Interpol Virus durch E-Mail Anhang

partychick · 21.01.2013, 22:33

Hallöchen,

hier bin ich schon wieder. Ärgert mich selber, dass ich so "dumm" war ^^ Normalerweise öffne ich nicht so schnell irgendso einen Mist, aber indem Fall war die Hand schneller als das Gehirn

In einer E-Mail habe ich einen Anhang geöffnet und hab schon fast gedacht, dass es nichts Gutes ist. WinPatrol bellte und ich gewehrte dem Programm keinen Zugriff, auch die Windows Firewall meldete mir, dass Programme geblockt wurden. Trotzdem kam der Bildschirm mit dem "Interpol-Virus". Ich habe den Laptop herunter gefahren und wieder hoch gefahren. Alles war normal. Noch einmal meldete sich WinPatrol und ich verneinte wieder den Zugriff. Scheinbar ist kein weiterer Schaden entstanden. AntiVir hat nichts gemeldet.

Dennoch möchte ich gerne hier um Hilfe bitten, weil sicherlich noch Reste davon auf dem Laptop sind.

Ich habe als erstes einen Quick Scan mit Malwarebytes durchgeführt.

Code:

ATTFilter

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.21.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: *** [Administrator]

21.01.2013 21:50:04
mbam-log-2013-01-21 (21-50-04).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 214766
Laufzeit: 1 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Nach der boardinternen Anleitung http://www.trojaner-board.de/69886-a...-beachten.html habe ich defogger und OTL durchgeführt. Bei OTL habe ich diese Einstellungen befolgt: http://www.trojaner-board.de/85104-o...-oldtimer.html

Ich habe beides vom Desktop ausgeführt, alle Programme geschlossen gehabt und Avira Echtzeitscanner deaktiviert.

Hier die Logs:
defogger:

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:56 on 21/01/2013 (***)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

OTL:

Code:

ATTFilter

OTL logfile created on: 21.01.2013 21:59:20 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,96 Gb Total Physical Memory | 6,24 Gb Available Physical Memory | 78,42% Memory free
15,92 Gb Paging File | 14,01 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 913,93 Gb Total Space | 863,59 Gb Free Space | 94,49% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Secunia\PSI\psia.exe (Secunia)
PRC - C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (GFNEXSrv) -- C:\Windows\SysNative\GFNEXSrv.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\psia.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe ()
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (TemproMonitoringService) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (tosrfbd) -- C:\Windows\SysNative\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (Tosrfusb) -- C:\Windows\SysNative\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV:64bit: - (NBVol) -- C:\Windows\SysNative\drivers\NBVol.sys (Nero AG)
DRV:64bit: - (NBVolUp) -- C:\Windows\SysNative\drivers\NBVolUp.sys (Nero AG)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:64bit: - (Tosrfcom) -- C:\Windows\SysNative\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (tosrfbnp) -- C:\Windows\SysNative\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia)
DRV:64bit: - (Tosrfhid) -- C:\Windows\SysNative\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV:64bit: - (tosrfec) -- C:\Windows\SysNative\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV:64bit: - (TosRfSnd) -- C:\Windows\SysNative\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (tosrfnds) -- C:\Windows\SysNative\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV:64bit: - (tosporte) -- C:\Windows\SysNative\drivers\tosporte.sys (TOSHIBA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{8E61A64B-17B3-45E8-AA64-F9A2A272F96C}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA;
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{8E61A64B-17B3-45E8-AA64-F9A2A272F96C}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA;
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1458013422-641338021-464897306-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
IE - HKU\S-1-5-21-1458013422-641338021-464897306-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1458013422-641338021-464897306-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1458013422-641338021-464897306-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: %7B77d2ed30-4cd2-11e0-b8af-0800200c9a66%7D:5.4
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.20 21:19:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.20 21:19:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.12.30 19:05:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2013.01.15 14:35:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\62kt59q4.default\extensions
[2012.12.30 19:45:38 | 000,000,000 | ---D | M] (FT DeepDark) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\62kt59q4.default\extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66}
[2012.12.30 20:21:56 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\62kt59q4.default\extensions\ich@maltegoetz.de
[2013.01.05 18:43:23 | 000,220,411 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\62kt59q4.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2012.12.30 20:09:34 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\62kt59q4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.01.20 21:19:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.01.20 21:19:26 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.11.29 10:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.29 10:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.29 10:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.29 10:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.30 22:02:14 | 000,002,242 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\mystarttb.xml
[2012.11.29 10:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.29 10:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.01.03 23:26:50 | 000,597,071 | ---- | M]) - C:\Windows\SysNative\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1  localhost
O1 - Hosts: ::1  localhost #[IPv6]
O1 - Hosts: 127.0.0.1  fr.a2dfp.net
O1 - Hosts: 127.0.0.1  m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1  ad.a8.net
O1 - Hosts: 127.0.0.1  asy.a8ww.net
O1 - Hosts: 127.0.0.1  abcstats.com
O1 - Hosts: 127.0.0.1  a.abv.bg
O1 - Hosts: 127.0.0.1  adserver.abv.bg
O1 - Hosts: 127.0.0.1  adv.abv.bg
O1 - Hosts: 127.0.0.1  bimg.abv.bg
O1 - Hosts: 127.0.0.1  ca.abv.bg
O1 - Hosts: 127.0.0.1  www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1  track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1  accuserveadsystem.com
O1 - Hosts: 127.0.0.1  www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1  achmedia.com
O1 - Hosts: 127.0.0.1  aconti.net
O1 - Hosts: 127.0.0.1  secure.aconti.net
O1 - Hosts: 127.0.0.1  www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1  csh.actiondesk.com
O1 - Hosts: 127.0.0.1  www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1  ads.activepower.net
O1 - Hosts: 127.0.0.1  stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1  cms.ad2click.nl
O1 - Hosts: 15995 more lines...
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SRS Premium Sound HD] C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe (SRS Labs, Inc.)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\.DEFAULT..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-21-1458013422-641338021-464897306-1000..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1458013422-641338021-464897306-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1458013422-641338021-464897306-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 10.10.2)
O16 - DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 1.7.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 1.7.0_10)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{379BDE87-D1BE-4559-84ED-870596FA556A}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.21 21:56:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.01.21 21:38:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Ryunle
[2013.01.21 21:38:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Evmya
[2013.01.21 21:38:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Akofi
[2013.01.21 21:37:25 | 000,000,000 | ---D | C] -- C:\Users\***\Ugpvwcfyfwy
[2013.01.20 21:19:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.01.18 17:44:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\PokerStars.EU
[2013.01.18 17:44:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars.EU
[2013.01.18 17:44:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PokerStars.EU
[2013.01.16 11:31:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TOSHIBA Online Product Information
[2013.01.15 21:55:23 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2013.01.15 21:31:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2013.01.15 21:31:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2013.01.15 20:17:16 | 000,037,216 | ---- | C] (TuneUp Software) -- C:\windows\SysNative\uxtuneup.dll
[2013.01.15 20:17:16 | 000,029,536 | ---- | C] (TuneUp Software) -- C:\windows\SysWow64\uxtuneup.dll
[2013.01.15 20:12:10 | 000,034,656 | ---- | C] (TuneUp Software) -- C:\windows\SysNative\TURegOpt.exe
[2013.01.15 20:12:09 | 000,025,952 | ---- | C] (TuneUp Software) -- C:\windows\SysNative\authuitu.dll
[2013.01.15 20:12:09 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\windows\SysWow64\authuitu.dll
[2013.01.15 20:12:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013
[2013.01.15 20:11:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2013
[2013.01.15 20:10:54 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013.01.15 20:10:54 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013.01.15 19:51:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013.01.15 19:50:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2013.01.15 19:49:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2013.01.15 19:49:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2013.01.15 19:47:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013.01.15 19:46:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2013.01.15 19:46:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2012
[2013.01.15 19:46:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2013.01.15 19:46:06 | 000,000,000 | ---D | C] -- C:\windows\SHELLNEW
[2013.01.15 19:46:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft Help
[2013.01.15 19:45:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2013.01.15 19:45:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2013.01.15 19:45:52 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2013.01.15 19:45:42 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2013.01.15 19:45:39 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2013.01.15 19:39:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2013.01.15 19:25:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apple Computer
[2013.01.15 19:25:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.01.15 19:25:12 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\windows\SysNative\drivers\GEARAspiWDM.sys
[2013.01.15 19:24:52 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.01.15 19:24:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013.01.15 19:24:51 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013.01.15 19:24:50 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.01.15 19:24:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013.01.15 19:23:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Apple Computer
[2013.01.15 19:23:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2013.01.15 19:23:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013.01.15 19:22:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apple
[2013.01.15 19:22:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013.01.15 19:22:46 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013.01.15 19:22:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013.01.15 19:22:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013.01.15 19:22:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2013.01.11 23:43:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Mp3tag
[2013.01.11 23:43:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
[2013.01.11 23:43:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mp3tag
[2013.01.11 13:41:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.01.11 13:41:30 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.01.11 13:20:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\WinRAR
[2013.01.11 13:20:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.01.11 13:20:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.01.11 13:19:49 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013.01.11 08:11:17 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll
[2013.01.11 08:11:16 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\win32spl.dll
[2013.01.11 08:11:02 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll
[2013.01.11 08:11:01 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\usp10.dll
[2013.01.11 08:10:57 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gameux.dll
[2013.01.11 08:10:57 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\gameux.dll
[2013.01.11 08:10:57 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wpc.dll
[2013.01.11 08:10:57 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Wpc.dll
[2013.01.11 08:10:57 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\SysWow64\fpb.rs
[2013.01.11 08:10:57 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\SysNative\fpb.rs
[2013.01.11 08:10:57 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\SysWow64\oflc-nz.rs
[2013.01.11 08:10:57 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\SysNative\oflc-nz.rs
[2013.01.11 08:10:57 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegibbfc.rs
[2013.01.11 08:10:57 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegibbfc.rs
[2013.01.11 08:10:57 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\SysWow64\csrr.rs
[2013.01.11 08:10:57 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\SysNative\csrr.rs
[2013.01.11 08:10:57 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\SysWow64\cob-au.rs
[2013.01.11 08:10:57 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\SysNative\cob-au.rs
[2013.01.11 08:10:57 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\SysWow64\usk.rs
[2013.01.11 08:10:57 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\SysNative\usk.rs
[2013.01.11 08:10:57 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\SysWow64\grb.rs
[2013.01.11 08:10:57 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\SysNative\grb.rs
[2013.01.11 08:10:57 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi-pt.rs
[2013.01.11 08:10:57 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi-pt.rs
[2013.01.11 08:10:57 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi.rs
[2013.01.11 08:10:57 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi.rs
[2013.01.11 08:10:57 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\SysWow64\djctq.rs
[2013.01.11 08:10:57 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\SysNative\djctq.rs
[2013.01.11 08:10:56 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\SysWow64\cero.rs
[2013.01.11 08:10:56 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\SysNative\cero.rs
[2013.01.11 08:10:56 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\SysWow64\esrb.rs
[2013.01.11 08:10:56 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\SysNative\esrb.rs
[2013.01.11 08:10:56 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\SysWow64\oflc.rs
[2013.01.11 08:10:56 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\SysNative\oflc.rs
[2013.01.11 08:10:56 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi-fi.rs
[2013.01.11 08:10:56 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi-fi.rs
[2013.01.11 08:10:36 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2013.01.11 08:10:36 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
[2013.01.11 08:10:36 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe
[2013.01.11 08:10:36 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2013.01.11 08:10:35 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
[2013.01.11 08:10:35 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2013.01.11 08:10:35 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2013.01.11 08:10:35 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
[2013.01.11 08:10:35 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2013.01.11 08:10:35 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
[2013.01.11 08:10:35 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2013.01.11 08:10:35 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013.01.11 08:10:35 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013.01.11 08:10:35 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013.01.11 08:10:35 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013.01.11 08:10:35 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2013.01.11 08:10:35 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013.01.11 08:10:35 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013.01.11 08:10:35 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013.01.11 08:10:35 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013.01.11 08:10:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.01.11 08:10:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.01.11 08:10:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013.01.11 08:10:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013.01.11 08:10:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013.01.11 08:10:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013.01.11 08:10:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013.01.11 08:10:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013.01.11 08:10:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013.01.11 08:10:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2013.01.11 08:10:22 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\taskhost.exe
[2013.01.03 22:53:53 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\TFC.exe
[2013.01.03 22:37:28 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013.01.03 22:37:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2013.01.03 22:37:24 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSSTDFMT.DLL
[2013.01.03 22:37:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2013.01.03 22:32:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\WinPatrol
[2013.01.03 22:32:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
[2013.01.03 22:32:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BillP Studios
[2013.01.03 22:32:03 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2013.01.03 22:18:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Secunia PSI
[2013.01.03 22:17:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2013.01.03 22:04:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.01.03 22:01:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013.01.03 22:01:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013.01.03 21:47:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.01.03 21:47:42 | 000,859,072 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\npDeployJava1.dll
[2013.01.03 21:47:42 | 000,260,528 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2013.01.03 21:47:30 | 000,095,184 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2013.01.03 18:33:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2013.01.03 18:33:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.03 18:33:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.03 18:33:03 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013.01.03 18:33:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.01.03 18:31:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Programs
[2013.01.02 20:15:09 | 000,000,000 | ---D | C] -- C:\windows\temp
[2013.01.02 20:01:23 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2013.01.02 19:52:56 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2012.12.30 22:35:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Macromedia
[2012.12.30 20:40:48 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.12.30 20:40:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.12.30 20:40:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.12.30 20:17:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\yolobartb
[2012.12.30 19:51:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.12.30 19:51:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.12.30 19:51:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012.12.30 19:50:37 | 000,959,976 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\deployJava1.dll
[2012.12.30 19:50:35 | 001,081,320 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\npDeployJava1.dll
[2012.12.30 19:05:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Mozilla
[2012.12.30 19:05:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Mozilla
[2012.12.30 19:05:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.12.30 19:05:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.12.29 21:52:43 | 000,000,000 | ---D | C] -- C:\windows\de
[2012.12.29 21:52:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2012.12.29 21:52:10 | 000,000,000 | ---D | C] -- C:\windows\PCHEALTH
[2012.12.29 21:51:26 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_7.dll
[2012.12.29 21:51:26 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_7.dll
[2012.12.29 21:51:26 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_5.dll
[2012.12.29 21:51:26 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_5.dll
[2012.12.29 21:51:24 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_43.dll
[2012.12.29 21:51:24 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx11_43.dll
[2012.12.29 21:47:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Windows Live
[2012.12.29 19:43:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Adobe
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.21 21:56:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.01.21 21:56:12 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.01.21 21:55:38 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2013.01.21 21:52:06 | 000,024,400 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.21 21:52:06 | 000,024,400 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.21 21:48:11 | 001,498,506 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013.01.21 21:48:11 | 000,654,166 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013.01.21 21:48:11 | 000,616,008 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013.01.21 21:48:11 | 000,130,006 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013.01.21 21:48:11 | 000,106,388 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013.01.21 21:43:48 | 000,000,828 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2013.01.21 21:43:30 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.01.21 21:43:22 | 2115,870,719 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.21 21:01:01 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.01.21 20:57:30 | 000,000,833 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.01.18 17:44:39 | 000,001,055 | ---- | M] () -- C:\Users\Public\Desktop\PokerStars.eu.lnk
[2013.01.18 15:45:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2013.01.16 10:30:33 | 000,411,552 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013.01.15 20:03:59 | 000,002,697 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office Word 2007.lnk
[2013.01.15 20:03:54 | 000,002,795 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office Outlook 2007.lnk
[2013.01.15 20:03:45 | 000,002,703 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office Excel 2007.lnk
[2013.01.15 19:25:40 | 000,001,754 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.01.11 23:43:02 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Mp3tag.lnk
[2013.01.11 10:31:56 | 000,001,077 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2013.01.11 10:01:23 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013.01.11 10:01:23 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.01.03 23:26:50 | 000,597,071 | ---- | M] () -- C:\windows\SysNative\drivers\etc\HOSTS
[2013.01.03 22:53:53 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\TFC.exe
[2013.01.03 22:37:25 | 000,001,050 | ---- | M] () -- C:\Users\***\Desktop\SpywareBlaster.lnk
[2013.01.03 21:47:23 | 000,859,072 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\npDeployJava1.dll
[2013.01.03 21:47:23 | 000,779,704 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\deployJava1.dll
[2013.01.03 21:47:23 | 000,260,528 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2013.01.03 21:47:23 | 000,174,000 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2013.01.03 21:47:23 | 000,173,992 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2013.01.03 21:47:23 | 000,095,184 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2013.01.03 18:33:04 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.30 20:47:31 | 000,002,535 | ---- | M] () -- C:\Users\***\Desktop\Skype.lnk
[2012.12.30 19:50:19 | 001,081,320 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\npDeployJava1.dll
[2012.12.30 19:50:19 | 000,959,976 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\deployJava1.dll
[2012.12.30 19:05:34 | 000,001,118 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.12.29 20:50:15 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
 
