318 <br>Local or Remote Attacker: 1 <br>Remote Port: 3726 <br>Local Port: 80 <br>Protocol: 6 <br>Signature Set Version: 20121109.001 <br>Application Name: \DEVICE\HARDDISKVOLUME2\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE <br>Offending URL: dl.cdn.chip.de/downloads/5433087/chrome23_installer.exe?1352648422-1352655922-7383be-B-626472634fd05f91b1386aa2ec99d8ec.exe <br>Date Detected: Sun, 11 Nov 2012 15:45:26 GMT <br>Application File Checksum: E60E9D5F229CB8DA347D48ADD6E8DC47 <br>Application File Information: 16.0.2.4680 <br>Network Data: 434D50520014000078DAED8F4D6FD3401086C7B4508952A8685589135F52C52576BC6B7B6DA4A872E2051BDC24AC1DF175586D6C07477292AAB11A0EFC67FE029BE05485DE10C77DA4D5CE68DE7967A61FF4FCBB9A067B00B0032023803BF2ADFFFBF29D7C05F8792433ED19ECCA7C170E211C2429EFC67EEF7D1C25290D608DF6B2A91FDFAAF3EE30FEAD79FEA7C7C7304AE94D8F174DFD49538F62B91E0B6E0B9F36C2C710068CF706FD94F6531ED3FEDB343C7CB72F15AF1AC50144091FB2C1A7CF7C946CDB1FC03DF93D842360F4C388CA5121F503CAF87A6C5EE9593ED7B3727AA1E70568071BF10F38F95BCCE81BCA282BEBFAE2B561AC56AB6D8F912F56F36A21F2A59199FC3AE1E5927F2BEAC9B42AF895C931226DCF26442FEB597556774C6C23C7721D8F9C5E75B0D36E9F2E3BB61063815CCB3485855C3C2124B73C22848DC71E327304DAA3CD76813C66BBDDD067FE7972D6D85908B536A16D7B3224D8C5E3A2D56D39B2489083AD49DEB6279E3936B1EB08818ACCF372B7C8F4E2BBBC7D67E33E83FD6BF7118B6E9C675B18B75D6264E5E5625620CCA7F3652DAAAAB85CF7FF8F1DCEBF8042A15028140A8542A15028140A85E2DFF905D82F97D6 <br>Sub-signature ID: 70639 <br>Remote Address: 80.239.221.48 <br> <br>OS-Country:49 <br>OS-Language:German <br>Processor:AMD64 Family 16 Model 6 Stepping 3 <br>System:Windows 7 build 7601 Service Pack 1 <br>Platform-GUID:37994671-827C-4E63-9D6E-045340E9CB61 <br>DateSubmitted:Sun, 11 Nov 2012 15:45:27 GMT <br>Product:Norton 360 6.4.0.9" 16.11.2012 15:48:59,Infos,Statistische IPS-Erkennungsübermittlung,Warten,Keine Aktion erforderlich,16.11.2012 15:49:20,Ihr Element konnte momentan nicht an Symantec gesendet werden. Ein weiterer Versuch erfolgt in Kürze.,Norton 360 Online,Statistische IPS-Erkennungsübermittlung,"Signature ID: 23318 <br>Local or Remote Attacker: 1 <br>Remote Port: 4411 <br>Local Port: 80 <br>Protocol: 6 <br>Signature Set Version: 20121115.001 <br>Application Name: \DEVICE\HARDDISKVOLUME2\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE <br>Offending URL: general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner <br>Date Detected: Fri, 16 Nov 2012 14:48:59 GMT <br>Application File Checksum: E60E9D5F229CB8DA347D48ADD6E8DC47 <br>Application File Information: 16.0.2.4680 <br>Network Data: 434D50520014000078DAEDCEDD4FC2301000F09BE047A224261A12DEFC78F1A51B1035C43760352C4EC00EE2D7C35258D966C646B6E1FCF3ED701215FF84FB256DAFB9EB5DFB7AB7BDAD28B00B00250019016CC9959F7B72555FE5762C6FCA099465588643E80DAC91DD31DBDD3BD3B04654879C725EE48F37F27667687ED59CFEEEF1D83346F4678FB3225F2BF28629BFC7F4CDC28BA2B00286650FD9E0E9D91E5BDFC903D891470D8E80D18731958D7AB4AD5366E74D5D118A980764EAF1D01541E49254F0B93A8B41A9ACDEF5A1FAF71DA3B79451E6A5E9E246D3B22C53D3387AE3B21199443C765447688DE675EBB245DCF72569D4EB645D10FB532FF55D41262211BE8C96A1AB7AE93C00A5B49A7705FBEB79636668B35873A22C0C22EE24DACC0FFDC4D39A75122D533F488823C8C72288E4C026E14E360D443EE5FE051042082184104208218410FAC727E4CC6898 <br>Sub-signature ID: 70656 <br>Remote Address: 176.31.101.106 <br> <br>OS-Country:49 <br>OS-Language:German <br>Processor:AMD64 Family 16 Model 6 Stepping 3 <br>System:Windows 7 build 7601 Service Pack 1 <br>Platform-GUID:37994671-827C-4E63-9D6E-045340E9CB61 <br>DateSubmitted:Fri, 16 Nov 2012 14:48:59 GMT <br>Product:Norton 360 6.4.0.9" Kategorie:Dateibereinigung Datum/Uhrzeit,Risiko,Aktivität,Status,Empfohlene Aktion,Kategorie,Ergebnis,Freigegebener Speicherplatz 13.11.2012 17:52:03,Infos,Temporäre Internet Explorer-Dateien,Erfolgreich,Keine Aktion erforderlich,Optimierung,Behoben: 407,6 MB 13.11.2012 17:52:06,Infos,Temporäre Windows-Dateien,Erfolgreich,Keine Aktion erforderlich,Optimierung,Behoben: 18,58 MB 15.11.2012 20:13:25,Infos,Temporäre Internet Explorer-Dateien,Abgebrochen,Keine Aktion erforderlich,Optimierung,Behoben: 184,9 MB 15.11.2012 21:06:23,Infos,Temporäre Internet Explorer-Dateien,Erfolgreich,Keine Aktion erforderlich,Optimierung,Behoben: 1,2.782 Byte 15.11.2012 21:06:24,Infos,Temporäre Windows-Dateien,Erfolgreich,Keine Aktion erforderlich,Optimierung,Behoben: 32,11 MB Kategorie:Festplattenoptimierung Datum/Uhrzeit,Risiko,Aktivität,Status,Empfohlene Aktion,Kategorie,Ergebnis,Details 13.11.2012 17:53:09,Infos,Festplattenoptimierung,Erfolgreich,Keine Aktion erforderlich,Optimierung,Keine Probleme erkannt.,"Laufwerk C: Optimierung nicht erforderlich, aktuelle Datenträgerfragmentierung 1%., Laufwerk D: Optimierung nicht erforderlich, aktuelle Datenträgerfragmentierung 3%., Reserviertes Systemlaufwerk: Optimierung nicht erforderlich, aktuelle Datenträgerfragmentierung 1%." 15.11.2012 21:07:15,Infos,Festplattenoptimierung,Erfolgreich,Keine Aktion erforderlich,Optimierung,Keine Probleme erkannt.,"Laufwerk C: Optimierung nicht erforderlich, aktuelle Datenträgerfragmentierung 1%., Laufwerk D: Optimierung nicht erforderlich, aktuelle Datenträgerfragmentierung 1%., Reserviertes Systemlaufwerk: Optimierung nicht erforderlich, aktuelle Datenträgerfragmentierung 1%." Kategorie:Silent-Mode Datum/Uhrzeit,Risiko,Aktivität,Status,Programm,Überschrift 15.11.2012 11:43:57,Infos,Ein Programm ist in den Vollbildmodus gewechselt. Silent-Mode ist eingeschaltet.,Abgeschlossen,D:\world of warcraft\wow-64.exe,World of Warcraft 15.11.2012 11:45:09,Infos,Ein Programm hat den Vollbildmodus verlassen. Der Silent-Mode ist ausgeschaltet.,Abgeschlossen,D:\world of warcraft\wow-64.exe,World of Warcraft 15.11.2012 11:46:07,Infos,Ein Programm ist in den Vollbildmodus gewechselt. Silent-Mode ist eingeschaltet.,Abgeschlossen,D:\world of warcraft\wow-64.exe,World of Warcraft 15.11.2012 11:46:12,Infos,Ein Programm hat den Vollbildmodus verlassen. Der Silent-Mode ist ausgeschaltet.,Abgeschlossen,D:\world of warcraft\wow-64.exe,World of Warcraft 15.11.2012 12:15:05,Infos,Ein Programm ist in den Vollbildmodus gewechselt. Silent-Mode ist eingeschaltet.,Abgeschlossen,D:\world of warcraft\wow-64.exe,World of Warcraft 15.11.2012 12:15:25,Infos,Ein Programm hat den Vollbildmodus verlassen. Der Silent-Mode ist ausgeschaltet.,Abgeschlossen,D:\world of warcraft\wow-64.exe,World of Warcraft 15.11.2012 12:38:41,Infos,Ein Programm ist in den Vollbildmodus gewechselt. Silent-Mode ist eingeschaltet.,Abgeschlossen,D:\world of warcraft\wow-64.exe,World of Warcraft 15.11.2012 12:42:15,Infos,Ein Programm hat den Vollbildmodus verlassen. Der Silent-Mode ist ausgeschaltet.,Abgeschlossen,D:\world of warcraft\wow-64.exe,World of Warcraft 15.11.2012 12:43:54,Infos,Ein Programm ist in den Vollbildmodus gewechselt. Silent-Mode ist eingeschaltet.,Abgeschlossen,D:\world of warcraft\wow-64.exe,World of Warcraft 15.11.2012 13:04:31,Infos,Ein Programm hat den Vollbildmodus verlassen. Der Silent-Mode ist ausgeschaltet.,Abgeschlossen,D:\world of warcraft\wow-64.exe,World of Warcraft 15.11.2012 13:05:39,Infos,Ein Programm ist in den Vollbildmodus gewechselt. Silent-Mode ist eingeschaltet.,Abgeschlossen,D:\world of warcraft\wow-64.exe,World of Warcraft 15.11.2012 13:07:50,Infos,Ein Programm hat den Vollbildmodus verlassen. Der Silent-Mode ist ausgeschaltet.,Abgeschlossen,D:\world of warcraft\wow-64.exe,World of Warcraft 15.11.2012 13:08:11,Infos,Ein Programm ist in den Vollbildmodus gewechselt. Silent-Mode ist eingeschaltet.,Abgeschlossen,D:\world of warcraft\wow-64.exe,World of Warcraft 15.11.2012 13:08:38,Infos,Ein Programm hat den Vollbildmodus verlassen. Der Silent-Mode ist ausgeschaltet.,Abgeschlossen,D:\world of warcraft\wow-64.exe,World of Warcraft 15.11.2012 13:08:57,Infos,Ein Programm ist in den Vollbildmodus gewechselt. Silent-Mode ist eingeschaltet.,Abgeschlossen,D:\world of warcraft\wow-64.exe,World of Warcraft 15.11.2012 14:46:13,Infos,Ein Programm hat den Vollbildmodus verlassen. Der Silent-Mode ist ausgeschaltet.,Abgeschlossen,D:\world of warcraft\wow-64.exe,World of Warcraft 15.11.2012 15:14:05,Infos,Ein Programm ist in den Vollbildmodus gewechselt. Silent-Mode ist eingeschaltet.,Abgeschlossen,C:\windows\syswow64\macromed\flash\flashplayerplugin_11_4_402_287.exe,Adobe Flash Player 15.11.2012 15:15:39,Infos,Ein Programm hat den Vollbildmodus verlassen. Der Silent-Mode ist ausgeschaltet.,Abgeschlossen,C:\windows\syswow64\macromed\flash\flashplayerplugin_11_4_402_287.exe,Adobe Flash Player 15.11.2012 18:24:49,Infos,Ein Programm ist in den Vollbildmodus gewechselt. Silent-Mode ist eingeschaltet.,Abgeschlossen,C:\users\***\neuer ordner (2)\neuer ordner\nr.2\teeworlds-0.6.1-win32\teeworlds-b122-r50edfd37-win32\teeworlds.exe,Teeworlds 15.11.2012 18:24:59,Infos,Ein Programm hat den Vollbildmodus verlassen. Der Silent-Mode ist ausgeschaltet.,Abgeschlossen,C:\users\***\neuer ordner (2)\neuer ordner\nr.2\teeworlds-0.6.1-win32\teeworlds-b122-r50edfd37-win32\teeworlds.exe,Teeworlds 16.11.2012 19:11:21,Infos,Ein Programm ist in den Vollbildmodus gewechselt. Silent-Mode ist eingeschaltet.,Abgeschlossen,C:\windows\syswow64\macromed\flash\flashplayerplugin_11_4_402_287.exe,Adobe Flash Player 16.11.2012 19:11:41,Infos,Ein Programm hat den Vollbildmodus verlassen. Der Silent-Mode ist ausgeschaltet.,Abgeschlossen,C:\windows\syswow64\macromed\flash\flashplayerplugin_11_4_402_287.exe,Adobe Flash Player 16.11.2012 19:12:11,Infos,Ein Programm ist in den Vollbildmodus gewechselt. Silent-Mode ist eingeschaltet.,Abgeschlossen,C:\windows\syswow64\macromed\flash\flashplayerplugin_11_4_402_287.exe,Adobe Flash Player 16.11.2012 19:13:58,Infos,Ein Programm hat den Vollbildmodus verlassen. Der Silent-Mode ist ausgeschaltet.,Abgeschlossen,C:\windows\syswow64\macromed\flash\flashplayerplugin_11_4_402_287.exe,Adobe Flash Player 16.11.2012 23:17:04,Infos,Ein Programm ist in den Vollbildmodus gewechselt. Silent-Mode ist eingeschaltet.,Abgeschlossen,D:\league of legends\rads\solutions\lol_game_client_sln\releases\0.0.0.200\deploy\league of legends.exe,League of Legends (TM) Client 16.11.2012 23:17:11,Infos,Ein Programm hat den Vollbildmodus verlassen. Der Silent-Mode ist ausgeschaltet.,Abgeschlossen,D:\league of legends\rads\solutions\lol_game_client_sln\releases\0.0.0.200\deploy\league of legends.exe,League of Legends (TM) Client 16.11.2012 23:22:31,Infos,Ein Programm ist in den Vollbildmodus gewechselt. Silent-Mode ist eingeschaltet.,Abgeschlossen,D:\league of legends\rads\solutions\lol_game_client_sln\releases\0.0.0.200\deploy\league of legends.exe,League of Legends (TM) Client 16.11.2012 23:24:01,Infos,Ein Programm hat den Vollbildmodus verlassen. Der Silent-Mode ist ausgeschaltet.,Abgeschlossen,D:\league of legends\rads\solutions\lol_game_client_sln\releases\0.0.0.200\deploy\league of legends.exe,League of Legends (TM) Client 16.11.2012 23:24:29,Infos,Ein Programm ist in den Vollbildmodus gewechselt. Silent-Mode ist eingeschaltet.,Abgeschlossen,D:\league of legends\rads\solutions\lol_game_client_sln\releases\0.0.0.200\deploy\league of legends.exe,League of Legends (TM) Client 16.11.2012 23:24:34,Infos,Ein Programm hat den Vollbildmodus verlassen. Der Silent-Mode ist ausgeschaltet.,Abgeschlossen,D:\league of legends\rads\solutions\lol_game_client_sln\releases\0.0.0.200\deploy\league of legends.exe,League of Legends (TM) Client 16.11.2012 23:24:50,Infos,Ein Programm ist in den Vollbildmodus gewechselt. Silent-Mode ist eingeschaltet.,Abgeschlossen,D:\league of legends\rads\solutions\lol_game_client_sln\releases\0.0.0.200\deploy\league of legends.exe,League of Legends (TM) Client 16.11.2012 23:25:38,Infos,Ein Programm hat den Vollbildmodus verlassen. Der Silent-Mode ist ausgeschaltet.,Abgeschlossen,D:\league of legends\rads\solutions\lol_game_client_sln\releases\0.0.0.200\deploy\league of legends.exe,League of Legends (TM) Client 16.11.2012 23:29:36,Infos,Ein Programm ist in den Vollbildmodus gewechselt. Silent-Mode ist eingeschaltet.,Abgeschlossen,D:\league of legends\rads\solutions\lol_game_client_sln\releases\0.0.0.200\deploy\league of legends.exe,League of Legends (TM) Client 16.11.2012 23:30:06,Infos,Ein Programm hat den Vollbildmodus verlassen. Der Silent-Mode ist ausgeschaltet.,Abgeschlossen,D:\league of legends\rads\solutions\lol_game_client_sln\releases\0.0.0.200\deploy\league of legends.exe,League of Legends (TM) Client 16.11.2012 23:40:13,Infos,Ein Programm ist in den Vollbildmodus gewechselt. Silent-Mode ist eingeschaltet.,Abgeschlossen,D:\league of legends\rads\solutions\lol_game_client_sln\releases\0.0.0.200\deploy\league of legends.exe,League of Legends (TM) Client 17.11.2012 00:08:17,Infos,Ein Programm hat den Vollbildmodus verlassen. Der Silent-Mode ist ausgeschaltet.,Abgeschlossen,D:\league of legends\rads\solutions\lol_game_client_sln\releases\0.0.0.200\deploy\league of legends.exe,League of Legends (TM) Client 17.11.2012 00:16:06,Infos,Ein Programm ist in den Vollbildmodus gewechselt. Silent-Mode ist eingeschaltet.,Abgeschlossen,D:\league of legends\rads\solutions\lol_game_client_sln\releases\0.0.0.200\deploy\league of legends.exe,League of Legends (TM) Client 17.11.2012 01:06:14,Infos,Ein Programm hat den Vollbildmodus verlassen. Der Silent-Mode ist ausgeschaltet.,Abgeschlossen,D:\league of legends\rads\solutions\lol_game_client_sln\releases\0.0.0.200\deploy\league of legends.exe,League of Legends (TM) Client 17.11.2012 01:18:50,Infos,Ein Programm ist in den Vollbildmodus gewechselt. Silent-Mode ist eingeschaltet.,Abgeschlossen,D:\league of legends\rads\solutions\lol_game_client_sln\releases\0.0.0.200\deploy\league of legends.exe,League of Legends (TM) Client 17.11.2012 01:58:26,Infos,Ein Programm hat den Vollbildmodus verlassen. Der Silent-Mode ist ausgeschaltet.,Abgeschlossen,D:\league of legends\rads\solutions\lol_game_client_sln\releases\0.0.0.200\deploy\league of legends.exe,League of Legends (TM) Client Kategorie:LiveUpdate Datum/Uhrzeit,Risiko,Aktivität,Status,Empfohlene Aktion,Art des Update,Ergebnis,Datum/Uhrzeit,Angewendete Updates (gesamt),Norton 2012 Web Protection Definitions,Norton 2012 Reputation Revocation List,Neustart erforderlich,Risiko,Norton Pulse Updates,Norton 2012 Whitelist,Norton 2012 Smart Virus Definitions X64,Norton 2012 IPS Definitions,Norton 2012 Extended File Attributes and Signatures,Norton 2012 AntiSpam Definitions,Norton Safe Web Statistics 15.11.2012 15:59:07,Infos,LiveUpdate-Sitzung,Abgeschlossen,Keine Aktion erforderlich,Automatisch,Norton LiveUpdate wurde erfolgreich abgeschlossen. Ihr Norton-Produkt hat nun die neuesten Schutz-Updates.,15.11.2012 15:59:07,2,Erfolgreich,Erfolgreich,Nein,Infos,,,,,,, 15.11.2012 19:45:58,Infos,LiveUpdate-Sitzung,Abgeschlossen,Keine Aktion erforderlich,Interaktiv,Norton LiveUpdate wurde erfolgreich abgeschlossen. Ihr Norton-Produkt hat nun die neuesten Schutz-Updates.,15.11.2012 19:45:58,2,Erfolgreich,,Nein,Infos,Erfolgreich,,,,,, 15.11.2012 20:21:01,Infos,LiveUpdate-Sitzung,Abgeschlossen,Keine Aktion erforderlich,Interaktiv,Norton LiveUpdate wurde erfolgreich abgeschlossen. Ihr Norton-Produkt hat nun die neuesten Schutz-Updates.,15.11.2012 20:21:01,2,Erfolgreich,,Nein,Infos,Erfolgreich,,,,,, 15.11.2012 23:31:20,Infos,LiveUpdate-Sitzung,Abgeschlossen,Keine Aktion erforderlich,Automatisch,Norton LiveUpdate wurde erfolgreich abgeschlossen. Ihr Norton-Produkt hat nun die neuesten Schutz-Updates.,15.11.2012 23:31:20,3,Erfolgreich,,Nein,Infos,Erfolgreich,Erfolgreich,,,,, 16.11.2012 13:03:45,Infos,LiveUpdate-Sitzung,Abgeschlossen,Keine Aktion erforderlich,Automatisch,Norton LiveUpdate wurde erfolgreich abgeschlossen. Ihr Norton-Produkt hat nun die neuesten Schutz-Updates.,16.11.2012 13:03:45,8,Erfolgreich,Erfolgreich,Nein,Infos,Erfolgreich,,Erfolgreich,Erfolgreich,Erfolgreich,Erfolgreich,Erfolgreich 16.11.2012 16:58:43,Infos,LiveUpdate-Sitzung,Abgeschlossen,Keine Aktion erforderlich,Automatisch,Norton LiveUpdate wurde erfolgreich abgeschlossen. Ihr Norton-Produkt hat nun die neuesten Schutz-Updates.,16.11.2012 16:58:43,4,Erfolgreich,Erfolgreich,Nein,Infos,Erfolgreich,Erfolgreich,,,,, 16.11.2012 23:59:44,Infos,LiveUpdate-Sitzung,Abgeschlossen,Keine Aktion erforderlich,Automatisch,Norton LiveUpdate wurde erfolgreich abgeschlossen. Ihr Norton-Produkt hat nun die neuesten Schutz-Updates.,16.11.2012 23:59:44,3,Erfolgreich,,Nein,Infos,Erfolgreich,,Erfolgreich,,,, Code:
ATTFilter Vollständiger Pfad: c:\users\***\appdata\locallow\sun\java\deployment\cache\6.0\39\5731f227-5ceb465d
Bedrohung: Trojan.Maljava
____________________________
____________________________
Auf Computern ab Nicht verfügbar
Zuletzt verwendet 13.11.2012 um 17:20:47
Start-Element Nein
Gestarted Nein
____________________________
____________________________
Unbekannt
Anzahl der Benutzer in der Norton Community, die diese Datei verwendet haben: Unbekannt
____________________________
Unbekannt
Diese Dateiversion ist nicht bekannt.
