| |
| |||||||
Log-Analyse und Auswertung: Polizei-Trojaner; Schweizerische EidgenossenschaftWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
20.11.2012, 20:13
| #1 |
 |  Polizei-Trojaner; Schweizerische Eidgenossenschaft Polizei-Trojaner : Schweizerische Eidgenossenschaft Hallo, auch mich hat es erwischt! Angaben zu System:Windows 7 (64 Bit) Antivir: "Avira Antivir" (Gratis-Software) Bisher gemacht: - Windows Startsystemreparatur (ich glaube, so hiess das. Ich habe beim Aufstarten, bevor das Windows-Fenster kam, CTRL, ALT & DELETE gedrückt. (wollte den Task-Manager starten) da lief dann dieses Programm automatisch) -Durchlauf mit :mseinstall und malwarebytes (Gefundene Dateien leider gelöscht ohne Inhalt zu speichern) -Durchlauf mit CCleaner -Durchlauf mit "Defogger" (keine Fehlermeldungen) Logfile von OTLOTL Logfile: Code:
ATTFilter OTL logfile created on: 20.11.2012 20:43:18 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\****\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 2,87 Gb Total Physical Memory | 1,31 Gb Available Physical Memory | 45,58% Memory free 5,73 Gb Paging File | 3,58 Gb Available in Paging File | 62,47% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 116,44 Gb Total Space | 48,33 Gb Free Space | 41,51% Space Free | Partition Type: NTFS Drive D: | 116,05 Gb Total Space | 98,61 Gb Free Space | 84,97% Space Free | Partition Type: NTFS Computer Name: MEIWA-TOSH | User Name: Meiwa | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\****\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Users\Meiwa\AppData\Roaming\Smilebox\SmileboxTray.exe (Smilebox, Inc.) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - c:\PROGRA~2\mcafee\SITEAD~1\saui.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc) PRC - C:\Users\Meiwa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\ESET\ESET Smart Security\x86\ekrn.exe (ESET) PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe (McAfee, Inc.) PRC - C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\McAfee\MSK\MskSrver.exe (McAfee, Inc.) PRC - c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee, Inc.) PRC - c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\libglesv2.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\libegl.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\avutil-51.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\avformat-54.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\avcodec-54.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () ========== Services (SafeList) ========== SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation) SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll () SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (NisSrv) -- C:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (McAfee SiteAdvisor Service) -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (ekrn) -- C:\Programme\ESET\ESET Smart Security\x86\ekrn.exe (ESET) SRV - (GameConsoleService) -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation) SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION) SRV - (TemproMonitoringService) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH) SRV - (TosCoSrv) -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV - (TOSHIBA HDD SSD Alert Service) -- C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) SRV - (ConfigFree Gadget Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (MpfService) -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe (McAfee, Inc.) SRV - (mcmscsvc) -- C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) SRV - (MSK80Service) -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe (McAfee, Inc.) SRV - (McProxy) -- c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee, Inc.) SRV - (McNASvc) -- c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe (McAfee, Inc.) SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (eamonm) -- C:\Windows\SysNative\drivers\eamonm.sys (ESET) DRV:64bit: - (epfw) -- C:\Windows\SysNative\drivers\epfw.sys (ESET) DRV:64bit: - (ehdrv) -- C:\Windows\SysNative\drivers\ehdrv.sys (ESET) DRV:64bit: - (epfwwfp) -- C:\Windows\SysNative\drivers\epfwwfp.sys (ESET) DRV:64bit: - (EpfwLWF) -- C:\Windows\SysNative\drivers\EpfwLWF.sys (ESET) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (RTL8187B) -- C:\Windows\SysNative\drivers\RTL8187B.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (LPCFilter) -- C:\Windows\SysNative\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.) DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\drivers\tos_sps64.sys (TOSHIBA Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (IntcHdmiAddService) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation) DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (MPFP) -- C:\Windows\SysNative\drivers\Mpfp.sys (McAfee, Inc.) DRV:64bit: - (s0016mdm) -- C:\Windows\SysNative\drivers\s0016mdm.sys (MCCI Corporation) DRV:64bit: - (s0016mgmt) -- C:\Windows\SysNative\drivers\s0016mgmt.sys (MCCI Corporation) DRV:64bit: - (s0016obex) -- C:\Windows\SysNative\drivers\s0016obex.sys (MCCI Corporation) DRV:64bit: - (s0016mdfl) -- C:\Windows\SysNative\drivers\s0016mdfl.sys (MCCI Corporation) DRV:64bit: - (s0016bus) -- C:\Windows\SysNative\drivers\s0016bus.sys (MCCI Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {26647ca4-a2a7-4eac-8a72-761aa9141de7} - C:\Program Files (x86)\www.Freeware-download.com\prxtbwww0.