========== Files Created - No Company Name ==========
 
[2013.01.21 21:56:12 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.01.21 21:55:38 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2013.01.18 17:44:39 | 000,001,055 | ---- | C] () -- C:\Users\Public\Desktop\PokerStars.eu.lnk
[2013.01.18 16:56:37 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.01.15 20:12:09 | 000,002,172 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk
[2013.01.15 20:03:59 | 000,002,697 | ---- | C] () -- C:\Users\***\Desktop\Microsoft Office Word 2007.lnk
[2013.01.15 20:03:54 | 000,002,795 | ---- | C] () -- C:\Users\***\Desktop\Microsoft Office Outlook 2007.lnk
[2013.01.15 20:03:45 | 000,002,703 | ---- | C] () -- C:\Users\***\Desktop\Microsoft Office Excel 2007.lnk
[2013.01.15 19:25:40 | 000,001,754 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.01.15 19:22:53 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013.01.11 23:43:02 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Mp3tag.lnk
[2013.01.11 13:41:31 | 000,000,833 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.01.11 10:31:56 | 000,001,077 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2013.01.11 10:31:56 | 000,001,040 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2013.01.03 22:37:25 | 000,001,050 | ---- | C] () -- C:\Users\***\Desktop\SpywareBlaster.lnk
[2013.01.03 18:33:04 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.30 20:47:31 | 000,002,535 | ---- | C] () -- C:\Users\***\Desktop\Skype.lnk
[2012.12.30 19:05:34 | 000,001,130 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.12.30 19:05:34 | 000,001,118 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.12.29 21:52:39 | 000,001,276 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2012.12.29 21:52:32 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2012.12.29 20:50:15 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.12.21 20:33:58 | 000,007,605 | ---- | C] () -- C:\Users\***\AppData\Local\resmon.resmoncfg
[2012.06.07 02:13:04 | 000,128,312 | ---- | C] () -- C:\windows\SysWow64\GFNEX.dll
[2012.06.07 01:58:43 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2012.06.07 01:56:23 | 000,204,960 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat
[2012.06.07 01:56:23 | 000,157,152 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat
[2012.06.07 01:56:23 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2012.02.03 06:08:26 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll
[2012.01.20 12:49:58 | 000,059,904 | ---- | C] () -- C:\windows\SysWow64\OpenVideo.dll
[2012.01.20 12:49:48 | 000,054,784 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.01.21 21:47:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Akofi
[2013.01.21 21:38:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Evmya
[2013.01.17 16:19:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag
[2013.01.21 21:38:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ryunle
[2012.12.20 18:20:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Toshiba
[2013.01.16 11:31:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TOSHIBA Online Product Information
[2013.01.15 20:16:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2012.12.20 18:18:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinBatch
[2013.01.03 22:32:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinPatrol
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

OTL Extras:

Code:

ATTFilter

OTL Extras logfile created on: 21.01.2013 21:59:20 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,96 Gb Total Physical Memory | 6,24 Gb Available Physical Memory | 78,42% Memory free
15,92 Gb Paging File | 14,01 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 913,93 Gb Total Space | 863,59 Gb Free Space | 94,49% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-1458013422-641338021-464897306-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{086728F5-ADD9-4BCD-AD10-42C5EC030461}" = lport=445 | protocol=6 | dir=in | app=system | 
"{185A9376-3701-41A0-8ACE-8683AFA315AA}" = lport=139 | protocol=6 | dir=in | app=system | 
"{35C4F671-491A-4B60-B61E-03630118BE4D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4CA19686-130B-4B14-8CCC-B1D1475306AF}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5616EE1D-1BF1-4C9C-B5AD-1CC4A36ECBC8}" = rport=445 | protocol=6 | dir=out | app=system | 
"{5672D0CC-A89A-40B5-B35F-98238E3E9BF7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{82F4537B-F4C3-4201-86A0-973D12EC6713}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{89C062F2-F386-4E38-92C5-926859ABDF8D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{982D84CC-C5F3-490E-AFB5-E9B6DBA7B4B0}" = lport=138 | protocol=17 | dir=in | app=system | 
"{9BC8959E-271E-41D7-9D61-9AA65FB8B29E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{9BE54A73-C520-4619-B70E-3A7B3738E750}" = lport=137 | protocol=17 | dir=in | app=system | 
"{A0CF979A-1937-4231-81CF-41A4D19D647D}" = rport=139 | protocol=6 | dir=out | app=system | 
"{CD82CFD6-ED62-4D1B-9042-F80E0FBC0EF0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F2719E6B-A688-4FC3-9756-84959FBEAE1B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{FD96F7AD-0E41-47F5-913B-9B827951861A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03F1BC3F-A03E-4842-BD98-1D5218F0EF20}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{083C5813-5E83-4014-ACBD-1ABEFCE92A10}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{09027CD5-1026-4C46-B668-6E60552B2307}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{2796D9AC-2F13-4C04-AC7C-C69343D517F3}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{4E5A398B-3D01-47EC-B580-6CBB2E3C3E0F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5F783AFE-BAAD-41BE-A563-1E260EA7F753}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{6F93BFDB-30B9-4367-BD78-275B78BD8890}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{79FBC2F9-9BF0-4BFD-A356-057313988AE9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7FFBDC1B-254D-4C16-8E41-D6C28B3A0E59}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{889948F5-FF5E-4C6D-B1BF-927BDCB41DA0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{9AF02E70-3E26-432A-9815-FEE87AAD95DA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{A02E32D8-05A9-423D-90DB-2082DB52011C}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{B33307FD-FD1A-4593-85DF-250AE9D6D5AF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B9E1393B-FD66-410F-AB5E-900EAE440AB0}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{BD4A7058-B20C-4524-B1B0-8A9D90D200FD}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{C013A3B0-ABC0-440C-958D-D8303624127C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C80D09EB-8D27-44E6-AE89-C28BC9E80C18}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C981C7A2-96FC-4B90-B53C-97FD05F31313}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{CBB9300C-B218-4072-9464-F3249A9D8792}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{DCD32CCC-AE79-43B8-8AF4-8FE38077BE87}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DF2CC932-F1EC-4A65-A647-34D012BA0698}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{F0BBBA62-07EE-47AF-BC33-44E429FC73D9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{F1766A19-209D-406E-BA1D-1EC2A7991B02}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{FDBF15F9-844E-40B6-A665-4F61EA40FCCA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"TCP Query User{26DD2C82-C8DE-4F48-8B6C-17D9268FFC77}C:\users\***\appdata\roaming\evmya\gouqr.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\evmya\gouqr.exe | 
"UDP Query User{3E0439F9-E4B9-4A19-ACF3-B4288EAAE1A0}C:\users\***\appdata\roaming\evmya\gouqr.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\evmya\gouqr.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{2C486987-D447-4E36-8D61-86E48E24199C}" = TOSHIBA eco Utility
"{3007FF9F-5B2C-41FF-8BFC-08BF25DB2681}" = Premium Sound HD
"{4BC12C41-9B5B-AEF9-0A63-EE2AA19FBFB8}" = ccc-utility64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{65486209-5C54-439C-8383-8AC9BBE25932}" = Atheros Bluetooth Filter Driver Package
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A62F9CD0-B2E0-4F2A-88F2-79254A3C8539}" = WinPatrol
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D600D357-5CB9-4DE9-8FD4-14E208BD1970}" = Nero Backup Drivers
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F856881A-D370-B1A7-2AFF-128F4AA93558}" = AMD Catalyst Install Manager
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{011E92F1-AF76-4983-8707-79F8F1956439}" = Nero Prerequisite Installer 1.0
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0AB6726B-2C04-75E6-D30A-AA8C0E26E46A}" = CCC Help Japanese
"{119826A8-4EF6-4BE5-A88B-D2D81FA7CEE2}" = TOSHIBA Supervisor Password
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{1B341C66-33EB-BAF0-6138-38AD1A502527}" = Catalyst Control Center
"{1D74451F-B220-E2E4-7FCD-520AA66F1A85}" = CCC Help Russian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FAB6902-546D-9060-D0C8-4B502160AA06}" = CCC Help English
"{216DF734-6004-42C7-AFC9-A81DFD344BA8}" = Nero BurnRights 11
"{2290A680-4083-410A-ADCC-7092C67FC052}" = TOSHIBA Online Product Information
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{2C14B193-A623-7DAA-9660-BB1EBF870D6B}" = Catalyst Control Center InstallProxy
"{2CC1453B-3385-F6FF-735F-F3BA36758715}" = CCC Help Swedish
"{2FD5D2C5-A7A1-4065-89BA-90542BF7CCD3}" = TOSHIBA Hardware Setup
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3253D3E5-C08E-E22B-BA99-DE88F520CBB3}" = CCC Help Korean
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3D516940-6675-41C1-E3DA-E3D358A7C207}" = CCC Help Italian
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{461F6F0D-7173-4902-9604-AB1A29108AF2}" = TOSHIBA Places Icon Utility
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4D2122D0-66F7-4A53-96FC-079C900B1CAF}" = Nero BurnRights 11 Help (CHM)
"{52B05867-9440-98ED-617B-6C05ACD1E457}" = Catalyst Control Center Graphics Previews Common
"{571F7B9B-96B8-E1B8-E198-0458BF5F80C4}" = CCC Help Hungarian
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
"{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7540EB6A-FE9B-4EE2-37D9-A88DC87AA9E6}" = CCC Help Turkish
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B69C60A-A148-4572-978C-729029390651}" = Catalyst Control Center - Branding
"{7D263751-40FB-D719-9F42-B62B67553D6F}" = CCC Help Chinese Traditional
"{82EE309C-B63C-1AAA-79AB-8A5E5986B687}" = CCC Help Norwegian
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{931991F4-99D4-95A6-1235-EAA599884AC6}" = CCC Help Danish
"{95140000-0081-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{990B884F-569C-5078-DD76-8BE91A569291}" = CCC Help Chinese Standard
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E77F8EF-588E-D11B-697F-5514B97779DF}" = CCC Help Greek
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent
"{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
"{AB34574F-AC24-AAB7-066E-680256DD91E9}" = Catalyst Control Center Localization All
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{B740C369-EA8D-2FDB-4265-CB70DD08095D}" = CCC Help Spanish
"{B9818C90-560C-8DC7-E254-38323B9A41EA}" = CCC Help Polish
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BD37CF23-3458-BFD1-7583-F8FFC37561F2}" = CCC Help Czech
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{BF34B28A-4D50-439A-6B6B-13EA41235E43}" = CCC Help German
"{C2471823-76DB-B529-F037-8D02CAC5DE5E}" = CCC Help Dutch
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}" = welcome
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{DAE76FE1-BD65-3251-1B6F-6B519A661A1F}" = CCC Help Finnish
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E7809829-3AC8-FBFA-2001-0D9BEBE51386}" = CCC Help Portuguese
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F082CB11-4794-4259-99A1-D91BA762AD15}" = TOSHIBA TEMPRO
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F79997CC-F030-93C6-7882-92DC241D7C07}" = CCC Help Thai
"{F8635CF8-B797-4EFD-80BC-DE2D26C65D4F}" = Nero 11 Essentials
"{FE3E16F2-D838-7B5F-A31E-2D55757D18E7}" = CCC Help French
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"DomaIQ Uninstaller" = DomaIQ Uninstaller
"ENTERPRISE" = Microsoft Office Enterprise 2007
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.54
"PokerStars.eu" = PokerStars.eu
"Secunia PSI" = Secunia PSI (3.0.0.6001)
"SpywareBlaster_is1" = SpywareBlaster 4.6
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"WinLiveSuite" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 21.01.2013 16:00:59 | Computer Name = *** | Source = Windows Search Service | ID = 7040
Description = 
 
Error - 21.01.2013 16:00:59 | Computer Name = *** | Source = Windows Search Service | ID = 7042
Description = 
 
Error - 21.01.2013 16:00:59 | Computer Name = *** | Source = Windows Search Service | ID = 9002
Description = 
 
Error - 21.01.2013 16:01:00 | Computer Name = *** | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 21.01.2013 16:01:00 | Computer Name = *** | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 21.01.2013 16:01:00 | Computer Name = *** | Source = Windows Search Service | ID = 3028
Description = 
 
Error - 21.01.2013 16:01:00 | Computer Name = *** | Source = Windows Search Service | ID = 3058
Description = 
 
Error - 21.01.2013 16:01:00 | Computer Name = *** | Source = Windows Search Service | ID = 7010
Description = 
 
Error - 21.01.2013 16:01:41 | Computer Name = *** | Source = Windows Search Service | ID = 1019
Description = 
 
Error - 21.01.2013 16:43:45 | Computer Name = *** | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 18.01.2013 10:31:09 | Computer Name = *** | Source = Service Control Manager | ID = 7034
Description = Dienst "TuneUp Utilities Service" wurde unerwartet beendet. Dies ist
 bereits 1 Mal passiert.
 
Error - 18.01.2013 12:00:12 | Computer Name = *** | Source = Microsoft-Windows-TaskScheduler | ID = 413
Description = Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen
 werden. Zusätzliche Daten: Fehlerwert: 2147549183.
 
Error - 18.01.2013 12:05:38 | Computer Name = *** | Source = Microsoft-Windows-TaskScheduler | ID = 413
Description = Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen
 werden. Zusätzliche Daten: Fehlerwert: 2147549183.
 
Error - 18.01.2013 14:58:45 | Computer Name = *** | Source = DCOM | ID = 10010
Description = 
 
Error - 20.01.2013 15:56:23 | Computer Name = *** | Source = Microsoft-Windows-TaskScheduler | ID = 413
Description = Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen
 werden. Zusätzliche Daten: Fehlerwert: 2147549183.
 
Error - 21.01.2013 12:19:23 | Computer Name = *** | Source = Microsoft-Windows-TaskScheduler | ID = 413
Description = Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen
 werden. Zusätzliche Daten: Fehlerwert: 2147549183.
 
Error - 21.01.2013 16:00:16 | Computer Name = *** | Source = Microsoft-Windows-TaskScheduler | ID = 413
Description = Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen
 werden. Zusätzliche Daten: Fehlerwert: 2147549183.
 
Error - 21.01.2013 16:01:00 | Computer Name = *** | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-1073473535.
 
Error - 21.01.2013 16:01:00 | Computer Name = *** | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 21.01.2013 16:43:35 | Computer Name = *** | Source = Microsoft-Windows-TaskScheduler | ID = 413
Description = Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen
 werden. Zusätzliche Daten: Fehlerwert: 2147549183.
 
 
< End of report >

Benutzername habe ich mit *** unkennbar gemacht.

Liebe Grüße

cosinus · 22.01.2013, 10:55

Hallo,

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Malwarebytes Anti-Rootkit

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Entpacke das Archiv auf deinem Desktop.
Im neu erstellten Ordner starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

partychick · 22.01.2013, 11:24

Hallo,

habe alles gemacht, wie beschrieben. Das Programm hat aber direkt nichts gefunden. War kein Cleanup nötig.

Log:

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org

Database version: v2013.01.22.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: *** [administrator]

22.01.2013 11:15:25
mbar-log-2013-01-22 (11-15-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 30184
Time elapsed: 6 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Noch eine Frage nebenher. War es richtig, dass ich die Scans am Anfang gemacht habe mit Malwarebytes und OTL oder hätte ich das sparen können?

Ich weiß noch, dass die Firewall danach ein Programm namen goql oder so ähnlich blockierte, das hat wohl irgendwas damit zu tun. Weiß leider nicht mehr genau wie das hieß.