____________________________
Hoch
Das Risiko dieser Datei ist hoch.
____________________________
Bedrohungsdetails
Art der Bedrohung: Virus. Programme, die andere Programme, Dateien oder Computerbereiche infizieren, indem sie sich einfügen oder anhängen.
____________________________
____________________________
Dateiaktionen
n.class
[Enthalten in] c:\users\***\appdata\locallow\sun\java\deployment\cache\6.0\39\5731f227-5ceb465d
Gelöscht
____________________________
Dateiabdruck - SHA:
Nicht verfügbar
____________________________
Dateiabdruck - MD5:
Nicht verfügbar
____________________________
Code:
ATTFilter Vollständiger Pfad: c:\users\***\appdata\locallow\sun\java\deployment\cache\6.0\39\5731f227-5ceb465d
Bedrohung: Trojan.Maljava
____________________________
____________________________
Auf Computern ab Nicht verfügbar
Zuletzt verwendet 13.11.2012 um 17:20:47
Start-Element Nein
Gestarted Nein
____________________________
____________________________
Unbekannt
Anzahl der Benutzer in der Norton Community, die diese Datei verwendet haben: Unbekannt
____________________________
Unbekannt
Diese Dateiversion ist nicht bekannt.
____________________________
Hoch
Das Risiko dieser Datei ist hoch.
____________________________
Bedrohungsdetails
Art der Bedrohung: Virus. Programme, die andere Programme, Dateien oder Computerbereiche infizieren, indem sie sich einfügen oder anhängen.
____________________________
____________________________
Dateiaktionen
l.class
[Enthalten in] c:\users\***\appdata\locallow\sun\java\deployment\cache\6.0\39\5731f227-5ceb465d
Gelöscht
____________________________
Dateiabdruck - SHA:
Nicht verfügbar
____________________________
Dateiabdruck - MD5:
Nicht verfügbar
____________________________
Geändert von Tenerok (17.11.2012 um 03:50 Uhr) |
|
17.11.2012, 14:49
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Maljava - Infektion 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
17.11.2012, 17:04
| #5 |
| | Trojan.Maljava - Infektion Gesagt, getan. Hier die beiden Logs: aswMBR Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-17 16:14:44
-----------------------------
16:14:44.108 OS Version: Windows x64 6.1.7601 Service Pack 1
16:14:44.108 Number of processors: 2 586 0x603
16:14:44.108 ComputerName: TOSH123 UserName: ***
16:14:45.162 Initialize success
16:17:39.582 AVAST engine defs: 12111700
16:19:37.205 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:19:37.206 Disk 0 Vendor: ST9500325AS 0001TSM1 Size: 476940MB BusType: 11
16:19:37.241 Disk 0 MBR read successfully
16:19:37.244 Disk 0 MBR scan
16:19:37.248 Disk 0 Windows 7 default MBR code
16:19:37.254 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 400 MB offset 2048
16:19:37.264 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 238311 MB offset 821248
16:19:37.285 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 238227 MB offset 488882176
16:19:37.328 Disk 0 scanning C:\Windows\system32\drivers
16:19:50.904 Service scanning
16:20:20.591 Modules scanning
16:20:20.597 Disk 0 trace - called modules:
16:20:20.665 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
16:20:20.670 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005e58060]
16:20:20.673 3 CLASSPNP.SYS[fffff88001bc043f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8005da8060]
16:20:21.735 AVAST engine scan C:\Windows
16:20:24.585 AVAST engine scan C:\Windows\system32
16:24:04.212 AVAST engine scan C:\Windows\system32\drivers
16:24:20.937 AVAST engine scan C:\Users\***
16:31:57.670 AVAST engine scan C:\ProgramData
16:37:28.205 Scan finished successfully
16:42:44.194 Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
16:42:44.198 The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"
Code:
ATTFilter 16:52:42.0512 1904 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:52:43.0358 1904 ============================================================
16:52:43.0358 1904 Current date / time: 2012/11/17 16:52:43.0358
16:52:43.0358 1904 SystemInfo:
16:52:43.0358 1904
16:52:43.0358 1904 OS Version: 6.1.7601 ServicePack: 1.0
16:52:43.0358 1904 Product type: Workstation
16:52:43.0358 1904 ComputerName: TOSH123
16:52:43.0358 1904 UserName: ***
16:52:43.0358 1904 Windows directory: C:\Windows
16:52:43.0358 1904 System windows directory: C:\Windows
16:52:43.0358 1904 Running under WOW64
16:52:43.0358 1904 Processor architecture: Intel x64
16:52:43.0359 1904 Number of processors: 2
16:52:43.0359 1904 Page size: 0x1000
16:52:43.0359 1904 Boot type: Normal boot
16:52:43.0359 1904 ============================================================
16:52:45.0502 1904 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:52:45.0547 1904 ============================================================
16:52:45.0547 1904 \Device\Harddisk0\DR0:
16:52:45.0548 1904 MBR partitions:
16:52:45.0548 1904 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC8800, BlocksNum 0x1D173800
16:52:45.0548 1904 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D23C000, BlocksNum 0x1D149830
16:52:45.0548 1904 ============================================================
16:52:45.0578 1904 C: <-> \Device\Harddisk0\DR0\Partition1
16:52:45.0617 1904 D: <-> \Device\Harddisk0\DR0\Partition2
16:52:45.0617 1904 ============================================================
16:52:45.0617 1904 Initialize success
16:52:45.0617 1904 ============================================================
16:53:56.0499 0460 ============================================================
16:53:56.0499 0460 Scan started
16:53:56.0499 0460 Mode: Manual; SigCheck; TDLFS;
16:53:56.0499 0460 ============================================================
16:53:57.0293 0460 ================ Scan system memory ========================
16:53:57.0293 0460 System memory - ok
16:53:57.0294 0460 ================ Scan services =============================
16:53:57.0462 0460 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:53:57.0553 0460 1394ohci - ok
16:53:57.0769 0460 [ 2D6434E957F7CFA0035C20890F77BBC6 ] a2acc C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys
16:53:57.0818 0460 a2acc - ok
16:53:58.0034 0460 [ E327C0DE1D7013BE360881801C0AB0FA ] a2AntiMalware C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
16:53:58.0133 0460 a2AntiMalware - ok
16:53:58.0168 0460 [ 3044D0F3FEB9FFE8BC953D8F34B5B504 ] A2DDA C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys
16:53:58.0178 0460 A2DDA - ok
16:53:58.0331 0460 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:53:58.0349 0460 ACPI - ok
16:53:58.0552 0460 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:53:58.0827 0460 AcpiPmi - ok
16:53:59.0102 0460 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:53:59.0118 0460 AdobeFlashPlayerUpdateSvc - ok
16:53:59.0292 0460 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
16:53:59.0326 0460 adp94xx - ok
16:53:59.0429 0460 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
16:53:59.0447 0460 adpahci - ok
16:53:59.0527 0460 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
16:53:59.0542 0460 adpu320 - ok
16:53:59.0621 0460 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:53:59.0964 0460 AeLookupSvc - ok
16:54:00.0122 0460 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
16:54:00.0173 0460 AFD - ok
16:54:00.0256 0460 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:54:00.0287 0460 agp440 - ok
16:54:00.0641 0460 [ B9B98E08EC127900025F42462D3D0A66 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll
16:54:00.0641 0460 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll. md5: B9B98E08EC127900025F42462D3D0A66
16:54:00.0651 0460 Akamai ( HiddenFile.Multi.Generic ) - warning
16:54:00.0651 0460 Akamai - detected HiddenFile.Multi.Generic (1)
16:54:00.0686 0460 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
16:54:00.0749 0460 ALG - ok
16:54:00.0852 0460 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
16:54:00.0901 0460 aliide - ok
16:54:01.0104 0460 [ B3B263B419FC9E7B1D41E61FDAE45BD9 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:54:01.0202 0460 AMD External Events Utility - ok
16:54:01.0378 0460 AMD FUEL Service - ok
16:54:01.0421 0460 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
16:54:01.0432 0460 amdide - ok
16:54:01.0589 0460 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
16:54:01.0599 0460 amdiox64 - ok
16:54:01.0694 0460 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
16:54:01.0779 0460 AmdK8 - ok
16:54:02.0134 0460 [ 9A6E9363F7A5E5A06629D9DDC76EE6B5 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
16:54:02.0404 0460 amdkmdag - ok
16:54:02.0513 0460 [ 957A4C13E1981B1701E600EF1E823C68 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
16:54:02.0581 0460 amdkmdap - ok
16:54:02.0668 0460 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
16:54:02.0757 0460 AmdPPM - ok
16:54:02.0857 0460 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:54:02.0919 0460 amdsata - ok
16:54:03.0018 0460 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
16:54:03.0033 0460 amdsbs - ok
16:54:03.0094 0460 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:54:03.0127 0460 amdxata - ok
16:54:03.0289 0460 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.0 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
16:54:03.0299 0460 AODDriver4.0 - ok
16:54:03.0491 0460 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.1 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
16:54:03.0501 0460 AODDriver4.1 - ok
16:54:03.0736 0460 [ 59D01FA91962C9C1E9B4022B2D3B46DB ] AppHostSvc C:\Windows\system32\inetsrv\apphostsvc.dll
16:54:03.0792 0460 AppHostSvc - ok
16:54:03.0919 0460 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
16:54:04.0071 0460 AppID - ok
16:54:04.0127 0460 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:54:04.0239 0460 AppIDSvc - ok
16:54:04.0357 0460 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
16:54:04.0437 0460 Appinfo - ok
16:54:04.0532 0460 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
16:54:04.0603 0460 arc - ok
16:54:04.0621 0460 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
16:54:04.0633 0460 arcsas - ok
16:54:04.0741 0460 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:54:04.0769 0460 aspnet_state - ok
16:54:04.0794 0460 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:54:04.0844 0460 AsyncMac - ok
16:54:04.0872 0460 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
16:54:04.0883 0460 atapi - ok
16:54:04.0948 0460 [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
16:54:04.0959 0460 AtiHDAudioService - ok
16:54:05.0008 0460 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
16:54:05.0017 0460 AtiPcie - ok
16:54:05.0067 0460 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:54:05.0144 0460 AudioEndpointBuilder - ok
16:54:05.0156 0460 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:54:05.0194 0460 AudioSrv - ok
16:54:05.0243 0460 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:54:05.0496 0460 AxInstSV - ok
16:54:05.0542 0460 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
16:54:05.0596 0460 b06bdrv - ok
16:54:05.0629 0460 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:54:05.0661 0460 b57nd60a - ok
16:54:05.0696 0460 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
16:54:05.0739 0460 BDESVC - ok
16:54:05.0767 0460 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
16:54:05.0818 0460 Beep - ok
16:54:05.0896 0460 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
16:54:05.0939 0460 BFE - ok
16:54:06.0156 0460 [ ED97ADAF00A61F57A2CCBBB1CE58C600 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20121106.001\BHDrvx64.sys
16:54:06.0209 0460 BHDrvx64 - ok
16:54:06.0264 0460 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
16:54:06.0347 0460 BITS - ok
16:54:06.0394 0460 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:54:06.0419 0460 blbdrive - ok
16:54:06.0459 0460 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:54:06.0473 0460 bowser - ok
16:54:06.0486 0460 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:54:06.0552 0460 BrFiltLo - ok
16:54:06.0566 0460 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:54:06.0581 0460 BrFiltUp - ok
16:54:06.0617 0460 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
16:54:06.0661 0460 Browser - ok
16:54:06.0677 0460 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:54:06.0733 0460 Brserid - ok
16:54:06.0739 0460 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:54:06.0763 0460 BrSerWdm - ok
16:54:06.0787 0460 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:54:06.0802 0460 BrUsbMdm - ok
16:54:06.0819 0460 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:54:06.0833 0460 BrUsbSer - ok
16:54:06.0846 0460 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
16:54:06.0873 0460 BTHMODEM - ok
16:54:06.0913 0460 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
16:54:06.0964 0460 bthserv - ok
16:54:07.0064 0460 [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_N360 C:\Windows\system32\drivers\N360x64\0604000.009\ccSetx64.sys
16:54:07.0078 0460 ccSet_N360 - ok
16:54:07.0108 0460 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:54:07.0159 0460 cdfs - ok
16:54:07.0207 0460 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
16:54:07.0243 0460 cdrom - ok
16:54:07.0293 0460 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
16:54:07.0346 0460 CertPropSvc - ok
16:54:07.0417 0460 [ 41E7C4FA6491747402CFCA77CC1C7AAB ] cfWiMAXService C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
16:54:07.0431 0460 cfWiMAXService - ok
16:54:07.0471 0460 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
16:54:07.0501 0460 circlass - ok
16:54:07.0546 0460 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
16:54:07.0565 0460 CLFS - ok
16:54:07.0617 0460 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:54:07.0630 0460 clr_optimization_v2.0.50727_32 - ok
16:54:07.0661 0460 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:54:07.0673 0460 clr_optimization_v2.0.50727_64 - ok
16:54:07.0765 0460 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:54:07.0823 0460 clr_optimization_v4.0.30319_32 - ok
16:54:07.0870 0460 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:54:07.0898 0460 clr_optimization_v4.0.30319_64 - ok
16:54:07.0941 0460 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:54:07.0975 0460 CmBatt - ok
16:54:08.0007 0460 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:54:08.0020 0460 cmdide - ok
16:54:08.0066 0460 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
16:54:08.0107 0460 CNG - ok
16:54:08.0147 0460 [ 25C58EE97BE0416A373E3E4F855206B5 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
16:54:08.0173 0460 CnxtHdAudService - ok
16:54:08.0215 0460 [ 89C99AB4AE9535F727791592D84D4821 ] CnxtHdmiAudService C:\Windows\system32\drivers\CHDMI64.sys
16:54:08.0240 0460 CnxtHdmiAudService - ok
16:54:08.0312 0460 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:54:08.0341 0460 Compbatt - ok
16:54:08.0432 0460 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
16:54:08.0515 0460 CompositeBus - ok
16:54:08.0536 0460 COMSysApp - ok
16:54:08.0596 0460 [ CAB0EEAF5295FC96DDD3E19DCE27E131 ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
16:54:08.0605 0460 ConfigFree Service - ok
16:54:08.0766 0460 cpuz130 - ok
16:54:08.0812 0460 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
16:54:08.0823 0460 crcdisk - ok
16:54:08.0873 0460 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:54:08.0923 0460 CryptSvc - ok
16:54:08.0983 0460 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:54:09.0048 0460 DcomLaunch - ok
16:54:09.0095 0460 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
16:54:09.0145 0460 defragsvc - ok
16:54:09.0182 0460 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:54:09.0233 0460 DfsC - ok
16:54:09.0293 0460 [ B9430166FEB246F6070A62B3554932C9 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
16:54:09.0332 0460 dg_ssudbus - ok
16:54:09.0411 0460 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
16:54:09.0601 0460 Dhcp - ok
16:54:09.0683 0460 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
16:54:09.0837 0460 discache - ok
16:54:09.0970 0460 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
16:54:10.0006 0460 Disk - ok
16:54:10.0098 0460 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:54:10.0147 0460 Dnscache - ok
16:54:10.0201 0460 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
16:54:10.0247 0460 dot3svc - ok
16:54:10.0298 0460 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
16:54:10.0356 0460 DPS - ok
16:54:10.0393 0460 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:54:10.0410 0460 drmkaud - ok
16:54:10.0513 0460 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:54:10.0546 0460 DXGKrnl - ok
16:54:10.0607 0460 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
16:54:10.0720 0460 EapHost - ok
16:54:10.0813 0460 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
16:54:10.0918 0460 ebdrv - ok
16:54:10.0998 0460 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
16:54:11.0018 0460 eeCtrl - ok
16:54:11.0060 0460 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
16:54:11.0117 0460 EFS - ok
16:54:11.0191 0460 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:54:11.0255 0460 ehRecvr - ok
16:54:11.0273 0460 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
16:54:11.0315 0460 ehSched - ok
16:54:11.0362 0460 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
16:54:11.0385 0460 elxstor - ok
16:54:11.0442 0460 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:54:11.0455 0460 EraserUtilRebootDrv - ok
16:54:11.0488 0460 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:54:11.0513 0460 ErrDev - ok
16:54:11.0560 0460 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
16:54:11.0620 0460 EventSystem - ok
16:54:11.0641 0460 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
16:54:11.0678 0460 exfat - ok
16:54:11.0713 0460 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:54:11.0766 0460 fastfat - ok
16:54:11.0828 0460 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
16:54:11.0910 0460 Fax - ok
16:54:11.0922 0460 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:54:11.0956 0460 fdc - ok
16:54:11.0976 0460 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
16:54:12.0030 0460 fdPHost - ok
16:54:12.0046 0460 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
16:54:12.0097 0460 FDResPub - ok
16:54:12.0136 0460 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:54:12.0150 0460 FileInfo - ok
16:54:12.0158 0460 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:54:12.0211 0460 Filetrace - ok
16:54:12.0226 0460 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:54:12.0258 0460 flpydisk - ok
16:54:12.0291 0460 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:54:12.0308 0460 FltMgr - ok
16:54:12.0361 0460 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
16:54:12.0431 0460 FontCache - ok
16:54:12.0480 0460 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:54:12.0488 0460 FontCache3.0.0.0 - ok
16:54:12.0511 0460 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:54:12.0525 0460 FsDepends - ok
16:54:12.0561 0460 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:54:12.0573 0460 Fs_Rec - ok
16:54:12.0615 0460 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:54:12.0633 0460 fvevol - ok
16:54:12.0667 0460 [ 60ACB128E64C35C2B4E4AAB1B0A5C293 ] FwLnk C:\Windows\system32\DRIVERS\FwLnk.sys
16:54:12.0692 0460 FwLnk - ok
16:54:12.0707 0460 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
16:54:12.0720 0460 gagp30kx - ok
16:54:12.0793 0460 [ 1FDA0DF739234C4023851A282DD28704 ] GameConsoleService C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
16:54:12.0808 0460 GameConsoleService - ok
16:54:12.0851 0460 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
16:54:12.0926 0460 gpsvc - ok
16:54:12.0995 0460 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:54:13.0005 0460 gupdate - ok
16:54:13.0016 0460 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:54:13.0028 0460 gupdatem - ok
16:54:13.0050 0460 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:54:13.0095 0460 hcw85cir - ok
16:54:13.0147 0460 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:54:13.0177 0460 HdAudAddService - ok
16:54:13.0225 0460 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
16:54:13.0256 0460 HDAudBus - ok
16:54:13.0276 0460 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
16:54:13.0307 0460 HidBatt - ok
16:54:13.0323 0460 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
16:54:13.0360 0460 HidBth - ok
16:54:13.0397 0460 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
16:54:13.0423 0460 HidIr - ok
16:54:13.0460 0460 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
16:54:13.0513 0460 hidserv - ok
16:54:13.0571 0460 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:54:13.0586 0460 HidUsb - ok
16:54:13.0615 0460 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:54:13.0673 0460 hkmsvc - ok
16:54:13.0715 0460 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:54:13.0752 0460 HomeGroupListener - ok