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = hxxp://search.imesh.com/web?src=ieb&q={searchTerms} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKU\.DEFAULT\..\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C}: "URL" = hxxp://www.questscan.com/?prt=QUESTSCAN177&keywords={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> IE - HKU\S-1-5-18\..\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C}: "URL" = hxxp://www.questscan.com/?prt=QUESTSCAN177&keywords={searchTerms} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> IE - HKU\S-1-5-21-204597789-693288687-3208931555-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH IE - HKU\S-1-5-21-204597789-693288687-3208931555-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bluewin.ch/ IE - HKU\S-1-5-21-204597789-693288687-3208931555-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx IE - HKU\S-1-5-21-204597789-693288687-3208931555-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch IE - HKU\S-1-5-21-204597789-693288687-3208931555-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CA AC 52 33 64 36 CB 01 [binary data] IE - HKU\S-1-5-21-204597789-693288687-3208931555-1000\..\URLSearchHook: {26647ca4-a2a7-4eac-8a72-761aa9141de7} - C:\Program Files (x86)\www.Freeware-download.com\prxtbwww0.dll (Conduit Ltd.) IE - HKU\S-1-5-21-204597789-693288687-3208931555-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKU\S-1-5-21-204597789-693288687-3208931555-1000\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.) IE - HKU\S-1-5-21-204597789-693288687-3208931555-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-204597789-693288687-3208931555-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-21-204597789-693288687-3208931555-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSEH_deCH367 IE - HKU\S-1-5-21-204597789-693288687-3208931555-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms} IE - HKU\S-1-5-21-204597789-693288687-3208931555-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = hxxp://search.imesh.com/web?src=ieb&q={searchTerms} IE - HKU\S-1-5-21-204597789-693288687-3208931555-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKU\S-1-5-21-204597789-693288687-3208931555-1000\..\SearchScopes\{F058D94C-66D9-4CDF-87A6-9A8B74D62F40}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2 IE - HKU\S-1-5-21-204597789-693288687-3208931555-1000\..\SearchScopes\{FE7531ED-412E-4674-9B3B-0ECAA50AE6DB}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms} IE - HKU\S-1-5-21-204597789-693288687-3208931555-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Meiwa\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2011.12.03 12:08:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012.08.23 17:57:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011.12.03 12:08:41 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - homepage: hxxp://www.searchnu.com/406 CHR - default_search_provider: Search Results (Enabled) CHR - default_search_provider: search_url = hxxp://dts.search-results.com/sr?src=crb&appid=390&systemid=406&sr=0&q={searchTerms} CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://www.searchnu.com/406 CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Meiwa\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Meiwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - Extension: YouTube = C:\Users\Meiwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\Meiwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: SiteAdvisor = C:\Users\Meiwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\ CHR - Extension: Google Mail = C:\Users\Meiwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - C:\Program Files (x86)\McAfee\MSK\mskapbho64.dll () O2:64bit: - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\x64\BROWSE~1.DLL (Bandoo Media, inc) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O2 - BHO: (www.Freeware-download.com Toolbar) - {26647ca4-a2a7-4eac-8a72-761aa9141de7} - C:\Program Files (x86)\www.Freeware-download.com\prxtbwww0.dll (Conduit Ltd.) O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - C:\Program Files (x86)\McAfee\MSK\MskAPBho.dll () O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (UrlHelper Class) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files (x86)\iMesh Applications\MediaBar\DataMngr\IEBHO.dll (iMesh, Inc) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll () O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\BROWSE~1.DLL (Bandoo Media, inc) O2 - BHO: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files (x86)\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll () O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (www.Freeware-download.com Toolbar) - {26647ca4-a2a7-4eac-8a72-761aa9141de7} - C:\Program Files (x86)\www.Freeware-download.com\prxtbwww0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll () O3 - HKLM\..\Toolbar: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files (x86)\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll () O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3:64bit: - HKU\S-1-5-21-204597789-693288687-3208931555-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKU\S-1-5-21-204597789-693288687-3208931555-1000\..\Toolbar\WebBrowser: (www.Freeware-download.com Toolbar) - {26647CA4-A2A7-4EAC-8A72-761AA9141DE7} - C:\Program Files (x86)\www.Freeware-download.com\prxtbwww0.