Lieben Gruß

cosinus · 22.01.2013, 11:47

1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

partychick · 22.01.2013, 12:17

1. aswMBR

Code:

ATTFilter

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-22 11:56:42
-----------------------------
11:56:42.025    OS Version: Windows x64 6.1.7601 Service Pack 1
11:56:42.025    Number of processors: 4 586 0x3A09
11:56:42.025    ComputerName: ***  UserName: ***
11:56:43.492    Initialize success
11:56:51.824    AVAST engine download error: 0
11:57:14.459    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:57:14.475    Disk 0 Vendor: TOSHIBA_ AX00 Size: 953869MB BusType: 3
11:57:14.490    Disk 0 MBR read successfully
11:57:14.506    Disk 0 MBR scan
11:57:14.506    Disk 0 Windows VISTA default MBR code
11:57:14.522    Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS         1500 MB offset 2048
11:57:14.537    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       935868 MB offset 3074048
11:57:14.568    Disk 0 Partition 3 00     17 Hidd HPFS/NTFS NTFS        16500 MB offset 1919731712
11:57:14.615    Disk 0 scanning C:\windows\system32\drivers
11:57:18.687    Service scanning
11:57:40.996    Modules scanning
11:57:40.996    Disk 0 trace - called modules:
11:57:41.027    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
11:57:41.027    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80092cc790]
11:57:41.027    3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80092cb050]
11:57:41.043    Scan finished successfully
11:57:49.420    Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
11:57:49.420    The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"

2. TDSS-Killer

Code:

ATTFilter

12:11:09.0155 3164  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
12:11:09.0171 3164  ============================================================
12:11:09.0171 3164  Current date / time: 2013/01/22 12:11:09.0171
12:11:09.0171 3164  SystemInfo:
12:11:09.0171 3164  
12:11:09.0171 3164  OS Version: 6.1.7601 ServicePack: 1.0
12:11:09.0171 3164  Product type: Workstation
12:11:09.0171 3164  ComputerName: ***
12:11:09.0171 3164  UserName: ***
12:11:09.0171 3164  Windows directory: C:\windows
12:11:09.0171 3164  System windows directory: C:\windows
12:11:09.0171 3164  Running under WOW64
12:11:09.0171 3164  Processor architecture: Intel x64
12:11:09.0171 3164  Number of processors: 4
12:11:09.0171 3164  Page size: 0x1000
12:11:09.0171 3164  Boot type: Normal boot
12:11:09.0171 3164  ============================================================
12:11:09.0545 3164  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:11:09.0561 3164  ============================================================
12:11:09.0561 3164  \Device\Harddisk0\DR0:
12:11:09.0561 3164  MBR partitions:
12:11:09.0561 3164  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x723DE000
12:11:09.0561 3164  ============================================================
12:11:09.0576 3164  C: <-> \Device\Harddisk0\DR0\Partition1
12:11:09.0576 3164  ============================================================
12:11:09.0576 3164  Initialize success
12:11:09.0576 3164  ============================================================
12:11:16.0643 3548  ============================================================
12:11:16.0643 3548  Scan started
12:11:16.0643 3548  Mode: Manual; SigCheck; TDLFS; 
12:11:16.0643 3548  ============================================================
12:11:16.0846 3548  ================ Scan system memory ========================
12:11:16.0846 3548  System memory - ok
12:11:16.0846 3548  ================ Scan services =============================
12:11:17.0236 3548  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
12:11:17.0345 3548  1394ohci - ok
12:11:17.0392 3548  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\windows\system32\drivers\ACPI.sys
12:11:17.0408 3548  ACPI - ok
12:11:17.0454 3548  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
12:11:17.0501 3548  AcpiPmi - ok
12:11:17.0688 3548  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:11:17.0704 3548  AdobeARMservice - ok
12:11:17.0907 3548  [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:11:17.0938 3548  AdobeFlashPlayerUpdateSvc - ok
12:11:18.0000 3548  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\windows\system32\drivers\adp94xx.sys
12:11:18.0032 3548  adp94xx - ok
12:11:18.0078 3548  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\windows\system32\drivers\adpahci.sys
12:11:18.0094 3548  adpahci - ok
12:11:18.0110 3548  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\windows\system32\drivers\adpu320.sys
12:11:18.0125 3548  adpu320 - ok
12:11:18.0156 3548  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
12:11:18.0234 3548  AeLookupSvc - ok
12:11:18.0266 3548  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\windows\system32\drivers\afd.sys
12:11:18.0297 3548  AFD - ok
12:11:18.0328 3548  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\windows\system32\drivers\agp440.sys
12:11:18.0344 3548  agp440 - ok
12:11:18.0359 3548  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\windows\System32\alg.exe
12:11:18.0406 3548  ALG - ok
12:11:18.0422 3548  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\windows\system32\drivers\aliide.sys
12:11:18.0453 3548  aliide - ok
12:11:18.0484 3548  [ 2437C0697BA89FC5FCF2ADE491BDC2B3 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
12:11:18.0546 3548  AMD External Events Utility - ok
12:11:18.0578 3548  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\windows\system32\drivers\amdide.sys
12:11:18.0609 3548  amdide - ok
12:11:18.0624 3548  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\windows\system32\drivers\amdk8.sys
12:11:18.0640 3548  AmdK8 - ok
12:11:18.0858 3548  [ 184F11D8B76FACFE16390C4C47D32B5D ] amdkmdag        C:\windows\system32\DRIVERS\atikmdag.sys
12:11:19.0108 3548  amdkmdag - ok
12:11:19.0124 3548  [ 54BC6F0E471033D8B22FB5E5BEA343EE ] amdkmdap        C:\windows\system32\DRIVERS\atikmpag.sys
12:11:19.0155 3548  amdkmdap - ok
12:11:19.0202 3548  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\windows\system32\drivers\amdppm.sys
12:11:19.0233 3548  AmdPPM - ok
12:11:19.0248 3548  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\windows\system32\drivers\amdsata.sys
12:11:19.0264 3548  amdsata - ok
12:11:19.0280 3548  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\windows\system32\drivers\amdsbs.sys
12:11:19.0295 3548  amdsbs - ok
12:11:19.0295 3548  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\windows\system32\drivers\amdxata.sys
12:11:19.0311 3548  amdxata - ok
12:11:19.0545 3548  [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
12:11:19.0560 3548  AntiVirSchedulerService - ok
12:11:19.0592 3548  [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
12:11:19.0607 3548  AntiVirService - ok
12:11:19.0654 3548  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\windows\system32\drivers\appid.sys
12:11:19.0716 3548  AppID - ok
12:11:19.0748 3548  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\windows\System32\appidsvc.dll
12:11:19.0779 3548  AppIDSvc - ok
12:11:19.0794 3548  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\windows\System32\appinfo.dll
12:11:19.0841 3548  Appinfo - ok
12:11:19.0997 3548  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:11:20.0013 3548  Apple Mobile Device - ok
12:11:20.0060 3548  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\windows\system32\drivers\arc.sys
12:11:20.0075 3548  arc - ok
12:11:20.0106 3548  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\windows\system32\drivers\arcsas.sys
12:11:20.0122 3548  arcsas - ok
12:11:20.0122 3548  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
12:11:20.0169 3548  AsyncMac - ok
12:11:20.0184 3548  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\windows\system32\drivers\atapi.sys
12:11:20.0200 3548  atapi - ok
12:11:20.0278 3548  [ B594EA0B79A9028DAA640A0F0DC41FE6 ] athr            C:\windows\system32\DRIVERS\athrx.sys
12:11:20.0387 3548  athr - ok
12:11:20.0434 3548  [ 230CF51113CD4B830B3BFD09B0D4C066 ] AtiHDAudioService C:\windows\system32\drivers\AtihdW76.sys
12:11:20.0465 3548  AtiHDAudioService - ok
12:11:20.0512 3548  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
12:11:20.0606 3548  AudioEndpointBuilder - ok
12:11:20.0637 3548  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\windows\System32\Audiosrv.dll
12:11:20.0684 3548  AudioSrv - ok
12:11:20.0684 3548  [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt        C:\windows\system32\DRIVERS\avgntflt.sys
12:11:20.0699 3548  avgntflt - ok
12:11:20.0730 3548  [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb          C:\windows\system32\DRIVERS\avipbb.sys
12:11:20.0730 3548  avipbb - ok
12:11:20.0762 3548  [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr          C:\windows\system32\DRIVERS\avkmgr.sys
12:11:20.0762 3548  avkmgr - ok
12:11:20.0808 3548  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\windows\System32\AxInstSV.dll
12:11:20.0855 3548  AxInstSV - ok
12:11:20.0902 3548  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\windows\system32\drivers\bxvbda.sys
12:11:20.0949 3548  b06bdrv - ok
12:11:20.0964 3548  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
12:11:21.0011 3548  b57nd60a - ok
12:11:21.0042 3548  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\windows\System32\bdesvc.dll
12:11:21.0074 3548  BDESVC - ok
12:11:21.0105 3548  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\windows\system32\drivers\Beep.sys
12:11:21.0152 3548  Beep - ok
12:11:21.0230 3548  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\windows\System32\bfe.dll
12:11:21.0323 3548  BFE - ok
12:11:21.0354 3548  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\windows\System32\qmgr.dll
12:11:21.0448 3548  BITS - ok
12:11:21.0479 3548  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
12:11:21.0495 3548  blbdrive - ok
12:11:21.0573 3548  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:11:21.0588 3548  Bonjour Service - ok
12:11:21.0635 3548  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
12:11:21.0666 3548  bowser - ok
12:11:21.0713 3548  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\windows\system32\drivers\BrFiltLo.sys
12:11:21.0744 3548  BrFiltLo - ok
12:11:21.0744 3548  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\windows\system32\drivers\BrFiltUp.sys
12:11:21.0776 3548  BrFiltUp - ok
12:11:21.0885 3548  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\windows\system32\DRIVERS\bridge.sys
12:11:21.0932 3548  BridgeMP - ok
12:11:21.0978 3548  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\windows\System32\browser.dll
12:11:22.0010 3548  Browser - ok
12:11:22.0010 3548  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\windows\System32\Drivers\Brserid.sys
12:11:22.0056 3548  Brserid - ok
12:11:22.0072 3548  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
12:11:22.0103 3548  BrSerWdm - ok
12:11:22.0119 3548  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
12:11:22.0150 3548  BrUsbMdm - ok
12:11:22.0150 3548  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
12:11:22.0181 3548  BrUsbSer - ok
12:11:22.0228 3548  [ D31303617FE09F5F788BC34EB8028FB5 ] BtFilter        C:\windows\system32\DRIVERS\btfilter.sys
12:11:22.0244 3548  BtFilter - ok
12:11:22.0290 3548  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\windows\system32\drivers\BthEnum.sys
12:11:22.0322 3548  BthEnum - ok
12:11:22.0368 3548  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\windows\system32\drivers\bthmodem.sys
12:11:22.0400 3548  BTHMODEM - ok
12:11:22.0446 3548  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
12:11:22.0478 3548  BthPan - ok
12:11:22.0540 3548  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\windows\System32\Drivers\BTHport.sys
12:11:22.0602 3548  BTHPORT - ok
12:11:22.0649 3548  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\windows\system32\bthserv.dll
12:11:22.0712 3548  bthserv - ok
12:11:22.0743 3548  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys
12:11:22.0774 3548  BTHUSB - ok
12:11:22.0821 3548  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
12:11:22.0899 3548  cdfs - ok
12:11:22.0946 3548  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
12:11:22.0992 3548  cdrom - ok
12:11:23.0024 3548  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\windows\System32\certprop.dll
12:11:23.0102 3548  CertPropSvc - ok
12:11:23.0117 3548  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\windows\system32\drivers\circlass.sys
12:11:23.0148 3548  circlass - ok
12:11:23.0180 3548  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\windows\system32\CLFS.sys
12:11:23.0195 3548  CLFS - ok
12:11:23.0258 3548  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:11:23.0273 3548  clr_optimization_v2.0.50727_32 - ok
12:11:23.0304 3548  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:11:23.0320 3548  clr_optimization_v2.0.50727_64 - ok
12:11:23.0414 3548  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:11:23.0429 3548  clr_optimization_v4.0.30319_32 - ok
12:11:23.0445 3548  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:11:23.0460 3548  clr_optimization_v4.0.30319_64 - ok
12:11:23.0507 3548  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
12:11:23.0538 3548  CmBatt - ok
12:11:23.0538 3548  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\windows\system32\drivers\cmdide.sys
12:11:23.0554 3548  cmdide - ok
12:11:23.0601 3548  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\windows\system32\Drivers\cng.sys
12:11:23.0632 3548  CNG - ok
12:11:23.0694 3548  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\windows\system32\drivers\compbatt.sys
12:11:23.0710 3548  Compbatt - ok
12:11:23.0741 3548  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\windows\system32\DRIVERS\CompositeBus.sys
12:11:23.0772 3548  CompositeBus - ok
12:11:23.0772 3548  COMSysApp - ok
12:11:23.0788 3548  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\windows\system32\drivers\crcdisk.sys
12:11:23.0788 3548  crcdisk - ok
12:11:23.0835 3548  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\windows\system32\cryptsvc.dll
12:11:23.0866 3548  CryptSvc - ok
12:11:23.0913 3548  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\windows\system32\rpcss.dll
12:11:23.0991 3548  DcomLaunch - ok
12:11:24.0038 3548  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\windows\System32\defragsvc.dll
12:11:24.0100 3548  defragsvc - ok
12:11:24.0131 3548  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
12:11:24.0178 3548  DfsC - ok
12:11:24.0194 3548  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\windows\system32\dhcpcore.dll
12:11:24.0225 3548  Dhcp - ok
12:11:24.0240 3548  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\windows\system32\drivers\discache.sys
12:11:24.0272 3548  discache - ok
12:11:24.0318 3548  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\windows\system32\drivers\disk.sys
12:11:24.0318 3548  Disk - ok
12:11:24.0350 3548  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\windows\System32\dnsrslvr.dll
12:11:24.0381 3548  Dnscache - ok
12:11:24.0396 3548  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\windows\System32\dot3svc.dll
12:11:24.0459 3548  dot3svc - ok
12:11:24.0459 3548  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\windows\system32\dps.dll
12:11:24.0506 3548  DPS - ok
12:11:24.0537 3548  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
12:11:24.0568 3548  drmkaud - ok
12:11:24.0599 3548  [ 85DBF6EC7BDFA6187F4A1EC8F3145CD0 ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
12:11:24.0615 3548  DXGKrnl - ok
12:11:24.0646 3548  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\windows\System32\eapsvc.dll
12:11:24.0708 3548  EapHost - ok
12:11:24.0786 3548  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\windows\system32\drivers\evbda.sys
12:11:24.0880 3548  ebdrv - ok
12:11:24.0911 3548  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\windows\System32\lsass.exe
12:11:24.0958 3548  EFS - ok
12:11:25.0005 3548  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\windows\system32\drivers\elxstor.sys
12:11:25.0036 3548  elxstor - ok
12:11:25.0036 3548  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\windows\system32\drivers\errdev.sys
12:11:25.0052 3548  ErrDev - ok
12:11:25.0098 3548  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\windows\system32\es.dll
12:11:25.0145 3548  EventSystem - ok
12:11:25.0161 3548  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\windows\system32\drivers\exfat.sys
12:11:25.0208 3548  exfat - ok
12:11:25.0208 3548  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\windows\system32\drivers\fastfat.sys
12:11:25.0239 3548  fastfat - ok
12:11:25.0286 3548  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\windows\system32\fxssvc.exe
12:11:25.0348 3548  Fax - ok
12:11:25.0379 3548  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\windows\system32\drivers\fdc.sys
12:11:25.0426 3548  fdc - ok
12:11:25.0473 3548  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\windows\system32\fdPHost.dll
12:11:25.0535 3548  fdPHost - ok
12:11:25.0535 3548  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\windows\system32\fdrespub.dll
12:11:25.0566 3548  FDResPub - ok
12:11:25.0582 3548  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
12:11:25.0582 3548  FileInfo - ok
12:11:25.0598 3548  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
12:11:25.0660 3548  Filetrace - ok
12:11:25.0676 3548  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\windows\system32\drivers\flpydisk.sys
12:11:25.0676 3548  flpydisk - ok
12:11:25.0707 3548  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
12:11:25.0722 3548  FltMgr - ok
12:11:25.0785 3548  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\windows\system32\FntCache.dll
12:11:25.0832 3548  FontCache - ok
12:11:25.0863 3548  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:11:25.0863 3548  FontCache3.0.0.0 - ok
12:11:25.0894 3548  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
12:11:25.0894 3548  FsDepends - ok
12:11:25.0925 3548  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
12:11:25.0941 3548  Fs_Rec - ok
12:11:25.0972 3548  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
12:11:25.0988 3548  fvevol - ok
12:11:26.0019 3548  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\windows\system32\drivers\gagp30kx.sys
12:11:26.0034 3548  gagp30kx - ok
12:11:26.0066 3548  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\windows\system32\DRIVERS\GEARAspiWDM.sys
12:11:26.0081 3548  GEARAspiWDM - ok
12:11:26.0159 3548  [ FA07EC01952729DDDDC5BF4BAE06B09E ] GFNEXSrv        C:\Windows\System32\GFNEXSrv.exe
12:11:26.0190 3548  GFNEXSrv - ok
12:11:26.0222 3548  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\windows\System32\gpsvc.dll
12:11:26.0284 3548  gpsvc - ok
12:11:26.0346 3548  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
12:11:26.0362 3548  hcw85cir - ok
12:11:26.0393 3548  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
12:11:26.0424 3548  HdAudAddService - ok
12:11:26.0456 3548  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\windows\system32\DRIVERS\HDAudBus.sys
12:11:26.0471 3548  HDAudBus - ok
12:11:26.0502 3548  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\windows\system32\drivers\HidBatt.sys
12:11:26.0534 3548  HidBatt - ok
12:11:26.0534 3548  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\windows\system32\drivers\hidbth.sys
12:11:26.0565 3548  HidBth - ok
12:11:26.0580 3548  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\windows\system32\drivers\hidir.sys
12:11:26.0596 3548  HidIr - ok
12:11:26.0612 3548  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\windows\System32\hidserv.dll
12:11:26.0658 3548  hidserv - ok
12:11:26.0690 3548  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
12:11:26.0705 3548  HidUsb - ok
12:11:26.0752 3548  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\windows\system32\kmsvc.dll
12:11:26.0814 3548  hkmsvc - ok
12:11:26.0830 3548  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
12:11:26.0877 3548  HomeGroupListener - ok
12:11:26.0908 3548  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
12:11:26.0924 3548  HomeGroupProvider - ok
12:11:26.0970 3548  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
12:11:26.0986 3548  HpSAMD - ok
12:11:27.0017 3548  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\windows\system32\drivers\HTTP.sys
12:11:27.0064 3548  HTTP - ok
12:11:27.0064 3548  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
12:11:27.0080 3548  hwpolicy - ok
12:11:27.0095 3548  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\windows\system32\DRIVERS\i8042prt.sys
12:11:27.0095 3548  i8042prt - ok
12:11:27.0142 3548  [ C224331A54571C8C9162F7714400BBBD ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
12:11:27.0158 3548  iaStor - ok
12:11:27.0204 3548  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
12:11:27.0236 3548  iaStorV - ok
12:11:27.0298 3548  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:11:27.0345 3548  idsvc - ok
12:11:27.0376 3548  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\windows\system32\drivers\iirsp.sys
12:11:27.0392 3548  iirsp - ok
12:11:27.0423 3548  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\windows\System32\ikeext.dll
12:11:27.0516 3548  IKEEXT - ok
12:11:27.0641 3548  [ 7C49C45A86CC0CD59C36701FB2A91E77 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
12:11:27.0672 3548  IntcAzAudAddService - ok
12:11:27.0750 3548  [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
12:11:27.0782 3548  Intel(R) Capability Licensing Service Interface - ok