16:54:13.0782 0460 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:54:13.0816 0460 HomeGroupProvider - ok
16:54:13.0867 0460 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:54:13.0880 0460 HpSAMD - ok
16:54:13.0928 0460 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:54:14.0006 0460 HTTP - ok
16:54:14.0038 0460 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:54:14.0051 0460 hwpolicy - ok
16:54:14.0088 0460 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
16:54:14.0102 0460 i8042prt - ok
16:54:14.0133 0460 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:54:14.0153 0460 iaStorV - ok
16:54:14.0208 0460 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:54:14.0247 0460 idsvc - ok
16:54:14.0323 0460 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20121116.001\IDSvia64.sys
16:54:14.0340 0460 IDSVia64 - ok
16:54:14.0383 0460 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
16:54:14.0396 0460 iirsp - ok
16:54:14.0442 0460 [ AB55B8A9B13130F638546881CE4425F8 ] IISADMIN C:\Windows\system32\inetsrv\inetinfo.exe
16:54:14.0492 0460 IISADMIN - ok
16:54:14.0541 0460 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
16:54:14.0610 0460 IKEEXT - ok
16:54:14.0642 0460 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
16:54:14.0653 0460 intelide - ok
16:54:14.0693 0460 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:54:14.0723 0460 intelppm - ok
16:54:14.0758 0460 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:54:14.0805 0460 IPBusEnum - ok
16:54:14.0840 0460 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:54:14.0885 0460 IpFilterDriver - ok
16:54:14.0933 0460 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:54:14.0967 0460 iphlpsvc - ok
16:54:14.0995 0460 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:54:15.0021 0460 IPMIDRV - ok
16:54:15.0048 0460 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:54:15.0103 0460 IPNAT - ok
16:54:15.0131 0460 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:54:15.0166 0460 IRENUM - ok
16:54:15.0186 0460 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:54:15.0198 0460 isapnp - ok
16:54:15.0220 0460 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:54:15.0236 0460 iScsiPrt - ok
16:54:15.0246 0460 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:54:15.0258 0460 kbdclass - ok
16:54:15.0285 0460 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:54:15.0313 0460 kbdhid - ok
16:54:15.0330 0460 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
16:54:15.0342 0460 KeyIso - ok
16:54:15.0376 0460 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:54:15.0390 0460 KSecDD - ok
16:54:15.0426 0460 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:54:15.0441 0460 KSecPkg - ok
16:54:15.0473 0460 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:54:15.0525 0460 ksthunk - ok
16:54:15.0560 0460 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
16:54:15.0618 0460 KtmRm - ok
16:54:15.0647 0460 [ 55480B9C63F3F91A8EBBADCBF28FE581 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
16:54:15.0658 0460 L1C - ok
16:54:15.0751 0460 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
16:54:15.0798 0460 LanmanServer - ok
16:54:15.0841 0460 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:54:15.0896 0460 LanmanWorkstation - ok
16:54:15.0925 0460 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:54:15.0960 0460 lltdio - ok
16:54:15.0981 0460 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:54:16.0035 0460 lltdsvc - ok
16:54:16.0066 0460 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:54:16.0102 0460 lmhosts - ok
16:54:16.0131 0460 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
16:54:16.0143 0460 LSI_FC - ok
16:54:16.0177 0460 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
16:54:16.0191 0460 LSI_SAS - ok
16:54:16.0201 0460 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:54:16.0213 0460 LSI_SAS2 - ok
16:54:16.0227 0460 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:54:16.0241 0460 LSI_SCSI - ok
16:54:16.0260 0460 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
16:54:16.0310 0460 luafv - ok
16:54:16.0376 0460 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
16:54:16.0388 0460 MBAMProtector - ok
16:54:16.0430 0460 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
16:54:16.0447 0460 MBAMScheduler - ok
16:54:16.0475 0460 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:54:16.0497 0460 MBAMService - ok
16:54:16.0542 0460 McAfee SiteAdvisor Service - ok
16:54:16.0571 0460 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:54:16.0603 0460 Mcx2Svc - ok
16:54:16.0638 0460 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
16:54:16.0650 0460 megasas - ok
16:54:16.0671 0460 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
16:54:16.0688 0460 MegaSR - ok
16:54:16.0708 0460 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
16:54:16.0755 0460 MMCSS - ok
16:54:16.0772 0460 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
16:54:16.0822 0460 Modem - ok
16:54:16.0858 0460 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:54:16.0890 0460 monitor - ok
16:54:16.0937 0460 [ 5FEC1FF5BB9A1FA5C9CF4544D19D6D5D ] MotioninJoyXFilter C:\Windows\system32\DRIVERS\MijXfilt.sys
16:54:16.0950 0460 MotioninJoyXFilter - ok
16:54:16.0980 0460 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:54:16.0992 0460 mouclass - ok
16:54:17.0033 0460 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:54:17.0060 0460 mouhid - ok
16:54:17.0110 0460 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:54:17.0123 0460 mountmgr - ok
16:54:17.0203 0460 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:54:17.0217 0460 MozillaMaintenance - ok
16:54:17.0250 0460 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
16:54:17.0266 0460 mpio - ok
16:54:17.0297 0460 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:54:17.0347 0460 mpsdrv - ok
16:54:17.0382 0460 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:54:17.0460 0460 MpsSvc - ok
16:54:17.0503 0460 [ CD22D2563039DDA6793F7624719363A7 ] MQAC C:\Windows\system32\drivers\mqac.sys
16:54:17.0545 0460 MQAC - ok
16:54:17.0590 0460 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:54:17.0610 0460 MRxDAV - ok
16:54:17.0643 0460 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:54:17.0672 0460 mrxsmb - ok
16:54:17.0707 0460 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:54:17.0738 0460 mrxsmb10 - ok
16:54:17.0772 0460 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:54:17.0803 0460 mrxsmb20 - ok
16:54:17.0840 0460 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
16:54:17.0852 0460 msahci - ok
16:54:17.0876 0460 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:54:17.0891 0460 msdsm - ok
16:54:17.0905 0460 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
16:54:17.0931 0460 MSDTC - ok
16:54:17.0980 0460 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:54:18.0015 0460 Msfs - ok
16:54:18.0025 0460 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:54:18.0071 0460 mshidkmdf - ok
16:54:18.0088 0460 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:54:18.0101 0460 msisadrv - ok
16:54:18.0207 0460 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:54:18.0257 0460 MSiSCSI - ok
16:54:18.0261 0460 msiserver - ok
16:54:18.0302 0460 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:54:18.0356 0460 MSKSSRV - ok
16:54:18.0388 0460 [ FAAEAEF99E53561BEEE58F946CA56F0D ] MSMQ C:\Windows\system32\mqsvc.exe
16:54:18.0420 0460 MSMQ - ok
16:54:18.0450 0460 [ 59ED174FD4314B0218DC91F9BFA6CD3D ] MSMQTriggers C:\Windows\system32\mqtgsvc.exe
16:54:18.0491 0460 MSMQTriggers - ok
16:54:18.0522 0460 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:54:18.0577 0460 MSPCLOCK - ok
16:54:18.0607 0460 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:54:18.0652 0460 MSPQM - ok
16:54:18.0678 0460 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:54:18.0698 0460 MsRPC - ok
16:54:18.0737 0460 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
16:54:18.0750 0460 mssmbios - ok
16:54:18.0762 0460 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:54:18.0815 0460 MSTEE - ok
16:54:18.0830 0460 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
16:54:18.0860 0460 MTConfig - ok
16:54:18.0877 0460 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
16:54:18.0891 0460 Mup - ok
16:54:18.0978 0460 [ F2840DBFE9322F35557219AE82CC4597 ] N360 C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe
16:54:18.0990 0460 N360 - ok
16:54:19.0027 0460 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
16:54:19.0082 0460 napagent - ok
16:54:19.0128 0460 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:54:19.0167 0460 NativeWifiP - ok
16:54:19.0241 0460 [ 9D1CCE440552500DED3A62F9D779CDB4 ] NAUpdate c:\Program Files (x86)\Nero\Update\NASvc.exe
16:54:19.0261 0460 NAUpdate - ok
16:54:19.0338 0460 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20121116.020\ENG64.SYS
16:54:19.0350 0460 NAVENG - ok
16:54:19.0402 0460 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20121116.020\EX64.SYS
16:54:19.0441 0460 NAVEX15 - ok
16:54:19.0482 0460 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:54:19.0523 0460 NDIS - ok
16:54:19.0557 0460 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:54:19.0607 0460 NdisCap - ok
16:54:19.0625 0460 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:54:19.0677 0460 NdisTapi - ok
16:54:19.0726 0460 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:54:19.0761 0460 Ndisuio - ok
16:54:19.0815 0460 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:54:19.0868 0460 NdisWan - ok
16:54:19.0897 0460 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:54:19.0946 0460 NDProxy - ok
16:54:19.0982 0460 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:54:20.0028 0460 NetBIOS - ok
16:54:20.0060 0460 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:54:20.0112 0460 NetBT - ok
16:54:20.0138 0460 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
16:54:20.0150 0460 Netlogon - ok
16:54:20.0196 0460 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
16:54:20.0248 0460 Netman - ok
16:54:20.0297 0460 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:54:20.0312 0460 NetMsmqActivator - ok
16:54:20.0318 0460 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:54:20.0331 0460 NetPipeActivator - ok
16:54:20.0365 0460 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
16:54:20.0422 0460 netprofm - ok
16:54:20.0428 0460 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:54:20.0438 0460 NetTcpActivator - ok
16:54:20.0443 0460 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:54:20.0455 0460 NetTcpPortSharing - ok
16:54:20.0495 0460 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
16:54:20.0507 0460 nfrd960 - ok
16:54:20.0556 0460 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:54:20.0588 0460 NlaSvc - ok
16:54:20.0611 0460 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:54:20.0647 0460 Npfs - ok
16:54:20.0667 0460 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
16:54:20.0721 0460 nsi - ok
16:54:20.0787 0460 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:54:20.0862 0460 nsiproxy - ok
16:54:20.0977 0460 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:54:21.0038 0460 Ntfs - ok
16:54:21.0053 0460 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
16:54:21.0110 0460 Null - ok
16:54:21.0140 0460 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:54:21.0156 0460 nvraid - ok
16:54:21.0173 0460 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:54:21.0191 0460 nvstor - ok
16:54:21.0237 0460 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:54:21.0252 0460 nv_agp - ok
16:54:21.0271 0460 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:54:21.0287 0460 ohci1394 - ok
16:54:21.0320 0460 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:54:21.0363 0460 p2pimsvc - ok
16:54:21.0391 0460 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
16:54:21.0411 0460 p2psvc - ok
16:54:21.0438 0460 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
16:54:21.0452 0460 Parport - ok
16:54:21.0485 0460 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:54:21.0500 0460 partmgr - ok
16:54:21.0513 0460 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:54:21.0548 0460 PcaSvc - ok
16:54:21.0578 0460 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
16:54:21.0593 0460 pci - ok
16:54:21.0606 0460 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
16:54:21.0618 0460 pciide - ok
16:54:21.0648 0460 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
16:54:21.0665 0460 pcmcia - ok
16:54:21.0686 0460 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
16:54:21.0698 0460 pcw - ok
16:54:21.0728 0460 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:54:21.0835 0460 PEAUTH - ok
16:54:22.0273 0460 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:54:22.0305 0460 PerfHost - ok
16:54:22.0345 0460 [ 663962900E7FEA522126BA287715BB4A ] PGEffect C:\Windows\system32\DRIVERS\pgeffect.sys
16:54:22.0355 0460 PGEffect - ok
16:54:22.0415 0460 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
16:54:22.0502 0460 pla - ok
16:54:22.0560 0460 [ AB168D5CF1CD69F9FA6F09C828FEA660 ] PlantronicsGC C:\Windows\system32\drivers\PLTGC.sys
16:54:22.0643 0460 PlantronicsGC - ok
16:54:22.0688 0460 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:54:22.0722 0460 PlugPlay - ok
16:54:22.0827 0460 PnkBstrA - ok
16:54:22.0856 0460 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:54:22.0910 0460 PNRPAutoReg - ok
16:54:22.0937 0460 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:54:22.0952 0460 PNRPsvc - ok
16:54:22.0996 0460 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:54:23.0048 0460 PolicyAgent - ok
16:54:23.0083 0460 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
16:54:23.0133 0460 Power - ok
16:54:23.0176 0460 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:54:23.0211 0460 PptpMiniport - ok
16:54:23.0227 0460 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
16:54:23.0257 0460 Processor - ok
16:54:23.0286 0460 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
16:54:23.0338 0460 ProfSvc - ok
16:54:23.0352 0460 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:54:23.0365 0460 ProtectedStorage - ok
16:54:23.0415 0460 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:54:23.0465 0460 Psched - ok
16:54:23.0520 0460 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
16:54:23.0577 0460 ql2300 - ok
16:54:23.0594 0460 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
16:54:23.0609 0460 ql40xx - ok
16:54:23.0639 0460 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
16:54:23.0681 0460 QWAVE - ok
16:54:23.0704 0460 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:54:23.0736 0460 QWAVEdrv - ok
16:54:23.0759 0460 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:54:23.0811 0460 RasAcd - ok
16:54:23.0857 0460 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:54:23.0892 0460 RasAgileVpn - ok
16:54:23.0921 0460 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
16:54:23.0959 0460 RasAuto - ok
16:54:24.0001 0460 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:54:24.0051 0460 Rasl2tp - ok
16:54:24.0076 0460 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
16:54:24.0129 0460 RasMan - ok
16:54:24.0155 0460 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:54:24.0202 0460 RasPppoe - ok
16:54:24.0226 0460 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:54:24.0275 0460 RasSstp - ok
16:54:24.0316 0460 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:54:24.0369 0460 rdbss - ok
16:54:24.0386 0460 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:54:24.0422 0460 rdpbus - ok
16:54:24.0454 0460 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:54:24.0505 0460 RDPCDD - ok
16:54:24.0531 0460 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:54:24.0581 0460 RDPENCDD - ok
16:54:24.0621 0460 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:54:24.0656 0460 RDPREFMP - ok
16:54:24.0694 0460 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:54:24.0717 0460 RDPWD - ok
16:54:24.0757 0460 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:54:24.0774 0460 rdyboost - ok
16:54:24.0802 0460 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:54:24.0855 0460 RemoteAccess - ok
16:54:24.0886 0460 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:54:24.0944 0460 RemoteRegistry - ok
16:54:24.0991 0460 [ CAF88D6573D21CD2AA27001DDBFDC74D ] RMCAST C:\Windows\system32\DRIVERS\RMCAST.sys
16:54:25.0041 0460 RMCAST - ok
16:54:25.0057 0460 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:54:25.0105 0460 RpcEptMapper - ok
16:54:25.0135 0460 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
16:54:25.0162 0460 RpcLocator - ok
16:54:25.0205 0460 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
16:54:25.0242 0460 RpcSs - ok
16:54:25.0281 0460 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:54:25.0329 0460 rspndr - ok
16:54:25.0371 0460 [ 907C4464381B5EBDFDC60F6C7D0DEDFC ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
16:54:25.0386 0460 RSUSBSTOR - ok
16:54:25.0446 0460 [ 7475548B0BA58EBA4D12414FC9E9DFE6 ] rtl8192se C:\Windows\system32\DRIVERS\rtl8192se.sys
16:54:25.0490 0460 rtl8192se - ok
16:54:25.0557 0460 [ D2CEFF3BEFE9C468717B6BB7FA4A5E44 ] RzSynapse C:\Windows\system32\DRIVERS\RzSynapse.sys
16:54:25.0577 0460 RzSynapse ( UnsignedFile.Multi.Generic ) - warning
16:54:25.0577 0460 RzSynapse - detected UnsignedFile.Multi.Generic (1)
16:54:25.0622 0460 [ B047199A905DF30B69439C2703775978 ] rzudd C:\Windows\system32\DRIVERS\rzudd.sys
16:54:25.0664 0460 rzudd - ok
16:54:25.0675 0460 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
16:54:25.0686 0460 SamSs - ok
16:54:25.0721 0460 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:54:25.0735 0460 sbp2port - ok
16:54:25.0759 0460 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:54:25.0797 0460 SCardSvr - ok
16:54:25.0847 0460 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:54:25.0895 0460 scfilter - ok
16:54:25.0946 0460 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
16:54:26.0086 0460 Schedule - ok
16:54:26.0177 0460 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:54:26.0210 0460 SCPolicySvc - ok
16:54:26.0362 0460 [ CDDE0B41D4C739B8C85E81C39A595A1A ] scramby C:\Windows\system32\drivers\scramby.sys
16:54:26.0374 0460 scramby - ok
16:54:26.0397 0460 [ 3C9A97573D3B8A8450F92636D9846A74 ] scramby_out C:\Windows\system32\drivers\scramby_out.sys
16:54:26.0407 0460 scramby_out - ok
16:54:26.0451 0460 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:54:26.0490 0460 SDRSVC - ok
16:54:26.0520 0460 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:54:26.0571 0460 secdrv - ok
16:54:26.0600 0460 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
16:54:26.0644 0460 seclogon - ok
16:54:26.0665 0460 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
16:54:26.0711 0460 SENS - ok
16:54:26.0726 0460 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:54:26.0775 0460 SensrSvc - ok
16:54:26.0791 0460 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:54:26.0805 0460 Serenum - ok
16:54:26.0842 0460 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
16:54:26.0872 0460 Serial - ok
16:54:26.0920 0460 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
16:54:26.0945 0460 sermouse - ok
16:54:26.0991 0460 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
16:54:27.0036 0460 SessionEnv - ok
16:54:27.0067 0460 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:54:27.0105 0460 sffdisk - ok
16:54:27.0117 0460 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:54:27.0144 0460 sffp_mmc - ok
16:54:27.0166 0460 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:54:27.0195 0460 sffp_sd - ok
16:54:27.0222 0460 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
16:54:27.0245 0460 sfloppy - ok
16:54:27.0291 0460 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:54:27.0347 0460 SharedAccess - ok
16:54:27.0392 0460 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:54:27.0447 0460 ShellHWDetection - ok
16:54:27.0479 0460 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:54:27.0492 0460 SiSRaid2 - ok
16:54:27.0502 0460 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
16:54:27.0517 0460 SiSRaid4 - ok
16:54:27.0580 0460 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
16:54:27.0590 0460 SkypeUpdate - ok
16:54:27.0616 0460 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:54:27.0652 0460 Smb - ok
16:54:27.0706 0460 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:54:27.0730 0460 SNMPTRAP - ok
16:54:27.0784 0460 [ 12583AF6CBE0050651EAF2723B3AD7B3 ] speedfan C:\Windows\syswow64\speedfan.sys
16:54:27.0796 0460 speedfan - ok
16:54:27.0804 0460 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
16:54:27.0815 0460 spldr - ok
16:54:27.0857 0460 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
16:54:27.0961 0460 Spooler - ok
16:54:28.0111 0460 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
16:54:28.0252 0460 sppsvc - ok
16:54:28.0280 0460 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:54:28.0329 0460 sppuinotify - ok