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-204597789-693288687-3208931555-1000\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-204597789-693288687-3208931555-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-204597789-693288687-3208931555-1000\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [TosNC] C:\Programme\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Programme\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE (Bandoo Media, inc) O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.) O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA) O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) O4 - HKU\.DEFAULT..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA) O4 - HKU\S-1-5-18..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-204597789-693288687-3208931555-1000..\Run: [Facebook Update] C:\Users\Meiwa\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-204597789-693288687-3208931555-1000..\Run: [SmileboxTray] C:\Users\Meiwa\AppData\Roaming\Smilebox\SmileboxTray.exe (Smilebox, Inc.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\Meiwa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Meiwa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-204597789-693288687-3208931555-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Meiwa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Meiwa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D7ABFF4B-5473-4560-8871-66D5136056F6}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll (Bandoo Media, inc) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll (Bandoo Media, inc) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{5b36c1e3-855f-11e1-be5c-0026223ae141}\Shell - "" = AutoRun O33 - MountPoints2\{5b36c1e3-855f-11e1-be5c-0026223ae141}\Shell\AutoRun\command - "" = F:\Launcher.exe O33 - MountPoints2\{7d9044ee-b566-11de-af66-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{7d9044ee-b566-11de-af66-806e6f6e6963}\Shell\AutoRun\command - "" = E:\CH-Fahrschule.exe O33 - MountPoints2\{8632d5fd-2c14-11e1-ace8-0026223ae141}\Shell - "" = AutoRun O33 - MountPoints2\{8632d5fd-2c14-11e1-ace8-0026223ae141}\Shell\AutoRun\command - "" = F:\Start.exe O33 - MountPoints2\{b13c9aef-92ac-11e0-bbf8-0026223ae141}\Shell - "" = AutoRun O33 - MountPoints2\{b13c9aef-92ac-11e0-bbf8-0026223ae141}\Shell\AutoRun\command - "" = F:\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.20 17:58:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client [2012.11.20 17:58:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2012.11.20 04:09:03 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.11.20 04:09:02 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.11.20 04:08:58 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.11.20 04:08:58 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.11.20 04:08:58 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.11.20 04:08:57 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.11.20 04:08:57 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.11.20 04:08:57 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.11.20 04:08:53 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.11.20 04:08:53 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.11.20 04:08:52 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.11.20 04:08:51 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.11.20 04:08:47 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.11.20 04:08:47 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.11.20 04:08:47 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.11.19 18:21:24 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll [2012.11.19 18:21:12 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll [2012.11.19 18:21:10 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll [2012.11.19 18:21:10 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe [2012.11.19 17:01:55 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys [2012.11.19 17:01:55 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll [2012.11.19 16:56:03 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll [2012.11.19 16:56:01 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll [2012.11.19 16:56:00 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll [2012.11.18 21:16:17 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll [2012.11.18 21:16:17 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll [2012.11.18 21:16:17 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll [2012.11.18 21:16:16 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll [2012.11.18 21:16:12 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll [2012.11.18 21:16:12 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll [2012.11.18 19:53:50 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll [2012.11.18 19:53:50 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll [2012.11.17 10:32:49 | 000,000,000 | -HSD | C] -- C:\found.000 [2012.11.16 06:32:25 | 000,000,000 | ---D | C] -- C:\Users\Meiwa\AppData\Roaming\Malwarebytes [2012.11.16 06:31:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.16 06:31:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.16 06:31:37 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.11.16 06:31:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.11.16 06:19:38 | 000,016,200 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys [2012.11.16 06:19:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger [2012.11.12 21:55:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\eeepcfr [2012.11.12 07:22:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2012.11.12 06:49:51 | 000,000,000 | ---D | C] -- C:\Users\Meiwa\Documents\Einladungen, Gratulationskarten [2012.11.08 19:54:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Meiwa\Desktop\OTL.exe [2012.10.27 12:21:48 | 000,000,000 | ---D | C] -- C:\Users\Meiwa\AppData\Roaming\OpenCandy [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.20 20:47:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.20 20:40:02 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-204597789-693288687-3208931555-1000UA.job [2012.11.20 19:51:48 | 000,046,023 | ---- | M] () -- C:\Windows\SysNative\Config.MPF [2012.11.20 19:41:51 | 000,000,000 | ---- | M] () -- C:\Users\Meiwa\defogger_reenable [2012.11.20 19:40:57 | 000,050,477 | ---- | M] () -- C:\Users\Meiwa\Desktop\Defogger.exe [2012.11.20 19:31:33 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.20 19:31:33 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.20 19:23:11 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.20 19:21:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.20 19:21:09 | 2309,656,576 | -HS- | M] () -- C:\hiberfil.sys [2012.11.20 17:59:26 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2012.11.19 19:21:33 | 000,428,584 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.11.19 16:48:39 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-204597789-693288687-3208931555-1000Core.job [2012.11.18 21:10:37 | 003,599,110 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.18 21:10:37 | 001,504,676 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.18 21:10:37 | 000,954,788 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.18 21:10:36 | 001,071,306 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.18 21:10:36 | 000,005,576 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.17 10:33:56 | 000,003,416 | ---- | M] () -- C:\bootsqm.dat [2012.11.16 06:31:44 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.16 06:19:38 | 000,016,200 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys [2012.11.13 09:09:47 | 000,000,000 | ---- | M] () -- C:\Windows\ToDisc.INI [2012.11.12 09:21:41 | 000,515,892 | ---- | M] () -- C:\Program Files\eeepcfr.zip [2012.11.11 19:58:35 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmpC83C8.FOT [2012.11.11 19:58:35 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp764C8.FOT [2012.11.11 19:58:33 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp7AAB8.FOT [2012.11.11 00:51:37 | 000,002,381 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.11.08 19:54:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Meiwa\Desktop\OTL.exe [2012.11.01 09:51:01 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\McQcTask.job [2012.10.27 17:26:11 | 000,000,448 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Meiwa.job [2012.10.27 12:22:22 | 000,001,405 | ---- | M] () -- C:\Users\Meiwa\Desktop\Free YouTube to MP3 Converter.lnk [2012.10.27 12:22:22 | 000,001,246 | ---- | M] () -- C:\Users\Meiwa\Desktop\DVDVideoSoft Free Studio.lnk [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.20 19:41:51 | 000,000,000 | ---- | C] () -- C:\Users\Meiwa\defogger_reenable [2012.11.20 19:40:55 | 000,050,477 | ---- | C] () -- C:\Users\Meiwa\Desktop\Defogger.exe [2012.11.20 17:59:26 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif [2012.11.20 17:59:07 | 000,002,124 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2012.11.19 18:21:08 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.11.19 17:02:05 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.17 10:33:56 | 000,003,416 | ---- | C] () -- C:\bootsqm.dat [2012.11.16 06:31:44 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.13 09:09:47 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI [2012.11.12 09:21:40 | 000,515,892 | ---- | C] () -- C:\Program Files\eeepcfr.zip [2012.11.11 19:58:35 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmpC83C8.FOT [2012.11.11 19:58:35 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp764C8.FOT [2012.11.11 19:58:33 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp7AAB8.FOT [2012.10.27 12:22:22 | 000,001,405 | ---- | C] () -- C:\Users\Meiwa\Desktop\Free YouTube to MP3 Converter.lnk [2011.12.06 07:59:39 | 000,141,700 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2011.08.26 16:24:02 | 000,002,528 | ---- | C] () -- C:\Users\Meiwa\AppData\Roaming\$_hpcst$.hpc [2011.08.14 13:51:00 | 059,161,664 | ---- | C] () -- C:\Program Files\avira_antivir_personal_de.exe [2011.08.09 16:11:24 | 000,000,290 | ---- | C] () -- C:\Windows\SIERRA.INI [2011.02.02 11:28:40 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\xdelta3.exe [2011.02.02 11:27:04 | 000,269,040 | ---- | C] () -- C:\Windows\SysWow64\GameUpdater.exe [2010.11.02 20:11:16 | 000,004,096 | -H-- | C] () -- C:\Users\Meiwa\AppData\Local\keyfile3.drm [2010.05.30 18:58:42 | 000,007,605 | ---- | C] () -- C:\Users\Meiwa\AppData\Local\Resmon.ResmonCfg [2010.04.17 14:20:46 | 000,000,000 | ---- | C] () -- C:\Users\Meiwa\AppData\Roaming\wklnhst.