12:11:27.0813 3548  [ 896AA2F1D79662B17D5DBBE588E24E30 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
12:11:27.0828 3548  Intel(R) ME Service - ok
12:11:27.0891 3548  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\windows\system32\drivers\intelide.sys
12:11:27.0906 3548  intelide - ok
12:11:27.0922 3548  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
12:11:27.0938 3548  intelppm - ok
12:11:27.0969 3548  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\windows\system32\ipbusenum.dll
12:11:28.0031 3548  IPBusEnum - ok
12:11:28.0047 3548  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
12:11:28.0078 3548  IpFilterDriver - ok
12:11:28.0125 3548  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
12:11:28.0156 3548  iphlpsvc - ok
12:11:28.0187 3548  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
12:11:28.0218 3548  IPMIDRV - ok
12:11:28.0218 3548  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\windows\system32\drivers\ipnat.sys
12:11:28.0265 3548  IPNAT - ok
12:11:28.0359 3548  [ 0F261EC4F514926177C70C1832374231 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
12:11:28.0390 3548  iPod Service - ok
12:11:28.0421 3548  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\windows\system32\drivers\irenum.sys
12:11:28.0452 3548  IRENUM - ok
12:11:28.0468 3548  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\windows\system32\drivers\isapnp.sys
12:11:28.0468 3548  isapnp - ok
12:11:28.0484 3548  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
12:11:28.0499 3548  iScsiPrt - ok
12:11:28.0546 3548  [ 8E4577C6E0D3114170509159DE658907 ] iusb3hcs        C:\windows\system32\DRIVERS\iusb3hcs.sys
12:11:28.0546 3548  iusb3hcs - ok
12:11:28.0562 3548  [ FE76346E9B57DA575BD1B3BD0CCAD7FF ] iusb3hub        C:\windows\system32\DRIVERS\iusb3hub.sys
12:11:28.0577 3548  iusb3hub - ok
12:11:28.0608 3548  [ 1008CD90DA2198FFD250298DEB9DF160 ] iusb3xhc        C:\windows\system32\DRIVERS\iusb3xhc.sys
12:11:28.0624 3548  iusb3xhc - ok
12:11:28.0671 3548  [ 3C6630473DD42FFC57D9F5564F533127 ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
12:11:28.0686 3548  jhi_service - ok
12:11:28.0718 3548  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
12:11:28.0733 3548  kbdclass - ok
12:11:28.0733 3548  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\windows\system32\drivers\kbdhid.sys
12:11:28.0764 3548  kbdhid - ok
12:11:28.0796 3548  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\windows\system32\lsass.exe
12:11:28.0811 3548  KeyIso - ok
12:11:28.0842 3548  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
12:11:28.0842 3548  KSecDD - ok
12:11:28.0874 3548  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
12:11:28.0889 3548  KSecPkg - ok
12:11:28.0905 3548  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
12:11:28.0952 3548  ksthunk - ok
12:11:28.0983 3548  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\windows\system32\msdtckrm.dll
12:11:29.0061 3548  KtmRm - ok
12:11:29.0123 3548  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\windows\System32\srvsvc.dll
12:11:29.0201 3548  LanmanServer - ok
12:11:29.0217 3548  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
12:11:29.0248 3548  LanmanWorkstation - ok
12:11:29.0279 3548  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
12:11:29.0310 3548  lltdio - ok
12:11:29.0326 3548  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\windows\System32\lltdsvc.dll
12:11:29.0373 3548  lltdsvc - ok
12:11:29.0404 3548  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\windows\System32\lmhsvc.dll
12:11:29.0466 3548  lmhosts - ok
12:11:29.0513 3548  [ 2B23FAA39D8F949ED5EEE03ECA50BCD5 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
12:11:29.0513 3548  LMS - ok
12:11:29.0560 3548  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\windows\system32\drivers\lsi_fc.sys
12:11:29.0591 3548  LSI_FC - ok
12:11:29.0591 3548  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\windows\system32\drivers\lsi_sas.sys
12:11:29.0607 3548  LSI_SAS - ok
12:11:29.0607 3548  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\windows\system32\drivers\lsi_sas2.sys
12:11:29.0622 3548  LSI_SAS2 - ok
12:11:29.0638 3548  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\windows\system32\drivers\lsi_scsi.sys
12:11:29.0654 3548  LSI_SCSI - ok
12:11:29.0654 3548  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\windows\system32\drivers\luafv.sys
12:11:29.0685 3548  luafv - ok
12:11:29.0700 3548  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\windows\system32\drivers\megasas.sys
12:11:29.0700 3548  megasas - ok
12:11:29.0732 3548  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\windows\system32\drivers\MegaSR.sys
12:11:29.0732 3548  MegaSR - ok
12:11:29.0778 3548  [ 772A1DEEDFDBC244183B5C805D1B7D85 ] MEIx64          C:\windows\system32\DRIVERS\HECIx64.sys
12:11:29.0778 3548  MEIx64 - ok
12:11:29.0997 3548  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
12:11:30.0012 3548  Microsoft Office Groove Audit Service - ok
12:11:30.0059 3548  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\windows\system32\mmcss.dll
12:11:30.0122 3548  MMCSS - ok
12:11:30.0153 3548  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\windows\system32\drivers\modem.sys
12:11:30.0184 3548  Modem - ok
12:11:30.0184 3548  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\windows\system32\DRIVERS\monitor.sys
12:11:30.0200 3548  monitor - ok
12:11:30.0231 3548  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
12:11:30.0231 3548  mouclass - ok
12:11:30.0246 3548  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
12:11:30.0262 3548  mouhid - ok
12:11:30.0293 3548  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
12:11:30.0309 3548  mountmgr - ok
12:11:30.0356 3548  [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:11:30.0371 3548  MozillaMaintenance - ok
12:11:30.0371 3548  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\windows\system32\drivers\mpio.sys
12:11:30.0387 3548  mpio - ok
12:11:30.0418 3548  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
12:11:30.0434 3548  mpsdrv - ok
12:11:30.0480 3548  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\windows\system32\mpssvc.dll
12:11:30.0543 3548  MpsSvc - ok
12:11:30.0543 3548  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
12:11:30.0574 3548  MRxDAV - ok
12:11:30.0590 3548  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
12:11:30.0605 3548  mrxsmb - ok
12:11:30.0636 3548  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
12:11:30.0652 3548  mrxsmb10 - ok
12:11:30.0668 3548  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
12:11:30.0699 3548  mrxsmb20 - ok
12:11:30.0699 3548  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\windows\system32\DRIVERS\msahci.sys
12:11:30.0699 3548  msahci - ok
12:11:30.0714 3548  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\windows\system32\drivers\msdsm.sys
12:11:30.0714 3548  msdsm - ok
12:11:30.0746 3548  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\windows\System32\msdtc.exe
12:11:30.0777 3548  MSDTC - ok
12:11:30.0777 3548  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\windows\system32\drivers\Msfs.sys
12:11:30.0808 3548  Msfs - ok
12:11:30.0824 3548  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
12:11:30.0870 3548  mshidkmdf - ok
12:11:30.0870 3548  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
12:11:30.0886 3548  msisadrv - ok
12:11:30.0917 3548  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
12:11:30.0948 3548  MSiSCSI - ok
12:11:30.0948 3548  msiserver - ok
12:11:30.0964 3548  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
12:11:30.0995 3548  MSKSSRV - ok
12:11:31.0011 3548  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
12:11:31.0042 3548  MSPCLOCK - ok
12:11:31.0042 3548  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
12:11:31.0073 3548  MSPQM - ok
12:11:31.0089 3548  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
12:11:31.0089 3548  MsRPC - ok
12:11:31.0089 3548  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\windows\system32\DRIVERS\mssmbios.sys
12:11:31.0104 3548  mssmbios - ok
12:11:31.0104 3548  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
12:11:31.0136 3548  MSTEE - ok
12:11:31.0136 3548  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\windows\system32\drivers\MTConfig.sys
12:11:31.0151 3548  MTConfig - ok
12:11:31.0151 3548  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\windows\system32\Drivers\mup.sys
12:11:31.0151 3548  Mup - ok
12:11:31.0182 3548  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\windows\system32\qagentRT.dll
12:11:31.0229 3548  napagent - ok
12:11:31.0276 3548  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
12:11:31.0307 3548  NativeWifiP - ok
12:11:31.0385 3548  [ 934BB0D23A25C8C136570800A5A149B6 ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
12:11:31.0416 3548  NAUpdate - ok
12:11:31.0448 3548  [ DACA803A8D732FE5EEAA024EC342F81D ] NBVol           C:\windows\system32\DRIVERS\NBVol.sys
12:11:31.0463 3548  NBVol - ok
12:11:31.0479 3548  [ 6208F622E9E35860DFB0753DFF56F0C0 ] NBVolUp         C:\windows\system32\DRIVERS\NBVolUp.sys
12:11:31.0494 3548  NBVolUp - ok
12:11:31.0557 3548  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\windows\system32\drivers\ndis.sys
12:11:31.0588 3548  NDIS - ok
12:11:31.0635 3548  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
12:11:31.0697 3548  NdisCap - ok
12:11:31.0713 3548  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
12:11:31.0728 3548  NdisTapi - ok
12:11:31.0744 3548  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
12:11:31.0775 3548  Ndisuio - ok
12:11:31.0775 3548  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
12:11:31.0806 3548  NdisWan - ok
12:11:31.0822 3548  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
12:11:31.0853 3548  NDProxy - ok
12:11:31.0884 3548  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
12:11:31.0916 3548  NetBIOS - ok
12:11:31.0931 3548  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
12:11:31.0962 3548  NetBT - ok
12:11:31.0994 3548  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\windows\system32\lsass.exe
12:11:32.0009 3548  Netlogon - ok
12:11:32.0072 3548  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\windows\System32\netman.dll
12:11:32.0134 3548  Netman - ok
12:11:32.0134 3548  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\windows\System32\netprofm.dll
12:11:32.0196 3548  netprofm - ok
12:11:32.0228 3548  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:11:32.0243 3548  NetTcpPortSharing - ok
12:11:32.0274 3548  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\windows\system32\drivers\nfrd960.sys
12:11:32.0290 3548  nfrd960 - ok
12:11:32.0306 3548  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\windows\System32\nlasvc.dll
12:11:32.0321 3548  NlaSvc - ok
12:11:32.0337 3548  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\windows\system32\drivers\Npfs.sys
12:11:32.0352 3548  Npfs - ok
12:11:32.0384 3548  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\windows\system32\nsisvc.dll
12:11:32.0430 3548  nsi - ok
12:11:32.0446 3548  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
12:11:32.0477 3548  nsiproxy - ok
12:11:32.0540 3548  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
12:11:32.0602 3548  Ntfs - ok
12:11:32.0633 3548  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\windows\system32\drivers\Null.sys
12:11:32.0680 3548  Null - ok
12:11:32.0696 3548  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\windows\system32\drivers\nvraid.sys
12:11:32.0696 3548  nvraid - ok
12:11:32.0711 3548  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\windows\system32\drivers\nvstor.sys
12:11:32.0711 3548  nvstor - ok
12:11:32.0727 3548  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
12:11:32.0727 3548  nv_agp - ok
12:11:32.0883 3548  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:11:32.0930 3548  odserv - ok
12:11:32.0961 3548  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
12:11:32.0992 3548  ohci1394 - ok
12:11:33.0086 3548  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:11:33.0101 3548  ose - ok
12:11:33.0164 3548  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
12:11:33.0195 3548  p2pimsvc - ok
12:11:33.0226 3548  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\windows\system32\p2psvc.dll
12:11:33.0257 3548  p2psvc - ok
12:11:33.0288 3548  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\windows\system32\drivers\parport.sys
12:11:33.0320 3548  Parport - ok
12:11:33.0366 3548  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\windows\system32\drivers\partmgr.sys
12:11:33.0382 3548  partmgr - ok
12:11:33.0398 3548  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\windows\System32\pcasvc.dll
12:11:33.0444 3548  PcaSvc - ok
12:11:33.0476 3548  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\windows\system32\drivers\pci.sys
12:11:33.0491 3548  pci - ok
12:11:33.0491 3548  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\windows\system32\DRIVERS\pciide.sys
12:11:33.0507 3548  pciide - ok
12:11:33.0522 3548  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\windows\system32\drivers\pcmcia.sys
12:11:33.0522 3548  pcmcia - ok
12:11:33.0538 3548  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\windows\system32\drivers\pcw.sys
12:11:33.0538 3548  pcw - ok
12:11:33.0554 3548  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\windows\system32\drivers\peauth.sys
12:11:33.0600 3548  PEAUTH - ok
12:11:33.0663 3548  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\windows\SysWow64\perfhost.exe
12:11:33.0694 3548  PerfHost - ok
12:11:33.0756 3548  [ 91111CEBBDE8015E822C46120ED9537C ] PGEffect        C:\windows\system32\DRIVERS\pgeffect.sys
12:11:33.0772 3548  PGEffect - ok
12:11:33.0819 3548  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\windows\system32\pla.dll
12:11:33.0897 3548  pla - ok
12:11:33.0959 3548  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
12:11:33.0990 3548  PlugPlay - ok
12:11:34.0022 3548  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
12:11:34.0053 3548  PNRPAutoReg - ok
12:11:34.0084 3548  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
12:11:34.0100 3548  PNRPsvc - ok
12:11:34.0131 3548  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
12:11:34.0162 3548  PolicyAgent - ok
12:11:34.0209 3548  [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power           C:\windows\system32\umpo.dll
12:11:34.0240 3548  Power - ok
12:11:34.0271 3548  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
12:11:34.0334 3548  PptpMiniport - ok
12:11:34.0334 3548  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\windows\system32\drivers\processr.sys
12:11:34.0365 3548  Processor - ok
12:11:34.0396 3548  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\windows\system32\profsvc.dll
12:11:34.0427 3548  ProfSvc - ok
12:11:34.0443 3548  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
12:11:34.0458 3548  ProtectedStorage - ok
12:11:34.0490 3548  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\windows\system32\DRIVERS\pacer.sys
12:11:34.0536 3548  Psched - ok
12:11:34.0583 3548  [ FB46E9A827A8799EBD7BFA9128C91F37 ] PSI             C:\windows\system32\DRIVERS\psi_mf.sys
12:11:34.0599 3548  PSI - ok
12:11:34.0646 3548  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\windows\system32\drivers\ql2300.sys
12:11:34.0708 3548  ql2300 - ok
12:11:34.0724 3548  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\windows\system32\drivers\ql40xx.sys
12:11:34.0739 3548  ql40xx - ok
12:11:34.0755 3548  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\windows\system32\qwave.dll
12:11:34.0770 3548  QWAVE - ok
12:11:34.0786 3548  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
12:11:34.0802 3548  QWAVEdrv - ok
12:11:34.0802 3548  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
12:11:34.0848 3548  RasAcd - ok
12:11:34.0880 3548  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
12:11:34.0942 3548  RasAgileVpn - ok
12:11:34.0989 3548  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\windows\System32\rasauto.dll
12:11:35.0051 3548  RasAuto - ok
12:11:35.0067 3548  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
12:11:35.0098 3548  Rasl2tp - ok
12:11:35.0129 3548  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\windows\System32\rasmans.dll
12:11:35.0192 3548  RasMan - ok
12:11:35.0223 3548  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
12:11:35.0270 3548  RasPppoe - ok
12:11:35.0270 3548  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
12:11:35.0301 3548  RasSstp - ok
12:11:35.0332 3548  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
12:11:35.0394 3548  rdbss - ok
12:11:35.0394 3548  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\windows\system32\drivers\rdpbus.sys
12:11:35.0426 3548  rdpbus - ok
12:11:35.0441 3548  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
12:11:35.0472 3548  RDPCDD - ok
12:11:35.0472 3548  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
12:11:35.0488 3548  RDPENCDD - ok
12:11:35.0488 3548  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
12:11:35.0519 3548  RDPREFMP - ok
12:11:35.0566 3548  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
12:11:35.0597 3548  RdpVideoMiniport - ok
12:11:35.0628 3548  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
12:11:35.0675 3548  RDPWD - ok
12:11:35.0722 3548  [ A115F49BEA840A5F049BC6310F35F776 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
12:11:35.0738 3548  rdyboost - ok
12:11:35.0769 3548  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\windows\System32\mprdim.dll
12:11:35.0847 3548  RemoteAccess - ok
12:11:35.0878 3548  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\windows\system32\regsvc.dll
12:11:35.0940 3548  RemoteRegistry - ok
12:11:35.0987 3548  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\windows\system32\DRIVERS\rfcomm.sys
12:11:36.0018 3548  RFCOMM - ok
12:11:36.0034 3548  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
12:11:36.0065 3548  RpcEptMapper - ok
12:11:36.0096 3548  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\windows\system32\locator.exe
12:11:36.0096 3548  RpcLocator - ok
12:11:36.0112 3548  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\windows\system32\rpcss.dll
12:11:36.0143 3548  RpcSs - ok
12:11:36.0190 3548  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
12:11:36.0237 3548  rspndr - ok
12:11:36.0362 3548  [ BB1C3DF1D6CC0972E9C7268A19E62D2E ] RSUSBSTOR       C:\windows\system32\Drivers\RtsUStor.sys
12:11:36.0377 3548  RSUSBSTOR - ok
12:11:36.0440 3548  [ 9140DB0911DE035FED0A9A77A2D156EA ] RTL8167         C:\windows\system32\DRIVERS\Rt64win7.sys
12:11:36.0486 3548  RTL8167 - ok
12:11:36.0502 3548  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\windows\system32\lsass.exe
12:11:36.0533 3548  SamSs - ok
12:11:36.0549 3548  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
12:11:36.0564 3548  sbp2port - ok
12:11:36.0596 3548  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\windows\System32\SCardSvr.dll
12:11:36.0674 3548  SCardSvr - ok
12:11:36.0674 3548  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
12:11:36.0720 3548  scfilter - ok
12:11:36.0752 3548  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\windows\system32\schedsvc.dll
12:11:36.0814 3548  Schedule - ok
12:11:36.0845 3548  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\windows\System32\certprop.dll
12:11:36.0876 3548  SCPolicySvc - ok
12:11:36.0892 3548  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\windows\System32\SDRSVC.dll
12:11:36.0923 3548  SDRSVC - ok
12:11:36.0970 3548  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\windows\system32\drivers\secdrv.sys
12:11:37.0017 3548  secdrv - ok
12:11:37.0032 3548  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\windows\system32\seclogon.dll
12:11:37.0048 3548  seclogon - ok
12:11:37.0188 3548  [ 306F9390976E41063D21AB9AB6D48122 ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
12:11:37.0235 3548  Secunia PSI Agent - ok