16:54:28.0409 0460 [ 891793E00432FA055CF040605C260E49 ] SRTSP C:\Windows\System32\Drivers\N360x64\0604000.009\SRTSP64.SYS
16:54:28.0447 0460 SRTSP - ok
16:54:28.0464 0460 [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX C:\Windows\system32\drivers\N360x64\0604000.009\SRTSPX64.SYS
16:54:28.0476 0460 SRTSPX - ok
16:54:28.0519 0460 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
16:54:28.0569 0460 srv - ok
16:54:28.0592 0460 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:54:28.0630 0460 srv2 - ok
16:54:28.0675 0460 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
16:54:28.0694 0460 SrvHsfHDA - ok
16:54:28.0732 0460 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
16:54:28.0785 0460 SrvHsfV92 - ok
16:54:28.0810 0460 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
16:54:28.0847 0460 SrvHsfWinac - ok
16:54:28.0877 0460 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:54:28.0909 0460 srvnet - ok
16:54:28.0951 0460 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:54:29.0004 0460 SSDPSRV - ok
16:54:29.0025 0460 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:54:29.0061 0460 SstpSvc - ok
16:54:29.0096 0460 [ C692C94FE55CAD0633440236022C27B3 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
16:54:29.0111 0460 ssudmdm - ok
16:54:29.0154 0460 Steam Client Service - ok
16:54:29.0179 0460 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
16:54:29.0191 0460 stexstor - ok
16:54:29.0245 0460 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
16:54:29.0306 0460 stisvc - ok
16:54:29.0341 0460 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
16:54:29.0354 0460 swenum - ok
16:54:29.0390 0460 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
16:54:29.0445 0460 swprv - ok
16:54:29.0497 0460 [ 8B2430762099598DA40686F754632EFD ] SymDS C:\Windows\system32\drivers\N360x64\0604000.009\SYMDS64.SYS
16:54:29.0516 0460 SymDS - ok
16:54:29.0570 0460 [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA C:\Windows\system32\drivers\N360x64\0604000.009\SYMEFA64.SYS
16:54:29.0614 0460 SymEFA - ok
16:54:29.0661 0460 [ 898BB48C797483420DF523B2BBC1ECDB ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
16:54:29.0674 0460 SymEvent - ok
16:54:29.0706 0460 [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON C:\Windows\system32\drivers\N360x64\0604000.009\Ironx64.SYS
16:54:29.0720 0460 SymIRON - ok
16:54:29.0744 0460 [ 3911BD0E68C010E5438A87706ABBE9AB ] SymNetS C:\Windows\System32\Drivers\N360x64\0604000.009\SYMNETS.SYS
16:54:29.0762 0460 SymNetS - ok
16:54:29.0797 0460 [ 470C47DABA9CA3966F0AB3F835D7D135 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
16:54:29.0814 0460 SynTP - ok
16:54:29.0884 0460 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
16:54:29.0954 0460 SysMain - ok
16:54:30.0030 0460 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:54:30.0094 0460 TabletInputService - ok
16:54:30.0174 0460 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:54:30.0250 0460 TapiSrv - ok
16:54:30.0271 0460 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
16:54:30.0307 0460 TBS - ok
16:54:30.0386 0460 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:54:30.0435 0460 Tcpip - ok
16:54:30.0485 0460 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:54:30.0521 0460 TCPIP6 - ok
16:54:30.0567 0460 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:54:30.0602 0460 tcpipreg - ok
16:54:30.0656 0460 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\Windows\system32\DRIVERS\tdcmdpst.sys
16:54:30.0667 0460 tdcmdpst - ok
16:54:30.0694 0460 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:54:30.0735 0460 TDPIPE - ok
16:54:30.0762 0460 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:54:30.0786 0460 TDTCP - ok
16:54:30.0820 0460 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:54:30.0865 0460 tdx - ok
16:54:30.0924 0460 [ 40E154B3125E17CE6F2AFAD57AFCFEB2 ] TemproMonitoringService C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
16:54:30.0935 0460 TemproMonitoringService - ok
16:54:30.0981 0460 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
16:54:30.0994 0460 TermDD - ok
16:54:31.0021 0460 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
16:54:31.0077 0460 TermService - ok
16:54:31.0104 0460 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
16:54:31.0131 0460 Themes - ok
16:54:31.0157 0460 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
16:54:31.0192 0460 THREADORDER - ok
16:54:31.0245 0460 [ 28644B0523D64EFF2FC7312A2EE74B0A ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
16:54:31.0256 0460 TMachInfo - ok
16:54:31.0281 0460 [ ED32035BDFECED1AD66D459FD9CC1140 ] TODDSrv C:\Windows\system32\TODDSrv.exe
16:54:31.0294 0460 TODDSrv - ok
16:54:31.0396 0460 [ DB9719688C08F42705FEB3F6A0C98B91 ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
16:54:31.0415 0460 TosCoSrv - ok
16:54:31.0470 0460 [ 3E6756677E16532D235C6CB20614F369 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
16:54:31.0484 0460 TOSHIBA eco Utility Service - ok
16:54:31.0506 0460 [ 74C2FA8C3765EE71A9C22182EC108457 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
16:54:31.0519 0460 TOSHIBA HDD SSD Alert Service - ok
16:54:31.0564 0460 [ 97687D094AA597DA366E1194B218CC6C ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
16:54:31.0596 0460 TPCHSrv - ok
16:54:31.0631 0460 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
16:54:31.0686 0460 TrkWks - ok
16:54:31.0731 0460 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:54:31.0779 0460 TrustedInstaller - ok
16:54:31.0814 0460 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:54:31.0847 0460 tssecsrv - ok
16:54:31.0899 0460 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:54:31.0942 0460 TsUsbFlt - ok
16:54:32.0009 0460 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:54:32.0059 0460 tunnel - ok
16:54:32.0104 0460 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS
16:54:32.0115 0460 TVALZ - ok
16:54:32.0135 0460 [ 9C7191F4B2E49BFF47A6C1144B5923FA ] TVALZFL C:\Windows\system32\DRIVERS\TVALZFL.sys
16:54:32.0145 0460 TVALZFL - ok
16:54:32.0165 0460 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
16:54:32.0179 0460 uagp35 - ok
16:54:32.0214 0460 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:54:32.0269 0460 udfs - ok
16:54:32.0294 0460 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:54:32.0320 0460 UI0Detect - ok
16:54:32.0346 0460 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:54:32.0360 0460 uliagpkx - ok
16:54:32.0411 0460 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
16:54:32.0425 0460 umbus - ok
16:54:32.0451 0460 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
16:54:32.0464 0460 UmPass - ok
16:54:32.0480 0460 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
16:54:32.0532 0460 upnphost - ok
16:54:32.0565 0460 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:54:32.0610 0460 usbccgp - ok
16:54:32.0657 0460 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:54:32.0675 0460 usbcir - ok
16:54:32.0694 0460 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:54:32.0719 0460 usbehci - ok
16:54:32.0757 0460 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:54:32.0791 0460 usbhub - ok
16:54:32.0807 0460 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
16:54:32.0836 0460 usbohci - ok
16:54:32.0866 0460 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:54:32.0891 0460 usbprint - ok
16:54:32.0924 0460 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
16:54:32.0940 0460 usbscan - ok
16:54:32.0969 0460 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:54:33.0009 0460 USBSTOR - ok
16:54:33.0021 0460 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
16:54:33.0047 0460 usbuhci - ok
16:54:33.0104 0460 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
16:54:33.0122 0460 usbvideo - ok
16:54:33.0146 0460 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
16:54:33.0197 0460 UxSms - ok
16:54:33.0212 0460 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
16:54:33.0225 0460 VaultSvc - ok
16:54:33.0270 0460 [ 3A4B01C2BDB07DFEF29B0B369487503A ] VCSVADHWSer C:\Windows\system32\DRIVERS\vcsvad.sys
16:54:33.0276 0460 VCSVADHWSer ( UnsignedFile.Multi.Generic ) - warning
16:54:33.0276 0460 VCSVADHWSer - detected UnsignedFile.Multi.Generic (1)
16:54:33.0321 0460 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:54:33.0334 0460 vdrvroot - ok
16:54:33.0371 0460 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
16:54:33.0415 0460 vds - ok
16:54:33.0435 0460 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:54:33.0451 0460 vga - ok
16:54:33.0481 0460 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
16:54:33.0530 0460 VgaSave - ok
16:54:33.0562 0460 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:54:33.0579 0460 vhdmp - ok
16:54:33.0596 0460 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
16:54:33.0609 0460 viaide - ok
16:54:33.0626 0460 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:54:33.0641 0460 volmgr - ok
16:54:33.0680 0460 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:54:33.0699 0460 volmgrx - ok
16:54:33.0717 0460 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:54:33.0735 0460 volsnap - ok
16:54:33.0771 0460 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
16:54:33.0786 0460 vsmraid - ok
16:54:33.0849 0460 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
16:54:33.0937 0460 VSS - ok
16:54:33.0956 0460 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
16:54:33.0990 0460 vwifibus - ok
16:54:34.0039 0460 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
16:54:34.0077 0460 vwififlt - ok
16:54:34.0102 0460 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
16:54:34.0120 0460 vwifimp - ok
16:54:34.0156 0460 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
16:54:34.0197 0460 W32Time - ok
16:54:34.0260 0460 [ B32009DB1972E7F2C227499289C4384A ] W3SVC C:\Windows\system32\inetsrv\iisw3adm.dll
16:54:34.0290 0460 W3SVC - ok
16:54:34.0304 0460 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
16:54:34.0334 0460 WacomPen - ok
16:54:34.0384 0460 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:54:34.0431 0460 WANARP - ok
16:54:34.0436 0460 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:54:34.0469 0460 Wanarpv6 - ok
16:54:34.0514 0460 [ B32009DB1972E7F2C227499289C4384A ] WAS C:\Windows\system32\inetsrv\iisw3adm.dll
16:54:34.0530 0460 WAS - ok
16:54:34.0590 0460 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
16:54:34.0650 0460 wbengine - ok
16:54:34.0674 0460 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:54:34.0695 0460 WbioSrvc - ok
16:54:34.0727 0460 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:54:34.0752 0460 wcncsvc - ok
16:54:34.0757 0460 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:54:34.0785 0460 WcsPlugInService - ok
16:54:34.0817 0460 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
16:54:34.0830 0460 Wd - ok
16:54:34.0881 0460 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:54:34.0906 0460 Wdf01000 - ok
16:54:34.0920 0460 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:54:35.0012 0460 WdiServiceHost - ok
16:54:35.0016 0460 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:54:35.0035 0460 WdiSystemHost - ok
16:54:35.0074 0460 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
16:54:35.0109 0460 WebClient - ok
16:54:35.0142 0460 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:54:35.0194 0460 Wecsvc - ok
16:54:35.0211 0460 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:54:35.0267 0460 wercplsupport - ok
16:54:35.0290 0460 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
16:54:35.0342 0460 WerSvc - ok
16:54:35.0366 0460 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:54:35.0401 0460 WfpLwf - ok
16:54:35.0414 0460 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:54:35.0425 0460 WIMMount - ok
16:54:35.0437 0460 WinDefend - ok
16:54:35.0451 0460 WinHttpAutoProxySvc - ok
16:54:35.0500 0460 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:54:35.0539 0460 Winmgmt - ok
16:54:35.0617 0460 [ 0C0195C48B6B8582FA6F6373032118DA ] WinRing0_1_2_0 C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys
16:54:35.0629 0460 WinRing0_1_2_0 - ok
16:54:35.0704 0460 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
16:54:35.0790 0460 WinRM - ok
16:54:35.0870 0460 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
16:54:35.0902 0460 WinUsb - ok
16:54:35.0945 0460 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
16:54:36.0000 0460 Wlansvc - ok
16:54:36.0042 0460 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:54:36.0054 0460 wlcrasvc - ok
16:54:36.0141 0460 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:54:36.0226 0460 wlidsvc - ok
16:54:36.0274 0460 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:54:36.0301 0460 WmiAcpi - ok
16:54:36.0346 0460 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:54:36.0381 0460 wmiApSrv - ok
16:54:36.0420 0460 WMPNetworkSvc - ok
16:54:36.0446 0460 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:54:36.0466 0460 WPCSvc - ok
16:54:36.0497 0460 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:54:36.0539 0460 WPDBusEnum - ok
16:54:36.0557 0460 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:54:36.0602 0460 ws2ifsl - ok
16:54:36.0626 0460 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
16:54:36.0664 0460 wscsvc - ok
16:54:36.0667 0460 WSearch - ok
16:54:36.0741 0460 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
16:54:36.0827 0460 wuauserv - ok
16:54:36.0859 0460 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:54:36.0897 0460 WudfPf - ok
16:54:36.0959 0460 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:54:36.0986 0460 WUDFRd - ok
16:54:37.0016 0460 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:54:37.0050 0460 wudfsvc - ok
16:54:37.0082 0460 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
16:54:37.0129 0460 WwanSvc - ok
16:54:37.0181 0460 X6va006 - ok
16:54:37.0222 0460 X6va008 - ok
16:54:37.0265 0460 [ 9176C0822FAA649E45121875BE32F5D2 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
16:54:37.0277 0460 xusb21 - ok
16:54:37.0316 0460 ================ Scan global ===============================
16:54:37.0342 0460 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:54:37.0385 0460 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
16:54:37.0394 0460 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
16:54:37.0410 0460 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:54:37.0444 0460 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:54:37.0450 0460 [Global] - ok
16:54:37.0451 0460 ================ Scan MBR ==================================
16:54:37.0465 0460 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:54:38.0162 0460 \Device\Harddisk0\DR0 - ok
16:54:38.0162 0460 ================ Scan VBR ==================================
16:54:38.0192 0460 [ E3D39C9DFE78CC6CBC3EDF825FF35A89 ] \Device\Harddisk0\DR0\Partition1
16:54:38.0195 0460 \Device\Harddisk0\DR0\Partition1 - ok
16:54:38.0214 0460 [ E084FD1439CFADB2891B3FBA54655A66 ] \Device\Harddisk0\DR0\Partition2
16:54:38.0216 0460 \Device\Harddisk0\DR0\Partition2 - ok
16:54:38.0216 0460 ============================================================
16:54:38.0216 0460 Scan finished
16:54:38.0216 0460 ============================================================
16:54:38.0229 6000 Detected object count: 3
16:54:38.0229 6000 Actual detected object count: 3
16:56:29.0385 6000 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
16:56:29.0385 6000 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
16:56:29.0387 6000 RzSynapse ( UnsignedFile.Multi.Generic ) - skipped by user
16:56:29.0387 6000 RzSynapse ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:56:29.0399 6000 VCSVADHWSer ( UnsignedFile.Multi.Generic ) - skipped by user
16:56:29.0399 6000 VCSVADHWSer ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
17.11.2012, 22:29
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Maljava - Infektion Mach bitte einen CustomScan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter msconfig
netsvcs
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMROOT%\system32\drivers\*.sys /lockedfiles
%SYSTEMROOT%\System32\config\*.sav
%SYSTEMROOT%\*. /mp /s
%SYSTEMROOT%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ --> Trojan.Maljava - Infektion |
|
17.11.2012, 23:34
| #7 |
| | Trojan.Maljava - Infektion Hier der Log: OTL Logfile: Code:
ATTFilter OTL logfile created on: 17.11.2012 23:07:41 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
6,00 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 66,73% Memory free
11,99 Gb Paging File | 9,72 Gb Available in Paging File | 81,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,73 Gb Total Space | 135,08 Gb Free Space | 58,04% Space Free | Partition Type: NTFS
Drive D: | 232,64 Gb Total Space | 182,58 Gb Free Space | 78,48% Space Free | Partition Type: NTFS
Computer Name: TOSH123 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\***\Desktop\OTL(1).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer USA Ltd)
PRC - C:\Users\***\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
PRC - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Programme\Plantronics\GameCom780\GameCom780.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - c:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\RocketDock\RocketDock.exe ()
========== Modules (No Company Name) ==========
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\38e2909de0b5e7887b46dd28725ba718\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\e1747cf3a46c0af6fa5e6ad7d6bb40db\UIAutomationProvider.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\9ac78b0985034b2f93755d917623cac7\System.Runtime.DurableInstancing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\371e4e5119145340a7642a4ccc5b4d20\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\4c216f0f4c6b622eb828622fcb4bbae3\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\fbf5aa9c1cc4c8d49e63c908a95f3586\System.Xml.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\aebb94e0eea9c39ec18a7915a711f621\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\309291fa463d6ae8d2c46dc1215a9e12\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7c8bffb6e42a248341d7821a8464ef0b\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74fade4c3e490c62af3d60742fb078a\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\dfe6e22159d3f5bf61b5bfe1da6f2758\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\46215c6276fca8ba6b8a765dfa384c73\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ecbb113bbad9034fa8385c15f73fb4cf\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\a8dfd1388afc0a50f39f9e1dc7ecd45c\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\14d2241be401f66cc1898dc5dc383b80\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e10bbd79027aa4c1ca8950b78fd640d4\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\c63fe1e324904c893d2a5d02f0783658\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\379599837ade465016dd5d96798b2766\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\dbc34d53e1fbedabecd201fe4f264961\mscorlib.ni.dll ()
MOD - C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
MOD - C:\Programme\Plantronics\GameCom780\VMixPLGC.dll ()
MOD - C:\Programme\Plantronics\GameCom780\GameCom780.exe ()
MOD - C:\Program Files (x86)\RocketDock\RocketDock.exe ()
MOD - C:\Program Files (x86)\RocketDock\RocketDock.dll ()
========== Services (SafeList) ==========
SRV:64bit: - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc File not found
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (MSMQTriggers) -- C:\Windows\SysNative\mqtgsvc.exe (Microsoft Corporation)
SRV:64bit: - (IISADMIN) -- C:\Windows\SysNative\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (MSMQ) -- C:\Windows\SysNative\mqsvc.exe (Microsoft Corporation)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (a2AntiMalware) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (N360) -- C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe (Symantec Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (TosCoSrv) -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (GameConsoleService) -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (TemproMonitoringService) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
SRV - (NAUpdate) -- c:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (TOSHIBA eco Utility Service) -- C:\Programme\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV - (TPCHSrv) -- C:\Programme\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV - (TOSHIBA HDD SSD Alert Service) -- C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION)
SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
========== Driver Services (SafeList) ==========