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011.03.21 18:50:36 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\Best Malware Protection [2012.11.20 19:24:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox [2012.10.27 12:22:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2011.09.27 20:08:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2011.12.03 12:09:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ESET [2009.11.26 13:56:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FloodLightGames [2012.04.01 09:58:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Garmin [2011.01.25 18:00:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo [2011.05.28 19:38:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Information Factory [2012.10.27 12:21:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenCandy [2009.11.15 13:29:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PlayFirst [2010.10.09 14:18:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Registry Mechanic [2011.10.19 18:16:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung [2012.11.01 09:51:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Smilebox [2010.04.17 14:45:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template [2010.05.01 18:50:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\The Games Company [2011.05.08 10:19:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Toshiba [2009.11.03 14:05:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WildTangent ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1 < End of report > Hallo Ja, leider habe ich die 60 Minuten verpasst, um die zweite Auswertung beizufügen. Deshalb folgt diese nun:OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 20.11.2012 20:43:18 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
2,87 Gb Total Physical Memory | 1,31 Gb Available Physical Memory | 45,58% Memory free
5,73 Gb Paging File | 3,58 Gb Available in Paging File | 62,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,44 Gb Total Space | 48,33 Gb Free Space | 41,51% Space Free | Partition Type: NTFS
Drive D: | 116,05 Gb Total Space | 98,61 Gb Free Space | 84,97% Space Free | Partition Type: NTFS
Computer Name: MEIWA-TOSH | User Name: ***| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-204597789-693288687-3208931555-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F2753DB-AC27-497B-A983-2BF8CBCF3037}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{23BDCD70-0830-48FB-ACBF-8CB11AEF635C}" = rport=138 | protocol=17 | dir=out | app=system |
"{267878F7-1C6D-405F-B66F-2CCEC40E1DF6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2B220B3C-43CE-40F9-95AF-70BAB1603D2D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2B5D5DEF-2A79-436E-AE16-FAD24897CA8B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2EC3E036-C9D3-4D7C-AC1F-EDB85A85CFFB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{333EC540-30F4-4EC7-8FA4-7DD23B0A4D36}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3B19BCDF-6FAB-4761-913D-C1629FD61E48}" = lport=139 | protocol=6 | dir=in | app=system |
"{46B1C6AD-83B1-4362-B3F4-FF87DCD6C55C}" = rport=139 | protocol=6 | dir=out | app=system |
"{4F160DA5-45B0-4F19-86DD-727C423039D4}" = lport=50890 | protocol=6 | dir=in | name=akamai netsession interface |
"{596F684B-1582-46C8-8B52-B8EEE8F48AB7}" = rport=137 | protocol=17 | dir=out | app=system |
"{6BEA6287-C065-43FC-9728-D06484E8EF26}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6EC230CC-FEC1-4C85-B06B-01D4EB265992}" = rport=10243 | protocol=6 | dir=out | app=system |
"{750F88FA-8173-4671-B3AF-40C78A4EBFC0}" = rport=445 | protocol=6 | dir=out | app=system |
"{8235F5B3-40CC-48E1-A835-F7E89E5DC41C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8FA52112-8097-4BB7-AD94-9FE11785FE2C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{94327299-AE99-4D26-B717-3CF5587D850E}" = lport=137 | protocol=17 | dir=in | app=system |
"{AA443012-1A70-450F-8100-222997311FD9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ABD0613A-89EA-4987-B88A-60CFB70E79F7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ABE251FA-D9BE-46D9-9BFA-11DA52B7D935}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B2CBA0BD-1ECE-4646-BFBC-14B204B0B794}" = lport=138 | protocol=17 | dir=in | app=system |
"{B5A95617-167F-4A6C-B1E8-50A1D07DBED4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C11BAEBB-C131-4515-9232-5A8877D7AD0E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{C504D4EB-024E-4606-B6EC-AB76066B44DB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CA17287C-FD61-45B5-9D5C-222070A39528}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D78070FE-32A0-47AF-90C0-9A0D9A6E4F4C}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{E2D82A5E-F980-4655-82C5-60C58F86A088}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F7524EEF-FE21-48CB-9E06-407607343C86}" = lport=445 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{024A0752-DBE0-4C00-8989-DA9BF886C53E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0C216D27-94D7-4EA0-8E8D-03FC771445AA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0FC074D7-2AD0-4948-8B81-D6998BC397D9}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"{107C649D-D4C6-45CD-967E-C813457B005B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{15C7F68C-5D36-427D-9E0C-BA5D50B3F8A5}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"{1DC2EBF0-9E29-44FD-B8EC-2CF3B73DD29F}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{273D6E02-D503-4D2A-BFB2-C78707D411EA}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{2BBA2A17-E37A-46AE-A096-EF7527D5A977}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2DCC3AE1-6536-4A90-B4F5-0933EE7CE51D}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"{2FB73278-DCD0-46E3-A717-6F9F9328A443}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\akamai\netsession_win.exe |