12:11:37.0313 3548  [ 29C852880E9634F8C6BD77A4E68B5B34 ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
12:11:37.0344 3548  Secunia Update Agent - ok
12:11:37.0376 3548  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\windows\system32\sens.dll
12:11:37.0438 3548  SENS - ok
12:11:37.0454 3548  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\windows\system32\sensrsvc.dll
12:11:37.0485 3548  SensrSvc - ok
12:11:37.0516 3548  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\windows\system32\drivers\serenum.sys
12:11:37.0547 3548  Serenum - ok
12:11:37.0563 3548  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\windows\system32\drivers\serial.sys
12:11:37.0594 3548  Serial - ok
12:11:37.0610 3548  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\windows\system32\drivers\sermouse.sys
12:11:37.0641 3548  sermouse - ok
12:11:37.0688 3548  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\windows\system32\sessenv.dll
12:11:37.0734 3548  SessionEnv - ok
12:11:37.0750 3548  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
12:11:37.0766 3548  sffdisk - ok
12:11:37.0797 3548  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
12:11:37.0812 3548  sffp_mmc - ok
12:11:37.0812 3548  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
12:11:37.0844 3548  sffp_sd - ok
12:11:37.0844 3548  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\windows\system32\drivers\sfloppy.sys
12:11:37.0859 3548  sfloppy - ok
12:11:37.0890 3548  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\windows\System32\ipnathlp.dll
12:11:37.0906 3548  SharedAccess - ok
12:11:37.0937 3548  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
12:11:37.0984 3548  ShellHWDetection - ok
12:11:38.0000 3548  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\windows\system32\drivers\SiSRaid2.sys
12:11:38.0015 3548  SiSRaid2 - ok
12:11:38.0031 3548  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\windows\system32\drivers\sisraid4.sys
12:11:38.0031 3548  SiSRaid4 - ok
12:11:38.0093 3548  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
12:11:38.0109 3548  SkypeUpdate - ok
12:11:38.0156 3548  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\windows\system32\DRIVERS\smb.sys
12:11:38.0187 3548  Smb - ok
12:11:38.0218 3548  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\windows\System32\snmptrap.exe
12:11:38.0249 3548  SNMPTRAP - ok
12:11:38.0280 3548  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\windows\system32\drivers\spldr.sys
12:11:38.0296 3548  spldr - ok
12:11:38.0343 3548  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\windows\System32\spoolsv.exe
12:11:38.0374 3548  Spooler - ok
12:11:38.0468 3548  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\windows\system32\sppsvc.exe
12:11:38.0577 3548  sppsvc - ok
12:11:38.0577 3548  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\windows\system32\sppuinotify.dll
12:11:38.0624 3548  sppuinotify - ok
12:11:38.0655 3548  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\windows\system32\DRIVERS\srv.sys
12:11:38.0670 3548  srv - ok
12:11:38.0670 3548  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
12:11:38.0702 3548  srv2 - ok
12:11:38.0702 3548  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
12:11:38.0717 3548  srvnet - ok
12:11:38.0764 3548  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
12:11:38.0826 3548  SSDPSRV - ok
12:11:38.0842 3548  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\windows\system32\sstpsvc.dll
12:11:38.0873 3548  SstpSvc - ok
12:11:38.0904 3548  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\windows\system32\drivers\stexstor.sys
12:11:38.0920 3548  stexstor - ok
12:11:38.0951 3548  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\windows\System32\wiaservc.dll
12:11:38.0982 3548  stisvc - ok
12:11:38.0982 3548  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\windows\system32\DRIVERS\swenum.sys
12:11:38.0998 3548  swenum - ok
12:11:39.0029 3548  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\windows\System32\swprv.dll
12:11:39.0060 3548  swprv - ok
12:11:39.0123 3548  [ B868E292FBA5B62B9FC71572A5FAEF5C ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
12:11:39.0154 3548  SynTP - ok
12:11:39.0201 3548  [ 7BE4CDEA6BC7832BFE3112A350D8B9EA ] SysMain         C:\windows\system32\sysmain.dll
12:11:39.0263 3548  SysMain - ok
12:11:39.0279 3548  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
12:11:39.0294 3548  TabletInputService - ok
12:11:39.0310 3548  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\windows\System32\tapisrv.dll
12:11:39.0357 3548  TapiSrv - ok
12:11:39.0372 3548  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\windows\System32\tbssvc.dll
12:11:39.0388 3548  TBS - ok
12:11:39.0482 3548  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
12:11:39.0544 3548  Tcpip - ok
12:11:39.0591 3548  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
12:11:39.0622 3548  TCPIP6 - ok
12:11:39.0638 3548  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
12:11:39.0653 3548  tcpipreg - ok
12:11:39.0700 3548  [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst        C:\windows\system32\DRIVERS\tdcmdpst.sys
12:11:39.0716 3548  tdcmdpst - ok
12:11:39.0762 3548  TDEIO - ok
12:11:39.0809 3548  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
12:11:39.0825 3548  TDPIPE - ok
12:11:39.0825 3548  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
12:11:39.0840 3548  TDTCP - ok
12:11:39.0856 3548  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
12:11:39.0903 3548  tdx - ok
12:11:39.0965 3548  [ 1B709733A04DCC41A63F9CD1F76A4EBE ] TemproMonitoringService C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
12:11:39.0981 3548  TemproMonitoringService - ok
12:11:40.0012 3548  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\windows\system32\DRIVERS\termdd.sys
12:11:40.0012 3548  TermDD - ok
12:11:40.0043 3548  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\windows\System32\termsrv.dll
12:11:40.0121 3548  TermService - ok
12:11:40.0121 3548  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\windows\system32\themeservice.dll
12:11:40.0152 3548  Themes - ok
12:11:40.0168 3548  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\windows\system32\mmcss.dll
12:11:40.0199 3548  THREADORDER - ok
12:11:40.0277 3548  [ 71C321649B28638EE80A2EEB164C1DC8 ] TMachInfo       C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
12:11:40.0293 3548  TMachInfo - ok
12:11:40.0324 3548  [ 8E2C799D3476EAC32C3BA0DF7CE6AF19 ] TODDSrv         C:\windows\system32\TODDSrv.exe
12:11:40.0340 3548  TODDSrv - ok
12:11:40.0480 3548  [ 4AE80C5F7772C4FB2A762F70AD4A111E ] TosCoSrv        C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
12:11:40.0496 3548  TosCoSrv - ok
12:11:40.0636 3548  [ A22DEB5EC05FEBFDCA1D3FF70FA1FF46 ] TOSHIBA Bluetooth Service C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
12:11:40.0652 3548  TOSHIBA Bluetooth Service - ok
12:11:40.0714 3548  [ 6E2330FB032ED3EBEFC1349AD7081A98 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
12:11:40.0745 3548  TOSHIBA eco Utility Service - ok
12:11:40.0823 3548  [ 9338C2DEB14CA2804BCB3276CB7EB4FD ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
12:11:40.0839 3548  TOSHIBA HDD SSD Alert Service - ok
12:11:40.0870 3548  [ 8021F63311797085949FA387F7C83583 ] tosporte        C:\windows\system32\DRIVERS\tosporte.sys
12:11:40.0886 3548  tosporte - ok
12:11:40.0917 3548  [ B9FA0498F6CC596FFA5CF47A04CD1785 ] tosrfbd         C:\windows\system32\DRIVERS\tosrfbd.sys
12:11:40.0932 3548  tosrfbd - ok
12:11:40.0964 3548  [ 90F0B1745ABF13F44C2A6ED79F7CE9FB ] tosrfbnp        C:\windows\system32\Drivers\tosrfbnp.sys
12:11:40.0979 3548  tosrfbnp - ok
12:11:41.0026 3548  [ 9E4E65EA51E34647340BD6007467AC54 ] Tosrfcom        C:\windows\system32\Drivers\tosrfcom.sys
12:11:41.0042 3548  Tosrfcom - ok
12:11:41.0073 3548  [ F5E3AC4CBCD154EE80849B21887FD0B0 ] tosrfec         C:\windows\system32\DRIVERS\tosrfec.sys
12:11:41.0088 3548  tosrfec - ok
12:11:41.0104 3548  [ 7D2467D3EB9BAA4B69AE4A28C83DE57A ] Tosrfhid        C:\windows\system32\DRIVERS\Tosrfhid.sys
12:11:41.0120 3548  Tosrfhid - ok
12:11:41.0151 3548  [ B6FDC3C76FFE9C5171EEA9C37EA367C2 ] tosrfnds        C:\windows\system32\DRIVERS\tosrfnds.sys
12:11:41.0151 3548  tosrfnds - ok
12:11:41.0198 3548  [ 7052B10E54B48AF12BD5606596A8E039 ] TosRfSnd        C:\windows\system32\drivers\tosrfsnd.sys
12:11:41.0213 3548  TosRfSnd - ok
12:11:41.0260 3548  [ AF8A0D2E2A41043A77CA77CCBDB8D9C2 ] Tosrfusb        C:\windows\system32\DRIVERS\tosrfusb.sys
12:11:41.0276 3548  Tosrfusb - ok
12:11:41.0338 3548  [ 36CDD894395BEC46EFB14F49D77D3D82 ] TPCHSrv         C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
12:11:41.0385 3548  TPCHSrv - ok
12:11:41.0432 3548  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\windows\System32\trkwks.dll
12:11:41.0494 3548  TrkWks - ok
12:11:41.0525 3548  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
12:11:41.0556 3548  TrustedInstaller - ok
12:11:41.0572 3548  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
12:11:41.0603 3548  tssecsrv - ok
12:11:41.0634 3548  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
12:11:41.0650 3548  TsUsbFlt - ok
12:11:41.0650 3548  [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD         C:\windows\system32\drivers\TsUsbGD.sys
12:11:41.0681 3548  TsUsbGD - ok
12:11:41.0853 3548  [ E8985332F611F56ADBCFF987E7D67D51 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
12:11:41.0931 3548  TuneUp.UtilitiesSvc - ok
12:11:41.0946 3548  [ 7BC3381C0713F613B31ACDE38B71CB53 ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys
12:11:41.0962 3548  TuneUpUtilitiesDrv - ok
12:11:42.0024 3548  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
12:11:42.0087 3548  tunnel - ok
12:11:42.0118 3548  [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ           C:\windows\system32\DRIVERS\TVALZ_O.SYS
12:11:42.0134 3548  TVALZ - ok
12:11:42.0180 3548  [ 9C7191F4B2E49BFF47A6C1144B5923FA ] TVALZFL         C:\windows\system32\DRIVERS\TVALZFL.sys
12:11:42.0196 3548  TVALZFL - ok
12:11:42.0227 3548  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\windows\system32\drivers\uagp35.sys
12:11:42.0258 3548  uagp35 - ok
12:11:42.0258 3548  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
12:11:42.0290 3548  udfs - ok
12:11:42.0321 3548  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\windows\system32\UI0Detect.exe
12:11:42.0352 3548  UI0Detect - ok
12:11:42.0399 3548  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
12:11:42.0414 3548  uliagpkx - ok
12:11:42.0430 3548  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\windows\system32\DRIVERS\umbus.sys
12:11:42.0461 3548  umbus - ok
12:11:42.0477 3548  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\windows\system32\drivers\umpass.sys
12:11:42.0492 3548  UmPass - ok
12:11:42.0602 3548  [ 3C5405EF78576E8E4D791EB18F6856A8 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
12:11:42.0633 3548  UNS - ok
12:11:42.0648 3548  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\windows\System32\upnphost.dll
12:11:42.0711 3548  upnphost - ok
12:11:42.0758 3548  [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64       C:\windows\system32\Drivers\usbaapl64.sys
12:11:42.0804 3548  USBAAPL64 - ok
12:11:42.0836 3548  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
12:11:42.0867 3548  usbccgp - ok
12:11:42.0882 3548  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\windows\system32\drivers\usbcir.sys
12:11:42.0914 3548  usbcir - ok
12:11:42.0914 3548  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\windows\system32\DRIVERS\usbehci.sys
12:11:42.0929 3548  usbehci - ok
12:11:42.0960 3548  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
12:11:42.0992 3548  usbhub - ok
12:11:43.0007 3548  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\windows\system32\drivers\usbohci.sys
12:11:43.0023 3548  usbohci - ok
12:11:43.0038 3548  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\windows\system32\drivers\usbprint.sys
12:11:43.0070 3548  usbprint - ok
12:11:43.0070 3548  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
12:11:43.0101 3548  USBSTOR - ok
12:11:43.0116 3548  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
12:11:43.0132 3548  usbuhci - ok
12:11:43.0163 3548  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\windows\system32\Drivers\usbvideo.sys
12:11:43.0179 3548  usbvideo - ok
12:11:43.0210 3548  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\windows\System32\uxsms.dll
12:11:43.0241 3548  UxSms - ok
12:11:43.0272 3548  [ 0089C14DFBBEB6B3A22BE14A44A4CE1F ] UxTuneUp        C:\windows\System32\uxtuneup.dll
12:11:43.0288 3548  UxTuneUp - ok
12:11:43.0335 3548  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\windows\system32\lsass.exe
12:11:43.0366 3548  VaultSvc - ok
12:11:43.0413 3548  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
12:11:43.0428 3548  vdrvroot - ok
12:11:43.0460 3548  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\windows\System32\vds.exe
12:11:43.0506 3548  vds - ok
12:11:43.0522 3548  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
12:11:43.0538 3548  vga - ok
12:11:43.0538 3548  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\windows\System32\drivers\vga.sys
12:11:43.0569 3548  VgaSave - ok
12:11:43.0584 3548  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
12:11:43.0584 3548  vhdmp - ok
12:11:43.0600 3548  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\windows\system32\drivers\viaide.sys
12:11:43.0616 3548  viaide - ok
12:11:43.0631 3548  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\windows\system32\drivers\volmgr.sys
12:11:43.0631 3548  volmgr - ok
12:11:43.0647 3548  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
12:11:43.0662 3548  volmgrx - ok
12:11:43.0678 3548  [ DF8126BD41180351A093A3AD2FC8903B ] volsnap         C:\windows\system32\drivers\volsnap.sys
12:11:43.0678 3548  volsnap - ok
12:11:43.0694 3548  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\windows\system32\drivers\vsmraid.sys
12:11:43.0709 3548  vsmraid - ok
12:11:43.0756 3548  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\windows\system32\vssvc.exe
12:11:43.0818 3548  VSS - ok
12:11:43.0850 3548  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
12:11:43.0881 3548  vwifibus - ok
12:11:43.0881 3548  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
12:11:43.0912 3548  vwififlt - ok
12:11:43.0943 3548  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\windows\system32\w32time.dll
12:11:44.0021 3548  W32Time - ok
12:11:44.0052 3548  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\windows\system32\drivers\wacompen.sys
12:11:44.0084 3548  WacomPen - ok
12:11:44.0099 3548  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
12:11:44.0130 3548  WANARP - ok
12:11:44.0146 3548  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
12:11:44.0162 3548  Wanarpv6 - ok
12:11:44.0224 3548  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\windows\system32\wbengine.exe
12:11:44.0286 3548  wbengine - ok
12:11:44.0286 3548  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
12:11:44.0318 3548  WbioSrvc - ok
12:11:44.0333 3548  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\windows\System32\wcncsvc.dll
12:11:44.0349 3548  wcncsvc - ok
12:11:44.0349 3548  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
12:11:44.0364 3548  WcsPlugInService - ok
12:11:44.0396 3548  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\windows\system32\drivers\wd.sys
12:11:44.0411 3548  Wd - ok
12:11:44.0474 3548  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
12:11:44.0520 3548  Wdf01000 - ok
12:11:44.0536 3548  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\windows\system32\wdi.dll
12:11:44.0552 3548  WdiServiceHost - ok
12:11:44.0552 3548  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\windows\system32\wdi.dll
12:11:44.0567 3548  WdiSystemHost - ok
12:11:44.0598 3548  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\windows\System32\webclnt.dll
12:11:44.0645 3548  WebClient - ok
12:11:44.0661 3548  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\windows\system32\wecsvc.dll
12:11:44.0692 3548  Wecsvc - ok
12:11:44.0692 3548  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\windows\System32\wercplsupport.dll
12:11:44.0723 3548  wercplsupport - ok
12:11:44.0754 3548  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\windows\System32\WerSvc.dll
12:11:44.0801 3548  WerSvc - ok
12:11:44.0848 3548  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
12:11:44.0895 3548  WfpLwf - ok
12:11:44.0895 3548  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\windows\system32\drivers\wimmount.sys
12:11:44.0910 3548  WIMMount - ok
12:11:44.0926 3548  WinDefend - ok
12:11:44.0926 3548  WinHttpAutoProxySvc - ok
12:11:44.0973 3548  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
12:11:45.0020 3548  Winmgmt - ok
12:11:45.0082 3548  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\windows\system32\WsmSvc.dll
12:11:45.0160 3548  WinRM - ok
12:11:45.0238 3548  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys
12:11:45.0285 3548  WinUsb - ok
12:11:45.0332 3548  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\windows\System32\wlansvc.dll
12:11:45.0394 3548  Wlansvc - ok
12:11:45.0519 3548  [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:11:45.0581 3548  wlidsvc - ok
12:11:45.0644 3548  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\windows\system32\DRIVERS\wmiacpi.sys
12:11:45.0659 3548  WmiAcpi - ok
12:11:45.0706 3548  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
12:11:45.0722 3548  wmiApSrv - ok
12:11:45.0753 3548  WMPNetworkSvc - ok
12:11:45.0768 3548  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\windows\System32\wpcsvc.dll
12:11:45.0784 3548  WPCSvc - ok
12:11:45.0784 3548  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
12:11:45.0815 3548  WPDBusEnum - ok
12:11:45.0846 3548  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
12:11:45.0878 3548  ws2ifsl - ok
12:11:45.0893 3548  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\windows\system32\wscsvc.dll
12:11:45.0909 3548  wscsvc - ok
12:11:45.0909 3548  WSearch - ok
12:11:45.0987 3548  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\windows\system32\wuaueng.dll
12:11:46.0080 3548  wuauserv - ok
12:11:46.0112 3548  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
12:11:46.0127 3548  WudfPf - ok
12:11:46.0158 3548  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
12:11:46.0190 3548  WUDFRd - ok
12:11:46.0236 3548  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
12:11:46.0268 3548  wudfsvc - ok
12:11:46.0314 3548  [ F0B1D8725FAB9F4A559CCC91A960FCE0 ] WwanSvc         C:\windows\System32\wwansvc.dll
12:11:46.0330 3548  WwanSvc - ok
12:11:46.0377 3548  ================ Scan global ===============================
12:11:46.0408 3548  [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
12:11:46.0439 3548  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\windows\system32\winsrv.dll
12:11:46.0455 3548  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\windows\system32\winsrv.dll
12:11:46.0470 3548  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
12:11:46.0502 3548  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
12:11:46.0502 3548  [Global] - ok
12:11:46.0502 3548  ================ Scan MBR ==================================
12:11:46.0517 3548  [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
12:11:47.0032 3548  \Device\Harddisk0\DR0 - ok
12:11:47.0032 3548  ================ Scan VBR ==================================
12:11:47.0063 3548  [ E0C3927DBE6A76BA4E6645E4CA7F22C2 ] \Device\Harddisk0\DR0\Partition1
12:11:47.0079 3548  \Device\Harddisk0\DR0\Partition1 - ok
12:11:47.0079 3548  ============================================================
12:11:47.0079 3548  Scan finished
12:11:47.0079 3548  ============================================================
12:11:47.0079 5156  Detected object count: 0
12:11:47.0079 5156  Actual detected object count: 0