DRV:64bit: - (rzudd) -- C:\Windows\SysNative\drivers\rzudd.sys (Razer USA Ltd)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\N360x64\0604000.009\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\0604000.009\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (ccSet_N360) -- C:\Windows\SysNative\drivers\N360x64\0604000.009\ccsetx64.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\0604000.009\symefa64.sys (Symantec Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\N360x64\0604000.009\symnets.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\0604000.009\ironx64.sys (Symantec Corporation)
DRV:64bit: - (MotioninJoyXFilter) -- C:\Windows\SysNative\drivers\MijXfilt.sys (MotioninJoy)
DRV:64bit: - (PlantronicsGC) -- C:\Windows\SysNative\drivers\PLTGC.sys (C-Media Electronics Inc)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\0604000.009\symds64.sys (Symantec Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RMCAST) -- C:\Windows\SysNative\drivers\rmcast.sys (Microsoft Corporation)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (rtl8192se) -- C:\Windows\SysNative\drivers\rtl8192se.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (RzSynapse) -- C:\Windows\SysNative\drivers\RzSynapse.sys (Razer USA Ltd)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (CnxtHdmiAudService) -- C:\Windows\SysNative\drivers\CHDMI64.sys (Conexant Systems Inc.)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (MQAC) -- C:\Windows\SysNative\drivers\mqac.sys (Microsoft Corporation)
DRV:64bit: - (FwLnk) -- C:\Windows\SysNative\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (VCSVADHWSer) -- C:\Windows\SysNative\drivers\vcsvad.sys (Avnex)
DRV:64bit: - (scramby_out) -- C:\Windows\SysNative\drivers\scramby_out.sys (RapidSolution Software AG)
DRV:64bit: - (scramby) -- C:\Windows\SysNative\drivers\scramby.sys (RapidSolution Software AG)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20121116.020\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20121116.020\eng64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20121106.001\BHDrvx64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20121116.001\IDSviA64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (a2acc) -- C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys (Emsisoft GmbH)
DRV - (AODDriver4.1) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV - (AODDriver4.0) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV - (Null) -- C:\Windows\SysWow64\NULL ()
DRV - (A2DDA) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys (Emsi Software GmbH)
DRV - (WinRing0_1_2_0) -- C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys (OpenLibSys.org)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {16AC41CA-2216-4DF7-90A9-F9A9552CACB7}
IE:64bit: - HKLM\..\SearchScopes\{16AC41CA-2216-4DF7-90A9-F9A9552CACB7}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {B35AF1AD-D413-4B59-91A0-D786D8A69E4A}
IE - HKLM\..\SearchScopes\{B35AF1AD-D413-4B59-91A0-D786D8A69E4A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\S-1-5-21-3823257520-3918744310-912333811-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com
IE - HKU\S-1-5-21-3823257520-3918744310-912333811-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com/?l=dis&o=102875&gct=hp
IE - HKU\S-1-5-21-3823257520-3918744310-912333811-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-3823257520-3918744310-912333811-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-3823257520-3918744310-912333811-1000\..\SearchScopes,DefaultScope = {B35AF1AD-D413-4B59-91A0-D786D8A69E4A}
IE - HKU\S-1-5-21-3823257520-3918744310-912333811-1000\..\SearchScopes\{3837B8AE-2BC7-4673-BC8E-40FECC1AE8F9}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
IE - HKU\S-1-5-21-3823257520-3918744310-912333811-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-3823257520-3918744310-912333811-1000\..\SearchScopes\{9AB4D5C1-8229-45BD-BD24-EE406E97D5F1}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=HIP&o=102875&src=kw&q={searchTerms}&locale=&apn_ptnrs=6F&apn_dtid=YYYYYYYYDE&apn_uid=e033a78d-3767-44b7-9254-7fa687202a51&apn_sauid=BC10926E-E19B-4ED4-A8C7-C088817E9A0E
IE - HKU\S-1-5-21-3823257520-3918744310-912333811-1000\..\SearchScopes\{E9E0C626-18F1-4810-8FA7-78EAD1605D37}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
IE - HKU\S-1-5-21-3823257520-3918744310-912333811-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3823257520-3918744310-912333811-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:11.1.1.5 - 3
FF - prefs.js..extensions.enabledAddons: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2012.5.7.2
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.3&q="
FF - prefs.js..network.proxy.gopher: ""
FF - prefs.js..network.proxy.gopher_port: 0
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011.05.20 18:54:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPlgn\ [2012.09.17 22:32:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\ [2012.11.17 12:29:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.27 21:09:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.27 21:09:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2011.05.21 06:13:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.10.23 19:37:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\rfastspu.default\extensions
[2012.09.23 22:49:24 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\rfastspu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.06.19 01:04:14 | 000,002,402 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\rfastspu.default\searchplugins\askcom.xml
[2012.11.11 20:36:33 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\rfastspu.default\searchplugins\icqplugin-1.xml
[2012.03.17 18:34:53 | 000,001,056 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\rfastspu.default\searchplugins\icqplugin.xml
[2012.10.27 21:09:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.11.17 12:29:48 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\COFFPLGN
[2012.09.17 22:32:00 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPLGN
[2012.10.27 21:09:39 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.16 14:24:45 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.07 18:37:55 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.16 14:24:45 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.16 14:24:45 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.16 14:24:45 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.16 14:24:45 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - homepage: hxxp://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Norton Identity Protection = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~2\mcafee\sitead~1\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [GamecomSound] C:\Programme\Plantronics\GameCom780\GameCom780.exe ()
O4:64bit: - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [MsmqIntCert] C:\Windows\SysNative\mqrt.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Programme\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Programme\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Programme\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Programme\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [emsisoft anti-malware] C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe File not found
O4 - HKLM..\Run: [NBAgent] c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [Razer Synapse] C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer USA Ltd)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKU\.DEFAULT..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3823257520-3918744310-912333811-1000..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe File not found
O4 - HKU\S-1-5-21-3823257520-3918744310-912333811-1000..\Run: [Akamai NetSession Interface] C:\Users\***\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-3823257520-3918744310-912333811-1000..\Run: [PlayNC Launcher] File not found
O4 - HKU\S-1-5-21-3823257520-3918744310-912333811-1000..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-3823257520-3918744310-912333811-1000..\Run: [Spotify Web Helper] C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKU\S-1-5-21-3823257520-3918744310-912333811-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-3823257520-3918744310-912333811-1000..\Run: [Vidalia] "C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe" File not found
O4 - HKU\.DEFAULT..\RunOnce: [] File not found
O4 - HKU\S-1-5-18..\RunOnce: [] File not found
O4 - HKU\S-1-5-19..\RunOnce: [] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKU\S-1-5-21-3823257520-3918744310-912333811-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-3823257520-3918744310-912333811-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Value error.)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{459AF30A-A07C-46E6-8C65-47F88C88AD10}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{963CF84D-9ECD-4382-A868-0DDE606D042D}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{963CF84D-9ECD-4382-A868-0DDE606D042D}: NameServer = 8.8.8.8,8.8.4.4
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~2\mcafee\sitead~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~2\mcafee\sitead~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\SysWOW64\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-3823257520-3918744310-912333811-1000 Winlogon: Shell - (expstart.exe) - C:\Windows\expstart.exe ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{635ee9fc-2715-11e0-a451-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{635ee9fc-2715-11e0-a451-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: hitmanpro36 - Reg Error: Value error.
SafeBootMin:64bit: hitmanpro36.sys - Reg Error: Value error.
SafeBootMin:64bit: MCODS - Reg Error: Value error.
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: hitmanpro36 - Reg Error: Value error.
SafeBootMin: hitmanpro36.sys - Reg Error: Value error.
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: hitmanpro36 - Reg Error: Value error.
SafeBootNet:64bit: hitmanpro36.sys - Reg Error: Value error.
SafeBootNet:64bit: MCODS - Reg Error: Value error.
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: hitmanpro36 - Reg Error: Value error.
SafeBootNet: hitmanpro36.sys - Reg Error: Value error.
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} -
ActiveX:64bit: >{D6650514-E1E0-46B1-9512-63063248A6CF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012.11.17 23:03:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL(1).exe
[2012.11.17 16:49:54 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe
[2012.11.17 16:08:20 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe
[2012.11.16 16:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2012.11.16 16:35:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2012.11.16 16:35:15 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Anti-Malware
[2012.11.16 14:06:24 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012.11.16 14:06:15 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\hitman362
[2012.11.15 20:15:45 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.11.15 17:07:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.15 17:07:30 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.11.15 17:07:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.11.07 18:41:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
[2012.11.07 18:41:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Razer
[2012.11.06 16:47:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Razer
[2012.11.03 02:09:19 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2012.11.03 01:42:34 | 000,203,104 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys
[2012.11.03 01:42:34 | 000,102,368 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys
[2012.11.02 22:25:53 | 000,000,000 | ---D | C] -- C:\Temp
[2012.10.29 03:19:02 | 000,148,480 | ---- | C] (Razer USA Ltd) -- C:\Windows\SysWow64\rztouchdll.dll
[2012.10.29 03:18:58 | 000,617,472 | ---- | C] (Razer USA Ltd) -- C:\Windows\SysWow64\rzdevicedll.dll
[2012.10.29 03:18:56 | 000,165,888 | ---- | C] (Razer USA Ltd) -- C:\Windows\SysWow64\rzaudiodll.dll
[2012.10.29 00:15:19 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log
[2012.10.29 00:15:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Samsung
[2012.10.29 00:15:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Samsung
[2012.10.29 00:14:56 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\samsung
[2012.10.28 22:51:32 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll
[2012.10.28 22:50:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2012.10.28 22:50:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2012.10.28 12:03:03 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Info
[2012.10.27 21:09:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.10.27 18:42:21 | 000,000,000 | ---D | C] -- C:\Users\***\4tune_-_Battlepaket_Teil_1
[2012.10.25 03:18:26 | 000,113,664 | ---- | C] (Razer USA Ltd) -- C:\Windows\SysNative\drivers\rzudd.sys
[2012.10.23 20:37:32 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Mathe 2
[2012.10.23 20:37:26 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Mathe 1
[2012.10.22 17:15:19 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\My Curse
[2012.10.22 17:15:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
[2012.10.21 18:59:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2012.10.20 02:04:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Audacity
[2012.10.20 02:02:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.11.17 23:03:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL(1).exe
[2012.11.17 22:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.17 22:36:10 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.17 19:58:49 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.11.17 18:36:02 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.17 16:49:54 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe
[2012.11.17 16:42:44 | 000,000,512 | ---- | M] () -- C:\Users\***\Desktop\MBR.dat
[2012.11.17 16:08:46 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe
[2012.11.17 12:37:08 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.17 12:37:08 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.17 12:29:40 | 000,329,144 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.17 12:29:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.17 12:28:33 | 532,856,831 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.16 20:30:32 | 000,001,982 | ---- | M] () -- C:\Users\***\Documents\Lines Erklärung.rtf
[2012.11.16 16:35:56 | 000,001,098 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012.11.16 13:02:20 | 001,824,958 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.16 13:02:20 | 000,772,710 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.16 13:02:20 | 000,715,058 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.16 13:02:20 | 000,174,802 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.16 13:02:20 | 000,142,440 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.15 17:49:52 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger(1).exe
[2012.11.15 17:08:29 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.13 18:01:18 | 000,000,351 | ---- | M] () -- C:\Users\***\Documents\Hawk Diss.rtf
[2012.11.08 18:41:24 | 000,000,498 | ---- | M] () -- C:\Users\***\Documents\2.0.rtf
[2012.11.08 18:40:48 | 000,000,715 | ---- | M] () -- C:\Users\***\Documents\Zeilen.rtf
[2012.11.07 18:33:40 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01005.Wdf
[2012.11.06 16:58:36 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_rzudd_01009.Wdf
[2012.11.05 20:46:25 | 000,000,484 | ---- | M] () -- C:\Users\***\Documents\Chillstep.rtf
[2012.10.31 18:57:21 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.10.31 00:22:28 | 000,000,625 | ---- | M] () -- C:\Users\***\Documents\wejoispg.rtf
[2012.10.29 03:19:02 | 000,148,480 | ---- | M] (Razer USA Ltd) -- C:\Windows\SysWow64\rztouchdll.dll
[2012.10.29 03:18:58 | 000,617,472 | ---- | M] (Razer USA Ltd) -- C:\Windows\SysWow64\rzdevicedll.dll
[2012.10.29 03:18:56 | 000,165,888 | ---- | M] (Razer USA Ltd) -- C:\Windows\SysWow64\rzaudiodll.dll
[2012.10.28 22:45:14 | 001,780,860 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.10.27 00:03:32 | 001,781,409 | ---- | M] () -- C:\Users\***\Documents\Double half face.png
[2012.10.25 03:18:26 | 000,113,664 | ---- | M] (Razer USA Ltd) -- C:\Windows\SysNative\drivers\rzudd.sys
[2012.10.21 02:29:24 | 000,000,601 | ---- | M] () -- C:\Users\***\Documents\Wörter 2.rtf
[2012.10.21 02:29:16 | 000,000,194 | ---- | M] () -- C:\Users\***\Documents\Wörter.rtf
[2012.10.20 02:02:41 | 000,001,014 | ---- | M] () -- C:\Users\***\Desktop\Audacity.lnk
[2012.10.20 00:37:22 | 000,001,206 | ---- | M] () -- C:\Users\***\Text Raptext.rtf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.11.17 19:58:49 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.11.17 16:42:44 | 000,000,512 | ---- | C] () -- C:\Users\***\Desktop\MBR.dat
[2012.11.16 20:30:32 | 000,001,982 | ---- | C] () -- C:\Users\***\Documents\Lines Erklärung.rtf
[2012.11.16 16:35:56 | 000,001,098 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012.11.16 12:59:19 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.16 12:47:23 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.15 17:49:52 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger(1).exe
[2012.11.15 17:07:32 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.13 18:01:18 | 000,000,351 | ---- | C] () -- C:\Users\***\Documents\Hawk Diss.rtf
[2012.11.08 18:41:24 | 000,000,498 | ---- | C] () -- C:\Users\***\Documents\2.0.rtf
[2012.11.08 18:40:48 | 000,000,715 | ---- | C] () -- C:\Users\***\Documents\Zeilen.rtf
[2012.11.07 18:33:40 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01005.Wdf
[2012.11.06 16:58:36 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_rzudd_01009.Wdf
[2012.11.04 02:56:48 | 000,000,484 | ---- | C] () -- C:\Users\***\Documents\Chillstep.rtf
[2012.10.31 18:57:21 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.10.31 00:22:28 | 000,000,625 | ---- | C] () -- C:\Users\***\Documents\wejoispg.rtf
[2012.10.27 00:03:31 | 001,781,409 | ---- | C] () -- C:\Users\***\Documents\Double half face.png
[2012.10.21 02:29:24 | 000,000,601 | ---- | C] () -- C:\Users\***\Documents\Wörter 2.rtf
[2012.10.21 02:29:16 | 000,000,194 | ---- | C] () -- C:\Users\***\Documents\Wörter.rtf
[2012.10.20 02:02:40 | 000,001,014 | ---- | C] () -- C:\Users\***\Desktop\Audacity.lnk
[2012.10.20 02:02:37 | 000,001,026 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2012.10.20 00:37:22 | 000,001,206 | ---- | C] () -- C:\Users\***\Text Raptext.rtf
[2012.09.26 20:57:14 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.09.26 20:57:14 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.09.26 20:57:14 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.09.26 20:57:14 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.09.26 12:51:27 | 000,000,402 | ---- | C] () -- C:\Windows\PLTGC.ini.cfl
[2012.09.26 12:51:09 | 000,003,489 | ---- | C] () -- C:\Windows\PLTGC.ini.cfg
[2012.09.26 12:51:09 | 000,000,432 | ---- | C] () -- C:\Windows\PLTGC.ini.imi
[2012.09.25 02:19:00 | 000,000,858 | ---- | C] () -- C:\Users\***\AppData\Local\recently-used.xbel
[2012.07.25 20:15:29 | 000,925,184 | ---- | C] () -- C:\Windows\expstart.exe
[2012.07.25 19:05:17 | 000,062,736 | R--- | C] () -- C:\Users\***\diablo_3.zip
[2012.07.21 14:09:04 | 000,507,336 | ---- | C] () -- C:\Windows\SysWow64\setup.exe
[2012.04.06 02:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.04.06 02:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.03.09 13:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.12.17 13:25:16 | 001,780,860 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.10.26 20:49:49 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.09.29 20:27:43 | 000,000,447 | ---- | C] () -- C:\Windows\PLTGC.ini
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.05.28 23:25:00 | 000,266,752 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.05.28 23:24:01 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.05.23 21:27:42 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.05.23 21:27:42 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011.01.23 18:54:11 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2011.01.23 18:40:10 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011.01.23 18:29:22 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
========== ZeroAccess Check ==========
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2011.05.29 15:47:15 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Teeworlds
[2011.05.29 16:00:13 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Toshiba
[2011.05.24 16:19:51 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\.#
[2012.10.20 12:04:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity
[2012.06.30 23:00:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Avnex
[2012.07.05 14:15:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Downloaded Installations
[2012.11.17 12:33:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2012.04.12 21:45:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2012.06.06 20:38:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2011.10.28 13:25:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FireShot