"{3C41E008-0138-4A2C-A1E1-2A4BF31650CC}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{420C5EF7-326C-4AB1-BFAA-344ADB3E3C98}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{42304915-FACA-4444-82D7-FD1EB5F53A51}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{4CE502AA-5528-431B-AAEA-F1495A8CCFA1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4D7DF8A4-C54C-4AE3-9687-1A08FAA97D91}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{4FAC35DF-8994-4D4C-A460-33A52B6AFC6E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5A1E62AC-DBDC-403F-81C1-B80773DE5C56}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"{5F7591E5-13CE-4006-9792-BA0A159B53EB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{608D629C-AE77-43A6-A923-0AC03F5F2E7D}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"{62D9E798-B74F-4254-95CF-4A02E63C79A1}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{68E5B23C-711F-4942-83B3-A0945D96D92F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{69808B9C-0239-4521-929E-0E8947DFAD4F}" = protocol=17 | dir=in | app=c:\program files (x86)\searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{7B987532-F597-467C-AD27-FA9B069FBE05}" = protocol=6 | dir=in | app=c:\program files (x86)\searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{802F113C-F6A3-4AB7-8769-B8C2EC6DB646}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{83305DDE-9698-48C1-BC9B-F9791032F786}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{83B27EC3-3F7A-440C-9492-37D403D90375}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{9A2A2C34-DBBF-40F5-A7AD-03E4B4AA9E5E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9B29F0DC-502A-45C8-8801-16598CBAB27C}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{A7BBCE80-42ED-4AA8-ACFE-F6253A4D24F7}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{A98E99FA-B944-4503-97EB-CCFC5289022E}" = protocol=6 | dir=in | app=c:\program files (x86)\media verlagsgesellschaft mbh\mofa racer\mofa racer.exe |
"{AAA019AF-19C2-48FA-B3A1-FE7DD3536D4D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B060ADF6-4D5A-4264-B10B-EBB03893E8AA}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B4F5F8A3-6D57-4A37-B52E-43E657E8CD12}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{BDDA589E-764C-47F7-AEA5-1EAF0103FAD0}" = protocol=6 | dir=out | app=system |
"{C316B600-6B41-4C18-916A-831CD7DC8CB5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C31D0648-A847-4D20-9315-4D3007E6C649}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C79C4EEB-E887-4C3B-8EAB-520D6F02A96B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{C801538F-F1E6-48DE-B255-4316AF4B33A4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CA2443BA-7785-4B01-9C23-71E9B48BF108}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D0A7A5F2-0735-49B6-85F8-45DD1399BD04}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DB11B0BB-BFB7-44E2-A9CC-4056B036C890}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"{E316870F-B769-49E1-BEB6-7C5E5BA90E72}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\akamai\netsession_win.exe |
"{E556F313-5D4A-4B1D-8E36-1244A247C9DA}" = dir=in | app=c:\users\meiwa\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{EF4038E3-B0A9-4234-B7C0-5C38D144C5AD}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{F85A0022-81EE-41A7-B699-C83AC06888C3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FA454CF3-196A-4A90-A363-CF252969437A}" = protocol=17 | dir=in | app=c:\program files (x86)\media verlagsgesellschaft mbh\mofa racer\mofa racer.exe |
"{FCF0ABCF-D293-4954-85E6-281A1634C104}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}" = TOSHIBA Bulletin Board
"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
"{53529DAD-F7C9-476E-87CC-1547C4E3E821}" = iTunes
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C2DDF845-7107-40E8-8D2A-8719F1799570}" = TOSHIBA ReelTime
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"{F791AF0B-640C-430F-B434-6B857908660A}" = ESET Smart Security
"2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB" = Windows-Treiberpaket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"CCleaner" = CCleaner
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0823A2E3-69DD-A37A-7CD9-1CBEB037545C}" = Toshiba Photo Service - powered by myphotobook
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{26D8DF7E-DBF8-43A6-8D42-F37497CE603D}" = Skype(TM) Launcher
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2C2E3DF0-5E32-48DA-AE35-2CC79E934AFA}" = SilentInstall
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53F7328C-6687-4AC9-9F68-2E28D8273033}_is1" = Südtirol (Topo)
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6C94A234-CA2C-4D3C-81E6-6AAA8069825D}" = Garmin WebUpdater
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7177EE4E-3D1D-4F45-85B5-B93DC758BA0B}" = OLYMPUS Viewer 2
"{74E69F8A-BCBB-4A0A-9361-32225755D8C3}" = Garmin BaseCamp
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8ED02445-D491-414C-A56D-2ED6BBB7239A}" = Garmin Communicator Plugin
"{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}" = iMesh
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E4FF410-471F-49E3-9358-74FF0D5E9901}" = Toshiba TEMPRO
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A68C62E8-B243-4777-89BB-12173DFA1D45}" = OLYMPUS Digital Camera Updater
"{A74F16FA-1D5B-405B-8D8D-1BC6F9DAED8B}" = Amazon.de
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E83BA61A-5D77-4DD5-9C92-A3447F11E27D}" = eBay
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"6991-5838-3837-9203" = eTax.zug 2010 nP 10.0.5
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Akamai" = Akamai NetSession Interface Service
"ALI" = ALI
"Avira AntiVir Desktop" = Avira Free Antivirus
"conduitEngine" = Conduit Engine
"Destruction Madness" = Destruction Madness
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Edgar Torronteras' Extreme Biker" = Edgar Torronteras' Extreme Biker
"ENTERPRISER" = Microsoft Office Enterprise 2007
"eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Toshiba Photo Service - powered by myphotobook
"Free YouTube Download_is1" = Free YouTube Download version 2.10.29
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.34.1015
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"iMesh" = iMesh
"iMesh MediaBar" = MediaBar
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}" = TOSHIBA Bulletin Board
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{C2DDF845-7107-40E8-8D2A-8719F1799570}" = TOSHIBA ReelTime
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mathematikstunde" = Mathematikstunde
"McAfee Security Scan" = McAfee Security Scan Plus
"MSC" = McAfee SecurityCenter
"NSS" = Norton Security Scan
"NumNumSpiel" = NumNumSpiel
"Searchqu Toolbar" = Searchqu Toolbar
"Shockwave" = Shockwave
"Sierra-Dienstprogramme" = Sierra-Dienstprogramme
"SilentInstall" = SilentInstall
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"ST6UNST #1" = Rechen-Trainer 1.0
"ST6UNST #2" = Rechen-Trainer 1.0 (c:\Lernprogramme\Stefanie\Rechnen\Programme\)
"ST6UNST #3" = Rechen-Trainer 1.0 (c:\Lernprogramme\Stefanie\Rechnen\Programme\) #3
"ST6UNST #4" = Rechen-Trainer 1.0 (c:\Lernprogramme\Stefanie\Rechnen\Programme\) #4
"ST6UNST #5" = Rechen-Trainer 1.0 (c:\Lernprogramme\Stefanie\Rechnen\Programme\) #5
"ST6UNST #6" = MathePower
"ST6UNST #7" = Rechen-Trainer 1.0 (C:\Program Files (x86)\Rechen-Trainer\)
"Tastaturschreiben" = Tastaturschreiben
"Taxi USA" = Taxi USA
"Uninstall_is1" = Uninstall 1.0.0.1
"Update Engine" = Sony Ericsson Update Engine
"WildTangent toshiba Master Uninstall" = WildTangent-Spiele
"WinLiveSuite_Wave3" = Windows Live Essentials
"www.Freeware-download.com Toolbar" = www.Freeware-download.com Toolbar
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-204597789-693288687-3208931555-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Smilebox" = Smilebox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 19.11.2012 13:32:52 | Computer Name = ***-TOSH | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "MSDTC Bridge 4.0.0.0" (MSDTC Bridge 4.0.0.0). Der Fehlercode ist das
erste DWORD im Datenbereich.
Error - 19.11.2012 14:22:53 | Computer Name = ***-TOSH | Source = ESENT | ID = 454
Description = Catalog Database (800) Catalog Database: Bei Datenbankwiederherstellung
trat ein unerwarteter Fehler -515 auf.
Error - 19.11.2012 14:22:53 | Computer Name = ***-TOSH | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert
werden. "ESENT"-Fehler: -515.
Error - 19.11.2012 14:23:18 | Computer Name = ***-TOSH | Source = .NET Runtime Optimization Service | ID = 1107
Description =
Error - 19.11.2012 22:42:23 | Computer Name = ***-TOSH | Source = ESENT | ID = 453
Description = Catalog Database (1184) Catalog Database: Die Datenbank 'C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb'
erfordert die Protokolldateien '722' - '736' (C:\Windows\system32\CatRoot2\edb002D2.log
- C:\Windows\system32\CatRoot2\edb.log) für eine erfolgreiche Wiederherstellung.
Es wurden nur Protokolldateien bis '735' (C:\Windows\system32\CatRoot2\edb002DF.log)
gefunden.
Error - 19.11.2012 22:42:27 | Computer Name = ***-TOSH | Source = ESENT | ID = 454
Description = Catalog Database (1184) Catalog Database: Bei Datenbankwiederherstellung
trat ein unerwarteter Fehler -543 auf.
Error - 19.11.2012 22:42:27 | Computer Name = ***-TOSH | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert
werden. "ESENT"-Fehler: -543.
Error - 20.11.2012 11:56:11 | Computer Name = ***-TOSH | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WMIADAP.EXE, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc789 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000009970a
ID
des fehlerhaften Prozesses: 0x157c Startzeit der fehlerhaften Anwendung: 0x01cdc7378e56f6a3
Pfad
der fehlerhaften Anwendung: \\?\C:\Windows\system32\wbem\WMIADAP.EXE Pfad des fehlerhaften
Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: cda3afe6-332a-11e2-b48c-0026223ae141
Error - 20.11.2012 14:46:58 | Computer Name = ***-TOSH | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\***\Downloads\SoftonicDownloader_fuer_free-youtube-download.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 20.11.2012 15:41:01 | Computer Name = ***-TOSH | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1040 Startzeit:
01cdc74f7c6512b3 Endzeit: 0 Anwendungspfad: C:\Users\***\Desktop\OTL.exe Berichts-ID:
[ Media Center Events ]
Error - 24.01.2012 05:11:06 | Computer Name = ***-TOSH | Source = MCUpdate | ID = 0
Description = 10:11:02 - Fehler beim Herstellen der Internetverbindung. 10:11:02
- Serververbindung konnte nicht hergestellt werden..