[2012.06.19 01:03:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeHideIP
[2012.06.01 13:14:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2012.03.02 15:03:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2012.07.25 17:00:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2011.12.27 19:39:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LolClient
[2012.05.25 12:24:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LolClient2
[2011.05.29 18:26:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2012.09.03 21:04:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\RIFT
[2012.11.03 23:58:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2012.07.06 16:05:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\six-updater
[2012.07.06 16:04:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\six-zsync
[2012.09.29 12:32:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Spotify
[2011.05.21 10:10:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\T-Online
[2012.07.12 19:09:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Teeworlds
[2011.06.23 21:52:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tific
[2012.08.14 19:15:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TIPP10
[2011.05.20 19:18:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Toshiba
[2012.02.05 11:49:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client
[2011.05.23 19:36:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinBatch
[2011.07.03 15:14:15 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Teeworlds
[2011.07.03 15:26:46 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Toshiba
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2012.09.19 23:52:36 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2012.09.04 23:44:00 | 000,000,000 | ---D | M] -- C:\AMD
[2011.05.21 07:38:52 | 000,000,000 | ---D | M] -- C:\ATI
[2012.11.17 12:28:32 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.05.20 18:53:30 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.03.30 17:31:10 | 000,000,000 | ---D | M] -- C:\Fraps
[2011.12.17 13:22:50 | 000,000,000 | ---D | M] -- C:\inetpub
[2011.05.21 15:33:46 | 000,000,000 | ---D | M] -- C:\N360_BACKUP
[2011.11.02 00:42:47 | 000,000,000 | ---D | M] -- C:\Neuer Ordner
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.11.15 20:15:45 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.11.16 16:35:15 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.11.16 14:06:24 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.05.20 18:53:30 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.11.17 23:09:36 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.11.02 22:25:53 | 000,000,000 | ---D | M] -- C:\Temp
[2011.05.20 18:56:46 | 000,000,000 | ---D | M] -- C:\Toshiba
[2012.06.23 01:24:13 | 000,000,000 | R--D | M] -- C:\Users
[2012.11.17 12:30:02 | 000,000,000 | ---D | M] -- C:\Windows
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2011.05.24 16:19:51 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\.#
[2011.05.21 12:16:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe
[2011.05.20 18:57:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ATI
[2012.10.20 12:04:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity
[2012.06.30 23:00:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Avnex
[2011.05.23 21:30:45 | 000,000,000 | R--D | M] -- C:\Users\***\AppData\Roaming\Brother
[2012.07.05 14:15:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Downloaded Installations
[2012.11.17 12:33:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2012.04.12 21:45:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2012.06.06 20:38:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2011.10.28 13:25:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FireShot
[2012.06.19 01:03:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeHideIP
[2012.06.01 13:14:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2012.03.02 15:03:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2011.05.20 18:56:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities
[2011.12.11 14:01:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InstallShield
[2012.07.25 17:00:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2011.12.27 19:39:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LolClient
[2012.05.25 12:24:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LolClient2
[2010.12.08 13:33:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia
[2012.06.06 20:39:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2009.07.14 19:18:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2012.09.06 23:10:55 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft
[2011.05.21 06:13:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla
[2011.05.20 18:57:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nero
[2011.05.29 18:26:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2012.09.03 21:04:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\RIFT
[2012.11.03 23:58:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2011.05.28 11:13:40 | 000,000,000 | RH-D | M] -- C:\Users\***\AppData\Roaming\SecuROM
[2012.07.06 16:05:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\six-updater
[2012.07.06 16:04:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\six-zsync
[2012.11.17 23:02:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype
[2012.03.04 16:28:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\skypePM
[2012.09.29 12:32:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Spotify
[2011.05.21 10:10:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\T-Online
[2012.07.12 19:09:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Teeworlds
[2011.06.23 21:52:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tific
[2012.08.14 19:15:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TIPP10
[2011.05.20 19:18:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Toshiba
[2012.02.05 11:49:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client
[2012.01.21 22:52:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\vlc
[2011.05.23 19:36:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinBatch
< %APPDATA%\*.exe /s >
[2012.08.27 23:56:34 | 027,031,312 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.08.27 23:56:36 | 000,874,424 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2012.08.27 23:56:44 | 000,181,784 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2010.09.20 15:39:48 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\***\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2012.02.04 22:53:47 | 008,197,280 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\***\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
[2012.09.04 23:44:37 | 000,088,102 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{D9D98127-FC22-6734-079B-F68E15BDCC8F}\ARPPRODUCTICON.exe
[2012.08.30 17:10:28 | 005,576,408 | ---- | M] (Spotify Ltd) -- C:\Users\***\AppData\Roaming\Spotify\spotify.exe
[2012.08.30 17:10:28 | 000,114,904 | ---- | M] () -- C:\Users\***\AppData\Roaming\Spotify\SpotifyLauncher.exe
[2012.08.30 17:10:28 | 001,193,176 | ---- | M] () -- C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
< %SYSTEMROOT%\system32\drivers\*.sys /lockedfiles >
< %SYSTEMROOT%\System32\config\*.sav >
< %SYSTEMROOT%\*. /mp /s >
< %SYSTEMROOT%\system32\*.dll /lockedfiles >
< End of report >
|
|
17.11.2012, 23:45
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Maljava - Infektion adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.11.2012, 00:22
| #9 |
| | Trojan.Maljava - InfektionCode:
ATTFilter # AdwCleaner v2.008 - Datei am 18/11/2012 um 00:18:16 erstellt
# Aktualisiert am 17/11/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : *** - TOSH123
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\rfastspu.default\searchplugins\Askcom.xml
Datei Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\rfastspu.default\searchplugins\icqplugin.xml
Datei Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\rfastspu.default\searchplugins\icqplugin-1.xml
Ordner Gefunden : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gefunden : C:\ProgramData\Ask
Ordner Gefunden : C:\ProgramData\ICQ\ICQToolbar
Ordner Gefunden : C:\Users\***\AppData\Local\APN
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gefunden : HKLM\SOFTWARE\Software
Schlüssel Gefunden : HKU\S-1-5-21-3823257520-3918744310-912333811-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://de.ask.com/?l=dis&o=102875&gct=hp
[HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
-\\ Mozilla Firefox v16.0.2 (de)
Profilname : default
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\rfastspu.default\prefs.js
Gefunden : user_pref("browser.search.defaultengine", "Ask.com");
Gefunden : user_pref("browser.search.defaultenginename", "Ask.com");
Gefunden : user_pref("browser.search.order.1", "Ask.com");
Gefunden : user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.3&q=");
Profilname : default
Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\vaeg10zd.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R10].txt - [2421 octets] - [18/11/2012 00:18:16]
AdwCleaner[R8].txt - [2554 octets] - [16/11/2012 15:57:47]
AdwCleaner[R9].txt - [2614 octets] - [16/11/2012 15:58:24]
########## EOF - C:\AdwCleaner[R10].txt - [2602 octets] ##########
|
|
18.11.2012, 01:02
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Maljava - Infektion adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.11.2012, 01:23
| #11 |
| | Trojan.Maljava - Infektion Nach dem adw-Löschvorgang und dem Neustart wurden die versteckten Ordner und Dateien sichtbar. Ist das normal? Kann ich einfach die Ordner-Optionen wieder auf die Standard-Werte zurücksetzen? Ich werde dann OTL durchlaufen lassen. Die Logs folgen. Hier die Logs: adwcleaner Code:
ATTFilter # AdwCleaner v2.008 - Datei am 18/11/2012 um 01:08:23 erstellt
# Aktualisiert am 17/11/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : *** - TOSH123
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\rfastspu.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\rfastspu.default\searchplugins\icqplugin.xml
Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\rfastspu.default\searchplugins\icqplugin-1.xml
Ordner Gelöscht : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Users\***\AppData\Local\APN
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Software
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://de.ask.com/?l=dis&o=102875&gct=hp --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
-\\ Mozilla Firefox v16.0.2 (de)
Profilname : default
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\rfastspu.default\prefs.js
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\rfastspu.default\user.js ... Gelöscht !
Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.3&q=");
Profilname : default
Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\vaeg10zd.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R10].txt - [2644 octets] - [18/11/2012 00:18:16]
AdwCleaner[R8].txt - [2554 octets] - [16/11/2012 15:57:47]
AdwCleaner[R9].txt - [2614 octets] - [16/11/2012 15:58:24]
AdwCleaner[S1].txt - [2615 octets] - [18/11/2012 01:08:23]
########## EOF - C:\AdwCleaner[S1].txt - [2675 octets] ##########
OTL Logfile: Code:
ATTFilter OTL logfile created on: 18.11.2012 01:43:03 - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
6,00 Gb Total Physical Memory | 4,19 Gb Available Physical Memory | 69,82% Memory free
11,99 Gb Paging File | 9,59 Gb Available in Paging File | 79,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,73 Gb Total Space | 134,34 Gb Free Space | 57,72% Space Free | Partition Type: NTFS
Drive D: | 232,64 Gb Total Space | 182,58 Gb Free Space | 78,48% Space Free | Partition Type: NTFS
Computer Name: TOSH123 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\***\Desktop\OTL(1).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer USA Ltd)
PRC - C:\Users\***\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
PRC - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Programme\Plantronics\GameCom780\GameCom780.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - c:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe (Brother Industries, Ltd.)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\RocketDock\RocketDock.exe ()
========== Modules (No Company Name) ==========
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\38e2909de0b5e7887b46dd28725ba718\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\9ac78b0985034b2f93755d917623cac7\System.Runtime.DurableInstancing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\371e4e5119145340a7642a4ccc5b4d20\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\4c216f0f4c6b622eb828622fcb4bbae3\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\fbf5aa9c1cc4c8d49e63c908a95f3586\System.Xml.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\aebb94e0eea9c39ec18a7915a711f621\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7c8bffb6e42a248341d7821a8464ef0b\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74fade4c3e490c62af3d60742fb078a\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\dfe6e22159d3f5bf61b5bfe1da6f2758\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\46215c6276fca8ba6b8a765dfa384c73\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ecbb113bbad9034fa8385c15f73fb4cf\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\a8dfd1388afc0a50f39f9e1dc7ecd45c\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\14d2241be401f66cc1898dc5dc383b80\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e10bbd79027aa4c1ca8950b78fd640d4\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\c63fe1e324904c893d2a5d02f0783658\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\379599837ade465016dd5d96798b2766\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\dbc34d53e1fbedabecd201fe4f264961\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()
MOD - C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
MOD - C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Programme\Plantronics\GameCom780\VMixPLGC.dll ()
MOD - C:\Programme\Plantronics\GameCom780\GameCom780.exe ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ()
MOD - C:\Program Files (x86)\RocketDock\RocketDock.exe ()
MOD - C:\Program Files (x86)\RocketDock\RocketDock.dll ()
========== Services (SafeList) ==========
SRV:64bit: - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc File not found
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (MSMQTriggers) -- C:\Windows\SysNative\mqtgsvc.exe (Microsoft Corporation)
SRV:64bit: - (IISADMIN) -- C:\Windows\SysNative\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (MSMQ) -- C:\Windows\SysNative\mqsvc.exe (Microsoft Corporation)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (a2AntiMalware) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (N360) -- C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe (Symantec Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (TosCoSrv) -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (GameConsoleService) -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (TemproMonitoringService) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
SRV - (NAUpdate) -- c:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (TOSHIBA eco Utility Service) -- C:\Programme\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV - (TPCHSrv) -- C:\Programme\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV - (TOSHIBA HDD SSD Alert Service) -- C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION)
SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
========== Driver Services (SafeList) ==========
DRV:64bit: - (rzudd) -- C:\Windows\SysNative\drivers\rzudd.sys (Razer USA Ltd)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\N360x64\0604000.009\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\0604000.009\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (ccSet_N360) -- C:\Windows\SysNative\drivers\N360x64\0604000.009\ccsetx64.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\0604000.009\symefa64.sys (Symantec Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\N360x64\0604000.009\symnets.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\0604000.009\ironx64.sys (Symantec Corporation)
DRV:64bit: - (MotioninJoyXFilter) -- C:\Windows\SysNative\drivers\MijXfilt.sys (MotioninJoy)
DRV:64bit: - (PlantronicsGC) -- C:\Windows\SysNative\drivers\PLTGC.sys (C-Media Electronics Inc)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\0604000.009\symds64.sys (Symantec Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RMCAST) -- C:\Windows\SysNative\drivers\rmcast.sys (Microsoft Corporation)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (rtl8192se) -- C:\Windows\SysNative\drivers\rtl8192se.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (RzSynapse) -- C:\Windows\SysNative\drivers\RzSynapse.sys (Razer USA Ltd)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (CnxtHdmiAudService) -- C:\Windows\SysNative\drivers\CHDMI64.sys (Conexant Systems Inc.)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (MQAC) -- C:\Windows\SysNative\drivers\mqac.sys (Microsoft Corporation)
DRV:64bit: - (FwLnk) -- C:\Windows\SysNative\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (VCSVADHWSer) -- C:\Windows\SysNative\drivers\vcsvad.sys (Avnex)
DRV:64bit: - (scramby_out) -- C:\Windows\SysNative\drivers\scramby_out.sys (RapidSolution Software AG)
DRV:64bit: - (scramby) -- C:\Windows\SysNative\drivers\scramby.sys (RapidSolution Software AG)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20121116.020\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20121116.020\eng64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20121106.001\BHDrvx64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20121116.001\IDSviA64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (a2acc) -- C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys (Emsisoft GmbH)
DRV - (AODDriver4.1) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV - (AODDriver4.0) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV - (Null) -- C:\Windows\SysWow64\NULL ()
DRV - (A2DDA) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys (Emsi Software GmbH)
DRV - (WinRing0_1_2_0) -- C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys (OpenLibSys.org)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{16AC41CA-2216-4DF7-90A9-F9A9552CACB7}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{B35AF1AD-D413-4B59-91A0-D786D8A69E4A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3823257520-3918744310-912333811-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com
IE - HKU\S-1-5-21-3823257520-3918744310-912333811-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3823257520-3918744310-912333811-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-3823257520-3918744310-912333811-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-3823257520-3918744310-912333811-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3823257520-3918744310-912333811-1000\..\SearchScopes\{3837B8AE-2BC7-4673-BC8E-40FECC1AE8F9}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
IE - HKU\S-1-5-21-3823257520-3918744310-912333811-1000\..\SearchScopes\{9AB4D5C1-8229-45BD-BD24-EE406E97D5F1}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=HIP&o=102875&src=kw&q={searchTerms}&locale=&apn_ptnrs=6F&apn_dtid=YYYYYYYYDE&apn_uid=e033a78d-3767-44b7-9254-7fa687202a51&apn_sauid=BC10926E-E19B-4ED4-A8C7-C088817E9A0E
IE - HKU\S-1-5-21-3823257520-3918744310-912333811-1000\..\SearchScopes\{E9E0C626-18F1-4810-8FA7-78EAD1605D37}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
IE - HKU\S-1-5-21-3823257520-3918744310-912333811-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3823257520-3918744310-912333811-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:11.1.1.5 - 3
FF - prefs.js..extensions.enabledAddons: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2012.5.7.2
FF - prefs.js..network.proxy.gopher: ""
FF - prefs.js..network.proxy.gopher_port: 0
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011.05.20 18:54:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPlgn\ [2012.09.17 22:32:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\ [2012.11.18 01:11:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.27 21:09:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.27 21:09:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2011.05.21 06:13:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.10.23 19:37:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\rfastspu.default\extensions
[2012.09.23 22:49:24 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\rfastspu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.10.27 21:09:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.11.18 01:11:21 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\COFFPLGN
[2012.09.17 22:32:00 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPLGN
[2012.10.27 21:09:39 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.16 14:24:45 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.07 18:37:55 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.16 14:24:45 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.16 14:24:45 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.16 14:24:45 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.16 14:24:45 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - homepage: hxxp://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Norton Identity Protection = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~2\mcafee\sitead~1\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [GamecomSound] C:\Programme\Plantronics\GameCom780\GameCom780.exe ()
O4:64bit: - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [MsmqIntCert] C:\Windows\SysNative\mqrt.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Programme\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Programme\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Programme\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Programme\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [emsisoft anti-malware] C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe File not found
O4 - HKLM..\Run: [NBAgent] c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [Razer Synapse] C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer USA Ltd)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKU\.DEFAULT..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3823257520-3918744310-912333811-1000..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe File not found
O4 - HKU\S-1-5-21-3823257520-3918744310-912333811-1000..\Run: [Akamai NetSession Interface] C:\Users\***\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-3823257520-3918744310-912333811-1000..\Run: [PlayNC Launcher] File not found
O4 - HKU\S-1-5-21-3823257520-3918744310-912333811-1000..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-3823257520-3918744310-912333811-1000..\Run: [Spotify Web Helper] C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKU\S-1-5-21-3823257520-3918744310-912333811-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-3823257520-3918744310-912333811-1000..\Run: [Vidalia] "C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe" File not found
O4 - HKU\.DEFAULT..\RunOnce: [] File not found
O4 - HKU\S-1-5-18..\RunOnce: [] File not found
O4 - HKU\S-1-5-19..\RunOnce: [] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKU\S-1-5-21-3823257520-3918744310-912333811-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-3823257520-3918744310-912333811-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Value error.)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{459AF30A-A07C-46E6-8C65-47F88C88AD10}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{963CF84D-9ECD-4382-A868-0DDE606D042D}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{963CF84D-9ECD-4382-A868-0DDE606D042D}: NameServer = 8.8.8.8,8.8.4.4
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~2\mcafee\sitead~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~2\mcafee\sitead~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\SysWOW64\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-3823257520-3918744310-912333811-1000 Winlogon: Shell - (expstart.exe) - C:\Windows\expstart.exe ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{635ee9fc-2715-11e0-a451-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{635ee9fc-2715-11e0-a451-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.11.17 23:03:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL(1).exe
[2012.11.17 16:49:54 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe
[2012.11.17 16:08:20 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe
[2012.11.16 16:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2012.11.16 16:35:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2012.11.16 16:35:15 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Anti-Malware
[2012.11.16 14:06:24 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012.11.16 14:06:15 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\hitman362
[2012.11.16 12:59:18 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012.11.16 12:59:18 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012.11.16 12:51:52 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.11.16 12:51:52 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.11.16 12:51:51 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.11.16 12:51:51 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.11.16 12:51:51 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.11.16 12:51:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.11.16 12:51:51 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.11.16 12:51:51 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.11.16 12:51:50 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.11.16 12:51:50 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.11.16 12:51:50 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.11.16 12:51:50 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.11.16 12:51:48 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.11.16 12:51:48 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.11.16 12:51:48 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.11.16 12:47:24 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012.11.16 12:47:24 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012.11.16 12:47:24 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012.11.16 12:47:24 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012.11.15 20:16:05 | 000,289,768 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012.11.15 20:15:56 | 000,189,416 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012.11.15 20:15:56 | 000,188,904 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012.11.15 20:15:56 | 000,108,008 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2012.11.15 20:15:45 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.11.15 19:53:18 | 001,034,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012.11.15 17:07:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.15 17:07:30 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.11.15 17:07:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.11.15 09:54:10 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012.11.15 09:54:10 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2012.11.15 09:54:10 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012.11.15 09:54:06 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisRtl.dll
[2012.11.15 09:54:05 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisRtl.dll
[2012.11.15 09:54:05 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ahadmin.dll
[2012.11.15 09:54:05 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admwprox.dll
[2012.11.15 09:54:05 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admwprox.dll
[2012.11.15 09:54:05 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ahadmin.dll
[2012.11.15 09:54:05 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisreset.exe
[2012.11.15 09:54:05 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisreset.exe
[2012.11.15 09:54:05 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wamregps.dll
[2012.11.15 09:54:05 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wamregps.dll
[2012.11.15 09:54:04 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisrstap.dll
[2012.11.15 09:54:04 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisrstap.dll
[2012.11.15 09:54:02 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012.11.15 09:54:02 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012.11.15 09:53:49 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2012.11.15 09:53:48 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2012.11.15 09:53:48 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2012.11.15 09:53:48 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2012.11.15 09:53:48 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2012.11.15 09:53:48 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2012.11.07 18:41:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
[2012.11.07 18:41:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Razer
[2012.11.06 16:47:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Razer
[2012.11.03 02:09:19 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2012.11.03 01:42:34 | 000,203,104 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys
[2012.11.03 01:42:34 | 000,102,368 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys
[2012.11.02 22:25:53 | 000,000,000 | ---D | C] -- C:\Temp
[2012.10.29 03:19:02 | 000,148,480 | ---- | C] (Razer USA Ltd) -- C:\Windows\SysWow64\rztouchdll.dll
[2012.10.29 03:18:58 | 000,617,472 | ---- | C] (Razer USA Ltd) -- C:\Windows\SysWow64\rzdevicedll.dll
[2012.10.29 03:18:56 | 000,165,888 | ---- | C] (Razer USA Ltd) -- C:\Windows\SysWow64\rzaudiodll.dll
[2012.10.29 00:15:19 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log
[2012.10.29 00:15:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Samsung
[2012.10.29 00:15:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Samsung
[2012.10.29 00:14:56 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\samsung
[2012.10.28 22:51:32 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll
[2012.10.28 22:50:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2012.10.28 22:50:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2012.10.28 12:03:03 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Info
[2012.10.27 21:09:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.10.27 18:42:21 | 000,000,000 | ---D | C] -- C:\Users\***\4tune_-_Battlepaket_Teil_1
[2012.10.25 03:18:26 | 000,113,664 | ---- | C] (Razer USA Ltd) -- C:\Windows\SysNative\drivers\rzudd.sys
[2012.10.23 20:37:32 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Mathe 2
[2012.10.23 20:37:26 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Mathe 1
[2012.10.22 17:15:19 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\My Curse
[2012.10.22 17:15:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
[2012.10.21 18:59:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2012.10.20 02:04:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Audacity
[2012.10.20 02:02:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.11.18 01:36:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.18 01:19:09 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.18 01:19:09 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.18 01:12:33 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.18 01:10:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.18 01:10:31 | 532,856,831 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.18 00:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.18 00:17:35 | 000,543,531 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe
[2012.11.17 23:03:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL(1).exe
[2012.11.17 19:58:49 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.11.17 16:49:54 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe
[2012.11.17 16:42:44 | 000,000,512 | ---- | M] () -- C:\Users\***\Desktop\MBR.dat
[2012.11.17 16:08:46 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe
[2012.11.17 12:29:40 | 000,329,144 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.16 20:30:32 | 000,001,982 | ---- | M] () -- C:\Users\***\Documents\Lines Erklärung.rtf
[2012.11.16 16:35:56 | 000,001,098 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012.11.16 13:02:20 | 001,824,958 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.16 13:02:20 | 000,772,710 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.16 13:02:20 | 000,715,058 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.16 13:02:20 | 000,174,802 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.16 13:02:20 | 000,142,440 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.15 20:15:47 | 001,034,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012.11.15 20:15:47 | 000,916,456 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012.11.15 20:15:47 | 000,289,768 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012.11.15 20:15:47 | 000,189,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012.11.15 20:15:47 | 000,188,904 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012.11.15 20:15:47 | 000,108,008 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2012.11.15 17:49:52 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger(1).exe
[2012.11.15 17:08:29 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.13 18:01:18 | 000,000,351 | ---- | M] () -- C:\Users\***\Documents\Hawk Diss.rtf
[2012.11.08 18:41:24 | 000,000,498 | ---- | M] () -- C:\Users\***\Documents\2.0.rtf
[2012.11.08 18:40:48 | 000,000,715 | ---- | M] () -- C:\Users\***\Documents\Zeilen.rtf
[2012.11.07 18:33:40 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01005.Wdf
[2012.11.06 16:58:36 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_rzudd_01009.Wdf
[2012.11.05 20:46:25 | 000,000,484 | ---- | M] () -- C:\Users\***\Documents\Chillstep.rtf
[2012.10.31 18:57:21 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.10.31 00:22:28 | 000,000,625 | ---- | M] () -- C:\Users\***\Documents\wejoispg.rtf
[2012.10.29 03:19:02 | 000,148,480 | ---- | M] (Razer USA Ltd) -- C:\Windows\SysWow64\rztouchdll.dll
[2012.10.29 03:18:58 | 000,617,472 | ---- | M] (Razer USA Ltd) -- C:\Windows\SysWow64\rzdevicedll.dll
[2012.10.29 03:18:56 | 000,165,888 | ---- | M] (Razer USA Ltd) -- C:\Windows\SysWow64\rzaudiodll.dll
[2012.10.28 22:45:14 | 001,780,860 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.10.27 00:03:32 | 001,781,409 | ---- | M] () -- C:\Users\***\Documents\Double half face.png
[2012.10.25 03:18:26 | 000,113,664 | ---- | M] (Razer USA Ltd) -- C:\Windows\SysNative\drivers\rzudd.sys
[2012.10.21 02:29:24 | 000,000,601 | ---- | M] () -- C:\Users\***\Documents\Wörter 2.rtf
[2012.10.21 02:29:16 | 000,000,194 | ---- | M] () -- C:\Users\***\Documents\Wörter.rtf
[2012.10.20 02:02:41 | 000,001,014 | ---- | M] () -- C:\Users\***\Desktop\Audacity.lnk
[2012.10.20 00:37:22 | 000,001,206 | ---- | M] () -- C:\Users\***\Text Raptext.rtf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.11.18 00:17:32 | 000,543,531 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe
[2012.11.17 19:58:49 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.11.17 16:42:44 | 000,000,512 | ---- | C] () -- C:\Users\***\Desktop\MBR.dat
[2012.11.16 20:30:32 | 000,001,982 | ---- | C] () -- C:\Users\***\Documents\Lines Erklärung.rtf
[2012.11.16 16:35:56 | 000,001,098 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012.11.16 12:59:19 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.16 12:47:23 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.15 17:49:52 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger(1).exe
[2012.11.15 17:07:32 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.13 18:01:18 | 000,000,351 | ---- | C] () -- C:\Users\***\Documents\Hawk Diss.rtf
[2012.11.08 18:41:24 | 000,000,498 | ---- | C] () -- C:\Users\***\Documents\2.0.rtf
[2012.11.08 18:40:48 | 000,000,715 | ---- | C] () -- C:\Users\***\Documents\Zeilen.rtf
[2012.11.07 18:33:40 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01005.Wdf
[2012.11.06 16:58:36 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_rzudd_01009.Wdf
[2012.11.04 02:56:48 | 000,000,484 | ---- | C] () -- C:\Users\***\Documents\Chillstep.rtf
[2012.10.31 18:57:21 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.10.31 00:22:28 | 000,000,625 | ---- | C] () -- C:\Users\***\Documents\wejoispg.rtf
[2012.10.27 00:03:31 | 001,781,409 | ---- | C] () -- C:\Users\***\Documents\Double half face.png
[2012.10.21 02:29:24 | 000,000,601 | ---- | C] () -- C:\Users\***\Documents\Wörter 2.rtf
[2012.10.21 02:29:16 | 000,000,194 | ---- | C] () -- C:\Users\***\Documents\Wörter.rtf
[2012.10.20 02:02:40 | 000,001,014 | ---- | C] () -- C:\Users\***\Desktop\Audacity.lnk
[2012.10.20 02:02:37 | 000,001,026 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2012.10.20 00:37:22 | 000,001,206 | ---- | C] () -- C:\Users\***\Text Raptext.rtf
[2012.09.26 20:57:14 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.09.26 20:57:14 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.09.26 20:57:14 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.09.26 20:57:14 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.09.26 12:51:27 | 000,000,402 | ---- | C] () -- C:\Windows\PLTGC.ini.cfl
[2012.09.26 12:51:09 | 000,003,489 | ---- | C] () -- C:\Windows\PLTGC.ini.cfg
[2012.09.26 12:51:09 | 000,000,432 | ---- | C] () -- C:\Windows\PLTGC.ini.imi
[2012.09.25 02:19:00 | 000,000,858 | ---- | C] () -- C:\Users\***\AppData\Local\recently-used.xbel
[2012.07.25 20:15:29 | 000,925,184 | ---- | C] () -- C:\Windows\expstart.exe
[2012.07.25 19:05:17 | 000,062,736 | R--- | C] () -- C:\Users\***\diablo_3.zip
[2012.07.21 14:09:04 | 000,507,336 | ---- | C] () -- C:\Windows\SysWow64\setup.exe
[2012.04.06 02:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.04.06 02:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.03.09 13:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.12.17 13:25:16 | 001,780,860 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.10.26 20:49:49 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.09.29 20:27:43 | 000,000,447 | ---- | C] () -- C:\Windows\PLTGC.ini
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.05.28 23:25:00 | 000,266,752 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.05.28 23:24:01 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.05.23 21:27:42 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.05.23 21:27:42 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011.01.23 18:54:11 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2011.01.23 18:40:10 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011.01.23 18:29:22 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
========== ZeroAccess Check ==========
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
< End of report >
Extras.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 18.11.2012 01:43:03 - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
6,00 Gb Total Physical Memory | 4,19 Gb Available Physical Memory | 69,82% Memory free
11,99 Gb Paging File | 9,59 Gb Available in Paging File | 79,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,73 Gb Total Space | 134,34 Gb Free Space | 57,72% Space Free | Partition Type: NTFS
Drive D: | 232,64 Gb Total Space | 182,58 Gb Free Space | 78,48% Space Free | Partition Type: NTFS
Computer Name: TOSH123 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-3823257520-3918744310-912333811-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- C:\program files (x86)\t-online\t-online_software_6\browser\Browser.exe "%1" (Deutsche Telekom AG)
htmlfile [opennew] -- C:\program files (x86)\t-online\t-online_software_6\browser\Browser.exe "%1" (Deutsche Telekom AG)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- C:\program files (x86)\t-online\t-online_software_6\browser\Browser.exe "%1" (Deutsche Telekom AG)
htmlfile [opennew] -- C:\program files (x86)\t-online\t-online_software_6\browser\Browser.exe "%1" (Deutsche Telekom AG)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09FF1053-FAF6-487E-A700-4869C655644B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{118AEAD3-D813-4DCD-B16C-0EB6C6A190F8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1E08FFA4-E8F5-48D9-9B57-CC810E54E9EB}" = rport=137 | protocol=17 | dir=out | app=system |
"{2047E809-8BF7-49E4-B08B-2FCD8566386C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{21374643-E1B7-4BE9-92D0-CB7255FC6CE2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{27D87AA0-48AE-4AF9-A4B1-7011A2D11733}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{287279B2-B1A7-4332-9802-6159A833B7BF}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2900D95A-006A-4D05-B042-F74A6AB35304}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3734584A-1474-438E-990C-C819542F7B63}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{382AF8B4-EDA7-41C0-9BC8-4A8DA21175DE}" = lport=139 | protocol=6 | dir=in | app=system |
"{3A0DF544-F01D-42F0-8DF7-492B85976D25}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4B3EB1B5-3CBF-4EA8-A6C4-48ACAE52EA74}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4BA04662-0AB5-4D6A-8FCA-7F0F06D98225}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{50935B2E-D6ED-44F5-AA4B-E6C741CBA644}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5A3B1C42-A07F-474A-A9B5-69FA9C9A2497}" = lport=138 | protocol=17 | dir=in | app=system |
"{5D96D458-FB38-44AC-90FC-A10CA6FB9593}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{626AACA8-6138-4A0F-BDDF-A9A9B7E13A5C}" = rport=139 | protocol=6 | dir=out | app=system |
"{639913A6-8910-46F7-8FFD-039B92EC25D6}" = rport=445 | protocol=6 | dir=out | app=system |
"{6817D3C4-F149-44AA-94C4-CE938BFFCB7D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{84A854B5-86D1-462B-812D-A0C1D4EDBCA6}" = lport=445 | protocol=6 | dir=in | app=system |