Error - 12.02.2012 09:49:34 | Computer Name = ***-TOSH | Source = MCUpdate | ID = 0
Description = 14:49:34 - Directory konnte nicht abgerufen werden (Fehler: Die Verbindung
mit dem Remoteserver kann nicht hergestellt werden.)
Error - 18.02.2012 04:14:58 | Computer Name = ***-TOSH | Source = MCUpdate | ID = 0
Description = 09:14:58 - Fehler beim Herstellen der Internetverbindung. 09:14:58
- Serververbindung konnte nicht hergestellt werden..
Error - 18.02.2012 04:15:12 | Computer Name = ***-TOSH | Source = MCUpdate | ID = 0
Description = 09:15:03 - Fehler beim Herstellen der Internetverbindung. 09:15:03
- Serververbindung konnte nicht hergestellt werden..
Error - 22.02.2012 04:10:32 | Computer Name = ***-TOSH | Source = MCUpdate | ID = 0
Description = 09:10:32 - Fehler beim Herstellen der Internetverbindung. 09:10:32
- Serververbindung konnte nicht hergestellt werden..
Error - 22.02.2012 04:10:42 | Computer Name = ***-TOSH | Source = MCUpdate | ID = 0
Description = 09:10:37 - Fehler beim Herstellen der Internetverbindung. 09:10:37
- Serververbindung konnte nicht hergestellt werden..
Error - 22.02.2012 05:10:47 | Computer Name = ***-TOSH | Source = MCUpdate | ID = 0
Description = 10:10:47 - Fehler beim Herstellen der Internetverbindung. 10:10:47
- Serververbindung konnte nicht hergestellt werden..
Error - 22.02.2012 05:10:54 | Computer Name = ***-TOSH | Source = MCUpdate | ID = 0
Description = 10:10:52 - Fehler beim Herstellen der Internetverbindung. 10:10:52
- Serververbindung konnte nicht hergestellt werden..
Error - 24.02.2012 04:51:42 | Computer Name = ***-TOSH | Source = MCUpdate | ID = 0
Description = 09:51:41 - Fehler beim Herstellen der Internetverbindung. 09:51:41
- Serververbindung konnte nicht hergestellt werden..
Error - 24.02.2012 04:51:53 | Computer Name = ***-TOSH | Source = MCUpdate | ID = 0
Description = 09:51:47 - Fehler beim Herstellen der Internetverbindung. 09:51:47
- Serververbindung konnte nicht hergestellt werden..
[ OSession Events ]
Error - 11.05.2010 15:20:33 | Computer Name = ***-TOSH | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 4803 seconds with 1500 seconds of active time. This session ended with a
crash.
[ System Events ]
Error - 19.11.2012 22:50:03 | Computer Name = ***-TOSH | Source = DCOM | ID = 10010
Description =
Error - 20.11.2012 11:51:59 | Computer Name = ***-TOSH | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee Real-time Scanner" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 20.11.2012 11:57:10 | Computer Name = ***-TOSH | Source = DCOM | ID = 10010
Description =
Error - 20.11.2012 11:59:46 | Computer Name = ***-TOSH | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst WerSvc erreicht.
Error - 20.11.2012 12:35:21 | Computer Name = ***-TOSH | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?20.?11.?2012 um 17:00:34 unerwartet heruntergefahren.
Error - 20.11.2012 12:35:34 | Computer Name = ***-TOSH | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee Real-time Scanner" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 20.11.2012 12:39:04 | Computer Name = ***-TOSH | Source = DCOM | ID = 10010
Description =
Error - 20.11.2012 12:41:09 | Computer Name = ***-TOSH | Source = DCOM | ID = 10010
Description =
Error - 20.11.2012 14:21:42 | Computer Name = ***-TOSH | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee Real-time Scanner" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 20.11.2012 14:28:05 | Computer Name = ***-TOSH | Source = DCOM | ID = 10010
Description =
< End of report >
Herzlichen Dank für Eure Hilfe!!! freundliche Grüsse bewa Geändert von bewa (20.11.2012 um 21:04 Uhr) |
| Themen zu Polizei-Trojaner; Schweizerische Eidgenossenschaft |
| 64 bit, adware.hotbar, adware.questscan, adware.seekmo, adware.shoppingreport2, adware.softomate, aufstarten, automatisch, avira antivir, bandoo, eidgenossenschaft, eset smart security, index, install.exe, limited.com/facebook, malwarebytes, ntdll.dll, office 2007, olympus, p2p.imesh, plug-in, polizei-trojaner, programm, pup.mywebsearch, richtlinie, schweizerische eidgenossenschaft, systemreparatur, task-manager, trojan.agent, trojan.bho, trojan.ransom, trojan.spyeyes.gen, trojan.vundo, unerwarteter fehler, usb 2.0, windows, windows 7 |
Baum-Darstellung