"{89F6CD0C-7704-4F4F-B26F-C883FFBE3ECF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9F354B65-ED6A-4ED5-9C18-C06A83DAB9C1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9F992736-36BC-457C-9D2A-03209263EB3E}" = lport=137 | protocol=17 | dir=in | app=system |
"{A5B3BE83-43AE-4C2A-9CA1-FFCB12501B86}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AC75A1DD-9187-4F23-BCF9-A36F27D574F0}" = lport=6881 | protocol=6 | dir=in | name=blizzard downloader: 6881 |
"{AE57CCD1-D6FF-4D39-8EC5-D699853BBC41}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B0A492DE-2E32-45BC-91EF-F4779E79CD47}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B62B0212-70F1-4E04-9F0F-D8EC3AEEA7AD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C423930B-DA89-48A8-BDA4-BBEB56F99815}" = rport=138 | protocol=17 | dir=out | app=system |
"{CD649C2A-E97A-465D-8C21-FC699A19E3BB}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CE593701-4AD9-472D-9063-2C13315ECB42}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{D24239B0-DE81-4986-86D2-BDAD5659D5CE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D85495F2-8853-44EA-A9E8-A9FF82252CC8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DB4E409C-E2E2-46A7-8ED1-6DAA23138440}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0441D3FE-A8B6-48D4-A717-2C127FD7F05A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{060714DE-244F-4852-A837-6048B7AD3555}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{078FA9A9-8413-4B01-8E60-728F7FE05745}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{09CEAD91-5482-40B2-9095-14096D3B2D88}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{0A2432AE-CC45-4AE5-91F7-BA030EFFB176}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0BB205A3-4648-440E-B17B-AA63ED16D053}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\oddworld abes exoddus\exoddus.exe |
"{0BE0D12F-A459-40C0-8B0E-9F45A4DF5B2A}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{0C55E6D1-6416-4F06-A1CC-943933A7FC5C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
"{0CDB8C1F-9341-4EDB-8580-8DE22C7D0396}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0D389E43-4A07-4BF2-A37B-50E1145EA031}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0EFE0478-2830-4314-8CA3-07F12688EF3D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{169E524F-68D3-43ED-AAB5-5B86F325ACC4}" = protocol=6 | dir=out | app=system |
"{197EFC26-C4AD-4B1D-B00A-E90F2A70BD56}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{20310882-67E5-446D-A499-F3EF1BF7D775}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{210EF0E0-630D-4522-B435-7B9B2B4F74D8}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{22728355-91A3-45B1-9DA9-7C7FA7F111A2}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2 demo\bin32\crysis2launcher.exe |
"{2BC2FB64-BF1A-4DF4-8C70-5A2D5B846748}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis sp demo\bin32\crysis.exe |
"{357D51F0-BC95-4DC8-B22C-A6432B388D08}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{370522EF-5A0C-4ADE-92EC-5A7BB4154A10}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{39401F21-56CC-4B83-9A84-CE23096B70AB}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{3D9044C4-6082-4D22-AE35-D6B24D8F153B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{3DD96AA9-5EBE-4648-B5BB-BF551F4B0CF3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\oddworld abes oddysee\abewin.exe |
"{3E0E3B7D-EA84-42FD-82C9-E9F004C7977A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3F3147B1-7C8A-41BD-AC4E-B698C9FB5ABD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{41E73F6A-B9C8-4E00-B0D1-4DB16155D061}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"{4280680D-5D9F-458C-A65D-900397F8A42A}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age 2\dragonage2launcher.exe |
"{43BA76AC-5D84-42FE-A670-CB8795CC361C}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2 demo\bin32\crysis2launcher.exe |
"{44BFA79C-BF4D-441F-ADE9-DA54E9243636}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{45F91E21-DFBD-400C-A53F-2A76C6963E5D}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{4B50E700-2FD7-4585-B058-C9EC0CFEC656}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age 2\bin_ship\dragonage2.exe |
"{50F0B485-93EE-42DA-BDB2-2DDE401A368F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{50FA4C5A-6588-42C3-BA17-54C16885F057}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{57126AF8-65EB-40EA-A2C2-1453F23F51A5}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis sp demo\bin32\crysis.exe |
"{5B4A919C-D10F-4B42-9266-3A23204963F9}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{5F10234C-8FBA-4D04-B27D-41490AD94AB8}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age 2\dragonage2launcher.exe |
"{6463A93E-EAD2-4552-A681-3054FC58683C}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{684624C8-2A3F-48BE-9D44-FA5E11A7AC99}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{72C15B4C-EB7F-4845-914A-7F3B55220099}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{78BF2E36-3655-4ED6-89C9-CF03FBE6849C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{85DA6223-22AA-4AFA-89F4-5F43C5F2BA45}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{876E217A-44A9-40C4-AF18-E8E6FFD4C7B3}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{8A2A3E9A-AF26-4F71-85D1-DE8B6E3ABC00}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"{8B414A8A-78AA-4212-9D11-22F5C09ED962}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{9088D857-C848-4650-88CE-5F1047AAD0A9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9A24BDC7-995E-4F25-8381-2B115B4223FD}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"{ACC1EC85-4793-4F57-BE84-D66AC3887FD2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AF168823-1909-4970-9C67-1BEFAB62AB60}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B8A55767-11AF-4101-AA10-00EA24CD7720}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\oddworld abes exoddus\exoddus.exe |
"{BA8A01A3-BFAE-4A2A-9EDC-14CE1097690C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BC7D06CD-02FC-4E57-9E0C-1512FF257C41}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{BEDEBD35-40B2-4566-87A9-4595D6F174A2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"{C8EBEEB2-6DBB-4D7E-A193-9471BF35CDFD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{CB380EA5-BAFB-4486-9D09-D86EA70B09E9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CBD60ED3-C6DF-4AAB-9096-595292B7CBA1}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age 2\bin_ship\dragonage2.exe |
"{CCADDE70-3659-49F1-8FE4-263466DE09EA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CED1F4A4-41D7-4C60-AA5A-3B2A78693175}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{D0979B06-125B-412B-8279-935C00C17FC8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D25C7D30-BD18-4800-A6E1-C724A33F83F9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{D8DA9A03-ECC9-42D1-868C-71737CB36F37}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{DCC77A6E-9E27-41CE-928D-E6ACD9B9F43E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{DCDBA3DE-7C4C-43E5-82C5-CED8C97CF8AA}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{E15E8923-09E9-4872-8C14-AE6CCD0170FC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E34396F2-11B1-4284-A03A-3D58AC732F3C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
"{E4612DE6-F271-4B64-A411-4B38372430F4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\oddworld abes oddysee\abewin.exe |
"{E68B66FE-873A-4336-BCC8-18564B2D7A17}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{E744FBFD-3B90-4ECA-8309-BA8F2A533D3F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E83CADE8-8B4C-4C6B-B8E2-0F3007118125}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E8889F38-1C20-4FA9-8389-123E12D58056}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{EEFD8A19-1CBB-4DF6-B348-24FE728E09C1}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{F09B2300-F4BE-4E2F-AB68-5B184AE03F3E}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{F4058DB7-887E-43F3-985C-A81DC949B154}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{30EDAA78-1816-4ECF-A3C9-475D9ADA9954}C:\users\***\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\akamai\netsession_win.exe |
"TCP Query User{F37A9193-CA4F-4048-A3E2-E46F85B6776E}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"UDP Query User{86E859AD-89C2-40B2-BAF5-0698E66B7CE4}C:\users\***\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\akamai\netsession_win.exe |
"UDP Query User{A65508BF-9C01-471E-86F4-CAEF49B5B07D}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0857F88E-C72B-B4C4-6019-5A6D2050229C}" = AMD Catalyst Install Manager
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{2BA8381A-F47A-0A1A-8CDC-9EED42CBF73A}" = AMD Media Foundation Decoders
"{389D85F6-D005-095E-3C49-3675754B41F8}" = AMD Drag and Drop Transcoding
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"{A762DDE6-D6AC-ECDC-DFBE-E35A0FCFB0AD}" = AMD Fuel
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{C5CFDA3B-64EC-21EE-6652-0E9AFC41FF8F}" = ccc-utility64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"{F4F0546E-E0F2-5D87-A502-B0B2FBFDD7CD}" = AMD Accelerated Video Transcoding
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_AUDIO_HDA_HDMI" = Conexant Audio Driver For AMD HDMI Codec
"GIMP-2_is1" = GIMP 2.8.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01B9D184-F3C5-48B2-6DBA-56D5DCD85E97}" = CCC Help Chinese Traditional
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{062BC4B4-891A-C58D-B335-7A6358BB438C}" = CCC Help English
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{073B89C3-BA88-41B5-965F-B35A88EAE838}" = TOSHIBA Supervisor Password
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}" = Razer Synapse 2.0
"{0E4545D7-2B4B-1EF1-505E-1B9E512980F1}" = CCC Help Portuguese
"{0FF68F26-416C-4954-ACA5-6AD5F9DE99C1}" = Nero Multimedia Suite 10 Essentials
"{15DA32B6-4726-AABE-E3BD-761DA0DE4132}" = CCC Help Norwegian
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2290A680-4083-410A-ADCC-7092C67FC052}" = TOSHIBA Online Product Information
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{2764C49D-4BFD-A240-F64D-E11AF855C714}" = CCC Help Swedish
"{29E21CFC-5DEE-6441-AD4A-C15655BFC146}" = CCC Help Chinese Standard
"{2C03DD9D-D28B-9D33-22DA-AB1C007B8412}" = CCC Help Spanish
"{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}" = Six Updater
"{2DE1BCDB-48F7-723F-1DF0-FAB7B4184CE4}" = CCC Help Danish
"{2FF505C2-318E-7B51-FA77-51B9E6F0677D}" = CCC Help Czech
"{30E02033-8A23-ABF8-474C-1CD0C7504659}" = CCC Help French
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{3D047C6C-19EE-46E3-C14B-9FA84260DF9B}" = Photo Service - powered by myphotobook
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{43BAB72A-5430-FD3B-ADBD-02105E4AEE03}" = CCC Help Thai
"{492B292A-8A5E-EE0D-5EAA-B303CCB1F14D}" = CCC Help Italian
"{496CD607-9E63-4809-8C10-3EDD85AF7FC3}" = S4 League_EU
"{4B487EAF-EC47-EDEF-599B-CA45F17DD5D0}" = Catalyst Control Center Graphics Previews Common
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{59FB5F5C-B127-D725-72CF-D8ECEF40163D}" = CCC Help Finnish
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6DFCEE0F-17DA-93D0-65EE-C280DA539FFD}" = CCC Help Korean
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{78482808-3AE8-5650-52AD-2E73D0C6BB43}" = Catalyst Control Center Localization All
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BE504E9-0677-87AC-07D2-1A1428E17A92}" = Catalyst Control Center InstallProxy
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D4B4AB4-C554-66E3-1214-5C109C504220}" = Catalyst Control Center InstallProxy
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}" = TOSHIBA Hardware Setup
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92AF2F5A-4407-4A03-A80A-5A2582264746}" = Crysis(R) SP Demo
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{9ECE13D2-C028-44CB-8A96-A65196E7BBE7}_is1" = Convert AVI to MP4 1.3
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite DCP-135C
"{A60C5BE1-9644-01E7-5E8A-5F0318D268C6}" = AMD VISION Engine Control Center
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A74F16FA-1D5B-405B-8D8D-1BC6F9DAED8B}" = Amazon.de
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9674831-B5FC-32DA-D7F7-067DB3FC36C8}" = CCC Help Polish
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B24A294A-5BA2-E73D-2064-80BB7A940102}" = CCC Help Japanese
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{BECC92A2-F74A-9003-214D-7F2B059B61D1}" = CCC Help Turkish
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C9FB868B-2086-4EE2-BD4F-BFBA36B131F4}" = NCsoft Launcher
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1953F1B-F323-B5BC-4513-BC82EFED21DD}" = CCC Help Dutch
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D9D98127-FC22-6734-079B-F68E15BDCC8F}" = Application Profiles
"{DBB7021A-3437-446F-ACE5-7261644A972C}" = Toshiba TEMPRO
"{DDB9AF26-1CA1-99F6-A3E5-3D76D6D45BE7}" = CCC Help Greek
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0FA217A-9661-02A8-E259-A2702CBD8C40}" = CCC Help German
"{E0FAA369-B0E3-48B8-9447-4873103B0012}" = TOSHIBA ConfigFree
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E72F1051-B87E-4EF4-AE9F-8FDD229CC438}" = Catalyst Control Center - Branding
"{EB3C9064-9140-4279-9E51-965119402151}" = Plantronics® GameCom 780 Software for Dolby® Headphone
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBD2E918-2C91-A25B-DFA8-E9E96673061D}" = CCC Help Russian
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F950EC87-8370-F6BC-4996-1C2A0B486E5F}" = CCC Help Hungarian
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface Service
"Audacity_is1" = Audacity 2.0.2
"BattlEye for A2" = BattlEye Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"Diablo III" = Diablo III
"EADM" = EA Download Manager
"eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Photo Service - powered by myphotobook
"FileZilla Client" = FileZilla Client 3.5.3
"Fraps" = Fraps
"Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3.12.1228
"Game Booster_is1" = Game Booster 3
"Google Chrome" = Google Chrome
"Guild Wars 2" = Guild Wars 2
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360" = Norton 360
"NCLauncher_GameForge" = NC Launcher (GameForge)
"OpenAL" = OpenAL
"RocketDock_is1" = RocketDock 1.3.5
"SpeedFan" = SpeedFan (remove only)
"Steam App 15700" = Oddworld: Abe's Oddysee
"Steam App 15710" = Oddworld: Abe's Exoddus
"Steam App 33910" = ARMA 2
"Steam App 33930" = ARMA 2: Operation Arrowhead
"TIPP10_is1" = TIPP10 Version 2.1.0
"TmNationsForever_is1" = TmNationsForever
"TOSHIBA Game Console" = WildTangent ORB Game Console
"VLC media player" = VLC media player 1.1.11
"WildTangent toshiba Master Uninstall" = WildTangent-Spiele
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"WT088682" = Bejeweled 2 Deluxe
"WT088696" = Chuzzle Deluxe
"WT088759" = Polar Bowler
"WT089367" = Farm Mania 2
"WT089378" = Jewel Quest II
"WT089380" = Penguins!
"WT089381" = Slingo Supreme
"WT089388" = Zuma Deluxe
"WT089395" = Plants vs. Zombies - Game of the Year
"WT089404" = Fishdom
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3823257520-3918744310-912333811-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"101a9f93b8f0bb6f" = Curse Client
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 08.11.2012 13:41:43 | Computer Name = TOSH123 | Source = Application Hang | ID = 1002
Description = Programm LolClient.exe, Version 2.0.2.12610 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in
der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1c68 Startzeit: 01cdbdd5dd0bc4f1 Endzeit: 5 Anwendungspfad: D:\League
of Legends\RADS\projects\lol_air_client\releases\0.0.0.220\deploy\LolClient.exe
Berichts-ID:
871048ce-29cb-11e2-ba55-00266ca7fdce
Error - 09.11.2012 09:54:12 | Computer Name = TOSH123 | Source = VSS | ID = 8194
Description =
Error - 09.11.2012 11:46:57 | Computer Name = TOSH123 | Source = VSS | ID = 8194
Description =
Error - 12.11.2012 16:07:45 | Computer Name = TOSH123 | Source = VSS | ID = 8194
Description =
Error - 12.11.2012 17:27:02 | Computer Name = TOSH123 | Source = VSS | ID = 8194
Description =
Error - 13.11.2012 12:53:30 | Computer Name = TOSH123 | Source = VSS | ID = 8194
Description =
Error - 14.11.2012 16:21:30 | Computer Name = TOSH123 | Source = VSS | ID = 8194
Description =
Error - 16.11.2012 22:08:42 | Computer Name = TOSH123 | Source = Application Hang | ID = 1002
Description = Programm NOTEPAD.EXE, Version 6.1.7600.16385 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: df4 Startzeit: 01cdc46865cadf78 Endzeit: 10 Anwendungspfad:
C:\Windows\system32\NOTEPAD.EXE Berichts-ID: b3b7e315-305b-11e2-87e9-00266ca7fdce
Error - 16.11.2012 22:09:26 | Computer Name = TOSH123 | Source = Application Hang | ID = 1002
Description = Programm NOTEPAD.EXE, Version 6.1.7600.16385 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1590 Startzeit: 01cdc468878191af Endzeit: 10 Anwendungspfad:
C:\Windows\system32\NOTEPAD.EXE Berichts-ID: cc78f620-305b-11e2-87e9-00266ca7fdce
Error - 17.11.2012 15:49:04 | Computer Name = TOSH123 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LoLLauncher.exe, Version: 0.0.0.0,
Zeitstempel: 0x4f15f44a Name des fehlerhaften Moduls: launcher.maestro.dll, Version:
1.0.0.29, Zeitstempel: 0x4e32067a Ausnahmecode: 0xc0000005 Fehleroffset: 0x000022f6
ID
des fehlerhaften Prozesses: 0x10d8 Startzeit der fehlerhaften Anwendung: 0x01cdc4fbb94a5057
Pfad
der fehlerhaften Anwendung: D:\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.101\deploy\LoLLauncher.exe
Pfad
des fehlerhaften Moduls: D:\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.101\deploy\launcher.maestro.dll
Berichtskennung:
d6cbb5f5-30ef-11e2-84ad-00266ca7fdce
[ System Events ]
Error - 16.11.2012 12:54:42 | Computer Name = TOSH123 | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 16.11.2012 12:54:42 | Computer Name = TOSH123 | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 16.11.2012 12:54:42 | Computer Name = TOSH123 | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 16.11.2012 12:54:45 | Computer Name = TOSH123 | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 16.11.2012 12:54:45 | Computer Name = TOSH123 | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 16.11.2012 12:56:29 | Computer Name = TOSH123 | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows-Fehlerberichterstattungsdienst erreicht.
Error - 16.11.2012 12:57:11 | Computer Name = TOSH123 | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst N360 erreicht.
Error - 16.11.2012 13:43:30 | Computer Name = TOSH123 | Source = Service Control Manager | ID = 7034
Description = Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal
passiert.
Error - 17.11.2012 07:29:46 | Computer Name = TOSH123 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 17.11.2012 20:11:18 | Computer Name = TOSH123 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
< End of report >
|
|
18.11.2012, 03:18
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Maljava - Infektion Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.11.2012, 17:04
| #13 |
| | Trojan.Maljava - Infektion Malwarebytes: Code:
ATTFilter Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: TOSH123 [Administrator]
18.11.2012 14:14:12
mbam-log-2012-11-18 (14-14-12).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 270392
Laufzeit: 1 Minute(n), 4 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)
(Ende)
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f9059cf3a4877e4b9010ffe2a69e0cf8
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-18 03:56:05
# local_time=2012-11-18 04:56:05 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3589 16777213 100 71 1524471 103908130 0 0
# compatibility_mode=5893 16776574 100 94 45775428 104875484 0 0
# compatibility_mode=8192 67108863 100 0 4109 4109 0 0
# scanned=256883
# found=0
# cleaned=0
# scan_time=8531
|
|
18.11.2012, 22:48
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Maljava - Infektion Sieht soweit ok aus Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.11.2012, 23:57
| #15 |
| | Trojan.Maljava - Infektion Bis jetzt habe ich nichts weiteres gefunden. Ich hoffe, dass das auch so bleibt. Wäre der Rechner dann soweit sauber? Ich werde die Cookies einfach abschalten, damit sie nach dem Ausschalten des Browsers gelöscht werden. Vielen, vielen dank, dass du dir die Zeit genommen und mir so gut dabei geholfen hast, den Mist los zu werden. Ab sofort werde ich wohl immer darauf achten, dass auch die jeweils ältere Version von Java nach jedem Update vom Rechner verschwindet... Schöne Grüße Tenerok |
|
| Themen zu Trojan.Maljava - Infektion |
| 7-zip, akamai, battle.net, browser.exe, converter, dateien gelöscht, desktop, downloader, error, firefox, flash player, google, home, index, install.exe, logfile, mozilla, plug-in, realtek, registry, rundll, scan, security, siteadvisor, software, spotify web helper, svchost.exe, symantec, teamspeak, trojan.maljava, trojaner, usb 2.0, windows, ändern |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