cosinus · 22.01.2013, 12:31

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

partychick · 22.01.2013, 12:51

ComboFix:

Code:

ATTFilter

ComboFix 13-01-21.04 - *** 22.01.2013  12:42:02.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8152.6303 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\***\AppData\Roaming\Evmya
c:\users\***\AppData\Roaming\Evmya\gouqr.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-22 bis 2013-01-22  ))))))))))))))))))))))))))))))
.
.
2013-01-22 11:44 . 2013-01-22 11:44	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-22 10:41 . 2013-01-22 10:41	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-22 10:41 . 2013-01-22 10:41	--------	d-----w-	c:\program files (x86)\Java
2013-01-21 20:38 . 2013-01-21 20:47	--------	d-----w-	c:\users\***\AppData\Roaming\Akofi
2013-01-21 20:38 . 2013-01-21 20:38	--------	d-----w-	c:\users\***\AppData\Roaming\Ryunle
2013-01-21 20:37 . 2013-01-21 20:37	--------	d-----w-	c:\users\***\Ugpvwcfyfwy
2013-01-18 16:44 . 2013-01-18 16:53	--------	d-----w-	c:\users\***\AppData\Local\PokerStars.EU
2013-01-18 16:44 . 2013-01-18 16:51	--------	d-----w-	c:\program files (x86)\PokerStars.EU
2013-01-16 10:31 . 2013-01-16 10:31	--------	d-----w-	c:\users\***\AppData\Roaming\TOSHIBA Online Product Information
2013-01-15 20:31 . 2013-01-15 20:31	--------	d-----w-	c:\program files (x86)\Microsoft
2013-01-15 19:17 . 2012-11-29 15:06	37216	----a-w-	c:\windows\system32\uxtuneup.dll
2013-01-15 19:17 . 2012-11-29 15:06	29536	----a-w-	c:\windows\SysWow64\uxtuneup.dll
2013-01-15 19:12 . 2012-11-29 15:06	34656	----a-w-	c:\windows\system32\TURegOpt.exe
2013-01-15 19:12 . 2012-11-29 15:06	25952	----a-w-	c:\windows\system32\authuitu.dll
2013-01-15 19:12 . 2012-11-29 15:06	21344	----a-w-	c:\windows\SysWow64\authuitu.dll
2013-01-15 19:11 . 2013-01-15 19:12	--------	d-----w-	c:\program files (x86)\TuneUp Utilities 2013
2013-01-15 19:10 . 2013-01-15 19:10	--------	d-sh--w-	c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-01-15 19:10 . 2013-01-15 19:10	--------	d--h--w-	c:\programdata\Common Files
2013-01-15 18:50 . 2013-01-15 18:52	--------	d-----w-	c:\program files (x86)\Microsoft Works
2013-01-15 18:47 . 2013-01-15 18:47	--------	d-----w-	c:\program files\Microsoft Office
2013-01-15 18:46 . 2013-01-15 19:16	--------	d-----w-	c:\users\***\AppData\Roaming\TuneUp Software
2013-01-15 18:46 . 2013-01-15 19:11	--------	d-----w-	c:\program files (x86)\TuneUp Utilities 2012
2013-01-15 18:46 . 2013-01-15 18:46	--------	d-----w-	c:\program files (x86)\Microsoft Visual Studio 8
2013-01-15 18:46 . 2013-01-15 18:49	--------	d-----w-	c:\windows\SHELLNEW
2013-01-15 18:46 . 2013-01-15 18:46	--------	d-----w-	c:\users\***\AppData\Local\Microsoft Help
2013-01-15 18:45 . 2013-01-15 20:31	--------	d-----w-	c:\programdata\Microsoft Help
2013-01-15 18:45 . 2013-01-15 19:12	--------	d-----w-	c:\programdata\TuneUp Software
2013-01-15 18:45 . 2013-01-15 18:45	--------	d-sh--w-	c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2013-01-15 18:45 . 2013-01-15 18:45	--------	d-----r-	C:\MSOCache
2013-01-15 18:39 . 2013-01-15 18:39	--------	d-----w-	c:\program files (x86)\MSECache
2013-01-15 18:25 . 2013-01-15 18:25	--------	d-----w-	c:\users\***\AppData\Local\Apple Computer
2013-01-15 18:25 . 2012-08-21 12:01	33240	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2013-01-11 22:43 . 2013-01-17 15:19	--------	d-----w-	c:\users\***\AppData\Roaming\Mp3tag
2013-01-11 22:43 . 2013-01-11 22:43	--------	d-----w-	c:\program files (x86)\Mp3tag
2013-01-11 12:41 . 2013-01-21 19:57	--------	d-----w-	c:\program files\CCleaner
2013-01-11 12:19 . 2013-01-11 12:20	--------	d-----w-	c:\program files\WinRAR
2013-01-11 07:11 . 2012-11-09 05:45	750592	----a-w-	c:\windows\system32\win32spl.dll
2013-01-11 07:11 . 2012-11-09 04:43	492032	----a-w-	c:\windows\SysWow64\win32spl.dll
2013-01-11 07:11 . 2012-11-01 05:43	2002432	----a-w-	c:\windows\system32\msxml6.dll
2013-01-11 07:11 . 2012-11-01 05:43	1882624	----a-w-	c:\windows\system32\msxml3.dll
2013-01-11 07:11 . 2012-11-01 04:47	1389568	----a-w-	c:\windows\SysWow64\msxml6.dll
2013-01-11 07:11 . 2012-11-01 04:47	1236992	----a-w-	c:\windows\SysWow64\msxml3.dll
2013-01-11 07:11 . 2012-11-20 05:48	307200	----a-w-	c:\windows\system32\ncrypt.dll
2013-01-11 07:11 . 2012-11-20 04:51	220160	----a-w-	c:\windows\SysWow64\ncrypt.dll
2013-01-11 07:11 . 2012-11-22 05:44	800768	----a-w-	c:\windows\system32\usp10.dll
2013-01-11 07:11 . 2012-11-22 04:45	626688	----a-w-	c:\windows\SysWow64\usp10.dll
2013-01-03 21:37 . 2013-01-11 07:23	--------	d-----w-	c:\program files (x86)\SpywareBlaster
2013-01-03 21:37 . 2010-01-10 17:40	118784	----a-w-	c:\windows\SysWow64\MSSTDFMT.DLL
2013-01-03 21:32 . 2013-01-03 21:32	--------	d-----w-	c:\users\***\AppData\Roaming\WinPatrol
2013-01-03 21:32 . 2013-01-03 21:32	--------	d-----w-	c:\program files (x86)\BillP Studios
2013-01-03 21:32 . 2013-01-11 07:18	--------	d-----w-	c:\programdata\InstallMate
2013-01-03 21:18 . 2013-01-03 21:18	--------	d-----w-	c:\users\***\AppData\Local\Secunia PSI
2013-01-03 21:17 . 2013-01-03 21:17	--------	d-----w-	c:\program files (x86)\Secunia
2013-01-03 21:01 . 2013-01-03 21:01	--------	d-----w-	c:\program files (x86)\Common Files\Adobe
2013-01-03 20:47 . 2013-01-03 20:47	--------	d-----w-	c:\program files (x86)\Common Files\Java
2013-01-03 20:47 . 2013-01-22 10:41	859552	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-01-03 17:33 . 2013-01-03 17:33	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2013-01-03 17:33 . 2013-01-03 17:33	--------	d-----w-	c:\programdata\Malwarebytes
2013-01-03 17:33 . 2013-01-03 17:33	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-03 17:33 . 2012-12-14 15:49	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-01-03 17:31 . 2013-01-03 17:31	--------	d-----w-	c:\users\***\AppData\Local\Programs
2013-01-02 18:52 . 2013-01-02 18:52	--------	d-----w-	c:\windows\ERUNT
2012-12-30 21:35 . 2012-12-30 21:35	--------	d-----w-	c:\users\***\AppData\Local\Macromedia
2012-12-30 19:40 . 2012-12-30 19:40	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2012-12-30 19:40 . 2012-12-30 19:40	--------	d-----r-	c:\program files (x86)\Skype
2012-12-30 19:17 . 2012-12-30 19:38	--------	d-----w-	c:\program files (x86)\yolobartb
2012-12-30 18:51 . 2012-12-30 18:51	--------	d-----w-	c:\program files\Microsoft Silverlight
2012-12-30 18:51 . 2012-12-30 18:51	--------	d-----w-	c:\program files (x86)\Microsoft Silverlight
2012-12-30 18:50 . 2012-12-30 18:50	959976	----a-w-	c:\windows\system32\deployJava1.dll
2012-12-30 18:50 . 2012-12-30 18:50	1081320	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-12-30 18:05 . 2012-12-30 18:05	--------	d-----w-	c:\users\***\AppData\Local\Mozilla
2012-12-30 18:05 . 2013-01-22 11:01	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2012-12-29 20:52 . 2012-12-29 20:52	--------	d-----w-	c:\windows\de
2012-12-29 20:52 . 2012-12-29 20:52	--------	d-----w-	c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-12-29 20:52 . 2012-12-29 20:52	--------	d-----w-	c:\windows\PCHEALTH
2012-12-29 20:51 . 2010-06-02 03:55	77656	----a-w-	c:\windows\system32\XAPOFX1_5.dll
2012-12-29 20:51 . 2010-06-02 03:55	74072	----a-w-	c:\windows\SysWow64\XAPOFX1_5.dll
2012-12-29 20:51 . 2010-06-02 03:55	527192	----a-w-	c:\windows\SysWow64\XAudio2_7.dll
2012-12-29 20:51 . 2010-06-02 03:55	518488	----a-w-	c:\windows\system32\XAudio2_7.dll
2012-12-29 20:51 . 2010-05-26 10:41	276832	----a-w-	c:\windows\system32\d3dx11_43.dll
2012-12-29 20:51 . 2010-05-26 10:41	2526056	----a-w-	c:\windows\system32\D3DCompiler_43.dll
2012-12-29 20:48 . 2012-12-29 20:48	94040	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\ce8ff7961cde60505\DSETUP.dll
2012-12-29 20:48 . 2012-12-29 20:48	525656	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\ce8ff7961cde60505\DXSETUP.exe
2012-12-29 20:48 . 2012-12-29 20:48	1691480	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\ce8ff7961cde60505\dsetup32.dll
2012-12-29 20:48 . 2012-12-29 20:48	89944	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\cc3cdf911cde60504\DSETUP.dll
2012-12-29 20:48 . 2012-12-29 20:48	537432	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\cc3cdf911cde60504\DXSETUP.exe
2012-12-29 20:48 . 2012-12-29 20:48	1801048	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\cc3cdf911cde60504\dsetup32.dll
2012-12-29 20:47 . 2012-12-29 20:47	89944	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\c6802e881cde60501\DSETUP.dll
2012-12-29 20:47 . 2012-12-29 20:47	537432	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\c6802e881cde60501\DXSETUP.exe
2012-12-29 20:47 . 2012-12-29 20:47	1801048	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\c6802e881cde60501\dsetup32.dll
2012-12-29 20:47 . 2012-12-29 21:09	--------	d-----w-	c:\users\***\AppData\Local\Windows Live
2012-12-29 18:43 . 2012-12-29 18:43	--------	d-----w-	c:\users\***\AppData\Local\Adobe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-22 10:41 . 2012-05-10 20:55	780192	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-01-11 09:01 . 2012-05-10 21:25	74248	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-11 09:01 . 2012-05-10 21:25	697864	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-11 07:15 . 2012-12-21 16:37	67599240	----a-w-	c:\windows\system32\MRT.exe
2012-12-16 17:11 . 2012-12-21 16:26	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 16:26	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 16:26	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 16:26	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-03 14:36 . 2012-12-21 19:39	129216	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-12-03 14:36 . 2012-12-21 19:39	99912	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-11-30 04:45 . 2013-01-11 07:10	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-11-19 00:01 . 2012-12-21 15:02	9125352	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{D38F24AC-1B36-4E86-9E18-1588A7776374}\mpengine.dll
2012-11-16 19:17 . 2012-12-21 19:39	27800	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-11-14 07:06 . 2012-12-21 16:27	17811968	----a-w-	c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-21 16:27	10925568	----a-w-	c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-21 16:27	2312704	----a-w-	c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-21 16:27	1346048	----a-w-	c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-21 16:27	1392128	----a-w-	c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-21 16:27	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-21 16:27	237056	----a-w-	c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-21 16:27	85504	----a-w-	c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-21 16:27	816640	----a-w-	c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-21 16:27	599040	----a-w-	c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-21 16:27	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-21 16:27	2144768	----a-w-	c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-21 16:27	729088	----a-w-	c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-21 16:27	96768	----a-w-	c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-21 16:27	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-21 16:27	248320	----a-w-	c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-21 16:27	1800704	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-21 16:27	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-21 16:27	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-21 16:27	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-21 16:27	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-21 16:27	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-21 15:04	2048	----a-w-	c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-21 15:04	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-11-02 05:59 . 2012-12-21 15:03	478208	----a-w-	c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-21 15:03	376832	----a-w-	c:\windows\SysWow64\dpnet.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-12-17 59872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NBAgent"="c:\program files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-11-18 1492264]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-01-20 343168]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-05 291608]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-12-04 384800]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2013-01-04 404712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2012-11-26 573024]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-24 565352]
R3 TDEIO;TDEIO;c:\windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-05 16152]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-12-01 72240]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-12-01 15920]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-11-16 27800]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-01-20 235520]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-04 85280]
S2 GFNEXSrv;GFNEX Service;c:\windows\System32\GFNEXSrv.exe [2010-09-10 162824]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-03 628448]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-02-21 128280]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-02-21 161560]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2012-11-26 1225312]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2012-11-26 659040]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-02-10 112080]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-11-24 294848]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2012-11-29 2401632]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-02-29 363800]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-10-17 93712]
S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys [2011-08-09 45168]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-05 355096]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-05 786200]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2011-08-17 251496]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-11-26 138152]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-12-14 833976]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [2012-11-16 11880]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 80341728
*Deregistered* - 80341728
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 09:01]
.
2013-01-22 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
2013-01-18 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-03-16 12459112]
"SRS Premium Sound HD"="c:\program files\SRS Labs\SRS Control Panel\SRSPanel_64.exe" [2012-03-22 2165120]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-11-26 710560]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2011-02-10 1546720]
"Toshiba Registration"="c:\program files\TOSHIBA\Registration\ToshibaReminder.exe" [2012-05-10 150992]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\WinPatrol.exe" [2013-01-04 404712]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: secunia.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\62kt59q4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - ExtSQL: 2012-12-30 20:09; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\62kt59q4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2012-12-30 20:14; {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\62kt59q4.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF - ExtSQL: 2012-12-30 20:21; ich@maltegoetz.de; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\62kt59q4.default\extensions\ich@maltegoetz.de
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-22  12:45:53
ComboFix-quarantined-files.txt  2013-01-22 11:45
.
Vor Suchlauf: 8 Verzeichnis(se), 927.259.049.984 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 927.203.000.320 Bytes frei
.
- - End Of File - - B19D093E014B64508E7725600DF651D3

cosinus · 22.01.2013, 13:22

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

ATTFilter

Folder::
c:\users\***\AppData\Roaming\Akofi
c:\users\***\AppData\Roaming\Ryunle
c:\users\***\Ugpvwcfyfwy

Dirlook::
c:\windows\SHELLNEW

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

partychick · 22.01.2013, 13:44

Erledigt. Wurde allerdings nicht nach einem Neustart gefragt.

Code:

ATTFilter

ComboFix 13-01-21.04 - *** 22.01.2013  13:35:32.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8152.6189 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\***\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\***\AppData\Roaming\Akofi
c:\users\***\AppData\Roaming\Akofi\zaok.diy
c:\users\***\AppData\Roaming\Ryunle
c:\users\***\AppData\Roaming\Ryunle\goip.gau
c:\users\***\Ugpvwcfyfwy
c:\users\***\Ugpvwcfyfwy\iilpvmuljnv.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-22 bis 2013-01-22  ))))))))))))))))))))))))))))))
.
.
2013-01-22 12:37 . 2013-01-22 12:37	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-22 10:41 . 2013-01-22 10:41	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-22 10:41 . 2013-01-22 10:41	--------	d-----w-	c:\program files (x86)\Java
2013-01-18 16:44 . 2013-01-18 16:53	--------	d-----w-	c:\users\***\AppData\Local\PokerStars.EU
2013-01-18 16:44 . 2013-01-18 16:51	--------	d-----w-	c:\program files (x86)\PokerStars.EU
2013-01-16 10:31 . 2013-01-16 10:31	--------	d-----w-	c:\users\***\AppData\Roaming\TOSHIBA Online Product Information
2013-01-15 20:31 . 2013-01-15 20:31	--------	d-----w-	c:\program files (x86)\Microsoft
2013-01-15 19:17 . 2012-11-29 15:06	37216	----a-w-	c:\windows\system32\uxtuneup.dll
2013-01-15 19:17 . 2012-11-29 15:06	29536	----a-w-	c:\windows\SysWow64\uxtuneup.dll
2013-01-15 19:12 . 2012-11-29 15:06	34656	----a-w-	c:\windows\system32\TURegOpt.exe
2013-01-15 19:12 . 2012-11-29 15:06	25952	----a-w-	c:\windows\system32\authuitu.dll
2013-01-15 19:12 . 2012-11-29 15:06	21344	----a-w-	c:\windows\SysWow64\authuitu.dll
2013-01-15 19:11 . 2013-01-15 19:12	--------	d-----w-	c:\program files (x86)\TuneUp Utilities 2013
2013-01-15 19:10 . 2013-01-15 19:10	--------	d-sh--w-	c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-01-15 19:10 . 2013-01-15 19:10	--------	d--h--w-	c:\programdata\Common Files
2013-01-15 18:50 . 2013-01-15 18:52	--------	d-----w-	c:\program files (x86)\Microsoft Works
2013-01-15 18:47 . 2013-01-15 18:47	--------	d-----w-	c:\program files\Microsoft Office
2013-01-15 18:46 . 2013-01-15 19:16	--------	d-----w-	c:\users\***\AppData\Roaming\TuneUp Software
2013-01-15 18:46 . 2013-01-15 19:11	--------	d-----w-	c:\program files (x86)\TuneUp Utilities 2012
2013-01-15 18:46 . 2013-01-15 18:46	--------	d-----w-	c:\program files (x86)\Microsoft Visual Studio 8
2013-01-15 18:46 . 2013-01-15 18:49	--------	d-----w-	c:\windows\SHELLNEW
2013-01-15 18:46 . 2013-01-15 18:46	--------	d-----w-	c:\users\***\AppData\Local\Microsoft Help
2013-01-15 18:45 . 2013-01-15 20:31	--------	d-----w-	c:\programdata\Microsoft Help
2013-01-15 18:45 . 2013-01-15 19:12	--------	d-----w-	c:\programdata\TuneUp Software
2013-01-15 18:45 . 2013-01-15 18:45	--------	d-sh--w-	c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2013-01-15 18:45 . 2013-01-15 18:45	--------	d-----r-	C:\MSOCache
2013-01-15 18:39 . 2013-01-15 18:39	--------	d-----w-	c:\program files (x86)\MSECache
2013-01-15 18:25 . 2013-01-15 18:25	--------	d-----w-	c:\users\***\AppData\Local\Apple Computer
2013-01-15 18:25 . 2012-08-21 12:01	33240	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2013-01-11 22:43 . 2013-01-17 15:19	--------	d-----w-	c:\users\***\AppData\Roaming\Mp3tag
2013-01-11 22:43 . 2013-01-11 22:43	--------	d-----w-	c:\program files (x86)\Mp3tag
2013-01-11 12:41 . 2013-01-21 19:57	--------	d-----w-	c:\program files\CCleaner
2013-01-11 12:19 . 2013-01-11 12:20	--------	d-----w-	c:\program files\WinRAR
2013-01-11 07:11 . 2012-11-09 05:45	750592	----a-w-	c:\windows\system32\win32spl.dll
2013-01-11 07:11 . 2012-11-09 04:43	492032	----a-w-	c:\windows\SysWow64\win32spl.dll
2013-01-11 07:11 . 2012-11-01 05:43	2002432	----a-w-	c:\windows\system32\msxml6.dll
2013-01-11 07:11 . 2012-11-01 05:43	1882624	----a-w-	c:\windows\system32\msxml3.dll
2013-01-11 07:11 . 2012-11-01 04:47	1389568	----a-w-	c:\windows\SysWow64\msxml6.dll
2013-01-11 07:11 . 2012-11-01 04:47	1236992	----a-w-	c:\windows\SysWow64\msxml3.dll
2013-01-11 07:11 . 2012-11-20 05:48	307200	----a-w-	c:\windows\system32\ncrypt.dll
2013-01-11 07:11 . 2012-11-20 04:51	220160	----a-w-	c:\windows\SysWow64\ncrypt.dll
2013-01-11 07:11 . 2012-11-22 05:44	800768	----a-w-	c:\windows\system32\usp10.dll
2013-01-11 07:11 . 2012-11-22 04:45	626688	----a-w-	c:\windows\SysWow64\usp10.dll
2013-01-03 21:37 . 2013-01-11 07:23	--------	d-----w-	c:\program files (x86)\SpywareBlaster
2013-01-03 21:37 . 2010-01-10 17:40	118784	----a-w-	c:\windows\SysWow64\MSSTDFMT.DLL
2013-01-03 21:32 . 2013-01-03 21:32	--------	d-----w-	c:\users\***\AppData\Roaming\WinPatrol
2013-01-03 21:32 . 2013-01-03 21:32	--------	d-----w-	c:\program files (x86)\BillP Studios
2013-01-03 21:32 . 2013-01-11 07:18	--------	d-----w-	c:\programdata\InstallMate
2013-01-03 21:18 . 2013-01-03 21:18	--------	d-----w-	c:\users\***\AppData\Local\Secunia PSI
2013-01-03 21:17 . 2013-01-03 21:17	--------	d-----w-	c:\program files (x86)\Secunia
2013-01-03 21:01 . 2013-01-03 21:01	--------	d-----w-	c:\program files (x86)\Common Files\Adobe
2013-01-03 20:47 . 2013-01-03 20:47	--------	d-----w-	c:\program files (x86)\Common Files\Java
2013-01-03 20:47 . 2013-01-22 10:41	859552	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-01-03 17:33 . 2013-01-03 17:33	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2013-01-03 17:33 . 2013-01-03 17:33	--------	d-----w-	c:\programdata\Malwarebytes
2013-01-03 17:33 . 2013-01-03 17:33	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-03 17:33 . 2012-12-14 15:49	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-01-03 17:31 . 2013-01-03 17:31	--------	d-----w-	c:\users\***\AppData\Local\Programs
2013-01-02 18:52 . 2013-01-02 18:52	--------	d-----w-	c:\windows\ERUNT
2012-12-30 21:35 . 2012-12-30 21:35	--------	d-----w-	c:\users\***\AppData\Local\Macromedia
2012-12-30 19:40 . 2012-12-30 19:40	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2012-12-30 19:40 . 2012-12-30 19:40	--------	d-----r-	c:\program files (x86)\Skype
2012-12-30 19:17 . 2012-12-30 19:38	--------	d-----w-	c:\program files (x86)\yolobartb
2012-12-30 18:51 . 2012-12-30 18:51	--------	d-----w-	c:\program files\Microsoft Silverlight
2012-12-30 18:51 . 2012-12-30 18:51	--------	d-----w-	c:\program files (x86)\Microsoft Silverlight
2012-12-30 18:50 . 2012-12-30 18:50	959976	----a-w-	c:\windows\system32\deployJava1.dll
2012-12-30 18:50 . 2012-12-30 18:50	1081320	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-12-30 18:05 . 2012-12-30 18:05	--------	d-----w-	c:\users\***\AppData\Local\Mozilla
2012-12-30 18:05 . 2013-01-22 11:01	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2012-12-29 20:52 . 2012-12-29 20:52	--------	d-----w-	c:\windows\de
2012-12-29 20:52 . 2012-12-29 20:52	--------	d-----w-	c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-12-29 20:52 . 2012-12-29 20:52	--------	d-----w-	c:\windows\PCHEALTH
2012-12-29 20:51 . 2010-06-02 03:55	77656	----a-w-	c:\windows\system32\XAPOFX1_5.dll
2012-12-29 20:51 . 2010-06-02 03:55	74072	----a-w-	c:\windows\SysWow64\XAPOFX1_5.dll
2012-12-29 20:51 . 2010-06-02 03:55	527192	----a-w-	c:\windows\SysWow64\XAudio2_7.dll
2012-12-29 20:51 . 2010-06-02 03:55	518488	----a-w-	c:\windows\system32\XAudio2_7.dll
2012-12-29 20:51 . 2010-05-26 10:41	276832	----a-w-	c:\windows\system32\d3dx11_43.dll
2012-12-29 20:51 . 2010-05-26 10:41	2526056	----a-w-	c:\windows\system32\D3DCompiler_43.dll
2012-12-29 20:48 . 2012-12-29 20:48	94040	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\ce8ff7961cde60505\DSETUP.dll
2012-12-29 20:48 . 2012-12-29 20:48	525656	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\ce8ff7961cde60505\DXSETUP.exe
2012-12-29 20:48 . 2012-12-29 20:48	1691480	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\ce8ff7961cde60505\dsetup32.dll
2012-12-29 20:48 . 2012-12-29 20:48	89944	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\cc3cdf911cde60504\DSETUP.dll
2012-12-29 20:48 . 2012-12-29 20:48	537432	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\cc3cdf911cde60504\DXSETUP.exe
2012-12-29 20:48 . 2012-12-29 20:48	1801048	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\cc3cdf911cde60504\dsetup32.dll
2012-12-29 20:47 . 2012-12-29 20:47	89944	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\c6802e881cde60501\DSETUP.dll
2012-12-29 20:47 . 2012-12-29 20:47	537432	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\c6802e881cde60501\DXSETUP.exe
2012-12-29 20:47 . 2012-12-29 20:47	1801048	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\c6802e881cde60501\dsetup32.dll
2012-12-29 20:47 . 2012-12-29 21:09	--------	d-----w-	c:\users\***\AppData\Local\Windows Live
2012-12-29 18:43 . 2012-12-29 18:43	--------	d-----w-	c:\users\***\AppData\Local\Adobe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-22 10:41 . 2012-05-10 20:55	780192	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-01-11 09:01 . 2012-05-10 21:25	74248	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-11 09:01 . 2012-05-10 21:25	697864	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-11 07:15 . 2012-12-21 16:37	67599240	----a-w-	c:\windows\system32\MRT.exe
2012-12-16 17:11 . 2012-12-21 16:26	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 16:26	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 16:26	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 16:26	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-03 14:36 . 2012-12-21 19:39	129216	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-12-03 14:36 . 2012-12-21 19:39	99912	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-11-30 04:45 . 2013-01-11 07:10	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-11-19 00:01 . 2012-12-21 15:02	9125352	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{D38F24AC-1B36-4E86-9E18-1588A7776374}\mpengine.dll
2012-11-16 19:17 . 2012-12-21 19:39	27800	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-11-14 07:06 . 2012-12-21 16:27	17811968	----a-w-	c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-21 16:27	10925568	----a-w-	c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-21 16:27	2312704	----a-w-	c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-21 16:27	1346048	----a-w-	c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-21 16:27	1392128	----a-w-	c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-21 16:27	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-21 16:27	237056	----a-w-	c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-21 16:27	85504	----a-w-	c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-21 16:27	816640	----a-w-	c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-21 16:27	599040	----a-w-	c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-21 16:27	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-21 16:27	2144768	----a-w-	c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-21 16:27	729088	----a-w-	c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-21 16:27	96768	----a-w-	c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-21 16:27	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-21 16:27	248320	----a-w-	c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-21 16:27	1800704	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-21 16:27	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-21 16:27	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-21 16:27	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-21 16:27	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-21 16:27	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-21 15:04	2048	----a-w-	c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-21 15:04	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-11-02 05:59 . 2012-12-21 15:03	478208	----a-w-	c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-21 15:03	376832	----a-w-	c:\windows\SysWow64\dpnet.dll
.
.
((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\SHELLNEW ----
.
2006-09-21 00:52 . 2006-09-21 00:52	8079	----a-w-	c:\windows\SHELLNEW\EXCEL12.XLSX
2006-09-16 10:25 . 2006-09-16 10:25	28176	----a-w-	c:\windows\SHELLNEW\PWRPNT12.PPTX
2005-12-13 18:15 . 2005-12-13 18:15	59904	----a-w-	c:\windows\SHELLNEW\MSPUB.PUB
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-12-17 59872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NBAgent"="c:\program files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-11-18 1492264]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-01-20 343168]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-05 291608]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-12-04 384800]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2013-01-04 404712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2012-11-26 573024]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2012-11-26 659040]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-24 565352]
R3 TDEIO;TDEIO;c:\windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-05 16152]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-12-01 72240]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-12-01 15920]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-11-16 27800]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-01-20 235520]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-04 85280]
S2 GFNEXSrv;GFNEX Service;c:\windows\System32\GFNEXSrv.exe [2010-09-10 162824]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-03 628448]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-02-21 128280]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-02-21 161560]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2012-11-26 1225312]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-02-10 112080]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-11-24 294848]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2012-11-29 2401632]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-02-29 363800]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-10-17 93712]
S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys [2011-08-09 45168]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-05 355096]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-05 786200]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2011-08-17 251496]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-11-26 138152]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-12-14 833976]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [2012-11-16 11880]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 80341728
*Deregistered* - 80341728
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 09:01]
.
2013-01-22 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
2013-01-18 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-03-16 12459112]
"SRS Premium Sound HD"="c:\program files\SRS Labs\SRS Control Panel\SRSPanel_64.exe" [2012-03-22 2165120]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-11-26 710560]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2011-02-10 1546720]
"Toshiba Registration"="c:\program files\TOSHIBA\Registration\ToshibaReminder.exe" [2012-05-10 150992]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\WinPatrol.exe" [2013-01-04 404712]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: secunia.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\62kt59q4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - ExtSQL: 2012-12-30 20:09; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\62kt59q4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2012-12-30 20:14; {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\62kt59q4.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF - ExtSQL: 2012-12-30 20:21; ich@maltegoetz.de; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\62kt59q4.default\extensions\ich@maltegoetz.de
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-22  13:38:55
ComboFix-quarantined-files.txt  2013-01-22 12:38
ComboFix2.txt  2013-01-22 11:45
.
Vor Suchlauf: 12 Verzeichnis(se), 928.280.707.072 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 928.217.640.960 Bytes frei
.
- - End Of File - - 42391F290DF724C45C3DCC80E76026AA

cosinus · 22.01.2013, 14:35

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

partychick · 22.01.2013, 18:54

AdwCleaner Log:

Code:

ATTFilter

# AdwCleaner v2.107 - Datei am 22/01/2013 um 18:51:18 erstellt
# Aktualisiert am 21/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : *** - ***
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\Program Files (x86)\yolobartb
Ordner Gefunden : C:\Program Files\DomaIQ Uninstaller
Ordner Gefunden : C:\ProgramData\InstallMate

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_2_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_2_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111981166}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DomaIQ Uninstaller

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v18.0 (de)

Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\62kt59q4.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1393 octets] - [22/01/2013 18:51:18]

########## EOF - C:\AdwCleaner[R1].txt - [1453 octets] ##########

cosinus · 23.01.2013, 11:37

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

partychick · 23.01.2013, 20:51

1. adwCleaner:

Code:

ATTFilter

# AdwCleaner v2.107 - Datei am 23/01/2013 um 19:20:09 erstellt
# Aktualisiert am 21/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : *** - ***
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Program Files (x86)\yolobartb
Ordner Gelöscht : C:\Program Files\DomaIQ Uninstaller
Ordner Gelöscht : C:\ProgramData\InstallMate

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_2_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_2_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111981166}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DomaIQ Uninstaller

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v18.0.1 (de)

Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\62kt59q4.default\prefs.js

C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\62kt59q4.default\user.js ... Gelöscht !

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1522 octets] - [22/01/2013 18:51:18]
AdwCleaner[S1].txt - [1556 octets] - [23/01/2013 19:20:09]

########## EOF - C:\AdwCleaner[S1].txt - [1616 octets] ##########

2. OTL:

Code:

ATTFilter

OTL logfile created on: 23.01.2013 19:29:10 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,96 Gb Total Physical Memory | 6,13 Gb Available Physical Memory | 77,00% Memory free
15,92 Gb Paging File | 13,90 Gb Available in Paging File | 87,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 913,93 Gb Total Space | 864,40 Gb Free Space | 94,58% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Secunia\PSI\psia.exe (Secunia)
PRC - C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (GFNEXSrv) -- C:\Windows\SysNative\GFNEXSrv.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\psia.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe ()
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (TemproMonitoringService) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (tosrfbd) -- C:\Windows\SysNative\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (Tosrfusb) -- C:\Windows\SysNative\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV:64bit: - (NBVol) -- C:\Windows\SysNative\drivers\NBVol.sys (Nero AG)
DRV:64bit: - (NBVolUp) -- C:\Windows\SysNative\drivers\NBVolUp.sys (Nero AG)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:64bit: - (Tosrfcom) -- C:\Windows\SysNative\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (tosrfbnp) -- C:\Windows\SysNative\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia)
DRV:64bit: - (Tosrfhid) -- C:\Windows\SysNative\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV:64bit: - (tosrfec) -- C:\Windows\SysNative\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV:64bit: - (TosRfSnd) -- C:\Windows\SysNative\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (tosrfnds) -- C:\Windows\SysNative\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV:64bit: - (tosporte) -- C:\Windows\SysNative\drivers\tosporte.sys (TOSHIBA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{8E61A64B-17B3-45E8-AA64-F9A2A272F96C}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA;
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{8E61A64B-17B3-45E8-AA64-F9A2A272F96C}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA;
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1458013422-641338021-464897306-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
IE - HKU\S-1-5-21-1458013422-641338021-464897306-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1458013422-641338021-464897306-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1458013422-641338021-464897306-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: %7B77d2ed30-4cd2-11e0-b8af-0800200c9a66%7D:5.4
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.23 10:08:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.23 10:08:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.12.30 19:05:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2013.01.15 14:35:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\62kt59q4.default\extensions
[2012.12.30 19:45:38 | 000,000,000 | ---D | M] (FT DeepDark) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\62kt59q4.default\extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66}
[2012.12.30 20:21:56 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\62kt59q4.default\extensions\ich@maltegoetz.de
[2013.01.05 18:43:23 | 000,220,411 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\62kt59q4.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2012.12.30 20:09:34 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\62kt59q4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.01.23 10:08:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.01.23 10:08:44 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.01.05 16:11:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.01.05 16:11:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.01.05 16:11:17 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.01.05 16:11:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.30 22:02:14 | 000,002,242 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\mystarttb.xml
[2013.01.05 16:11:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.01.05 16:11:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.01.22 13:37:47 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SRS Premium Sound HD] C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe (SRS Labs, Inc.)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\.DEFAULT..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-21-1458013422-641338021-464897306-1000..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1458013422-641338021-464897306-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1458013422-641338021-464897306-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1458013422-641338021-464897306-1000\..Trusted Domains: secunia.com ([]https in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 1.7.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 10.11.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{379BDE87-D1BE-4559-84ED-870596FA556A}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.23 10:08:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.01.22 18:41:58 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.01.22 13:38:57 | 000,000,000 | ---D | C] -- C:\windows\temp
[2013.01.22 12:41:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013.01.22 12:41:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013.01.22 12:41:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013.01.22 12:41:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.01.22 12:39:07 | 005,025,054 | R--- | C] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe
[2013.01.22 12:08:24 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe
[2013.01.22 11:54:18 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe
[2013.01.22 11:42:00 | 000,261,024 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2013.01.22 11:41:56 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2013.01.22 11:41:56 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2013.01.22 11:41:56 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2013.01.22 11:41:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.01.22 11:07:55 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\mbar
[2013.01.21 21:56:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.01.18 17:44:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\PokerStars.EU
[2013.01.18 17:44:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars.EU
[2013.01.18 17:44:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PokerStars.EU
[2013.01.16 11:31:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TOSHIBA Online Product Information
[2013.01.15 21:55:23 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2013.01.15 21:31:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2013.01.15 21:31:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2013.01.15 20:17:16 | 000,037,216 | ---- | C] (TuneUp Software) -- C:\windows\SysNative\uxtuneup.dll
[2013.01.15 20:17:16 | 000,029,536 | ---- | C] (TuneUp Software) -- C:\windows\SysWow64\uxtuneup.dll
[2013.01.15 20:12:10 | 000,034,656 | ---- | C] (TuneUp Software) -- C:\windows\SysNative\TURegOpt.exe
[2013.01.15 20:12:09 | 000,025,952 | ---- | C] (TuneUp Software) -- C:\windows\SysNative\authuitu.dll
[2013.01.15 20:12:09 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\windows\SysWow64\authuitu.dll
[2013.01.15 20:12:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013
[2013.01.15 20:11:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2013
[2013.01.15 20:10:54 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013.01.15 20:10:54 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013.01.15 19:51:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013.01.15 19:50:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2013.01.15 19:49:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2013.01.15 19:49:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2013.01.15 19:47:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013.01.15 19:46:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2013.01.15 19:46:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2012
[2013.01.15 19:46:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2013.01.15 19:46:06 | 000,000,000 | ---D | C] -- C:\windows\SHELLNEW
[2013.01.15 19:46:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft Help
[2013.01.15 19:45:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2013.01.15 19:45:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2013.01.15 19:45:52 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2013.01.15 19:45:42 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2013.01.15 19:45:39 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2013.01.15 19:39:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2013.01.15 19:25:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apple Computer
[2013.01.15 19:25:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.01.15 19:25:12 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\windows\SysNative\drivers\GEARAspiWDM.sys
[2013.01.15 19:24:52 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.01.15 19:24:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013.01.15 19:24:51 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013.01.15 19:24:50 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.01.15 19:24:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013.01.15 19:23:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Apple Computer
[2013.01.15 19:23:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2013.01.15 19:23:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013.01.15 19:22:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apple
[2013.01.15 19:22:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013.01.15 19:22:46 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013.01.15 19:22:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013.01.15 19:22:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013.01.15 19:22:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2013.01.11 23:43:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Mp3tag
[2013.01.11 23:43:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
[2013.01.11 23:43:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mp3tag
[2013.01.11 13:41:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.01.11 13:41:30 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.01.11 13:20:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\WinRAR
[2013.01.11 13:20:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.01.11 13:20:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.01.11 13:19:49 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013.01.11 08:11:17 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll
[2013.01.11 08:11:16 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\win32spl.dll
[2013.01.11 08:11:02 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll
[2013.01.11 08:11:01 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\usp10.dll
[2013.01.11 08:10:57 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gameux.dll
[2013.01.11 08:10:57 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\gameux.dll
[2013.01.11 08:10:57 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wpc.dll
[2013.01.11 08:10:57 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Wpc.dll
[2013.01.11 08:10:57 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\SysWow64\fpb.rs
[2013.01.11 08:10:57 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\SysNative\fpb.rs
[2013.01.11 08:10:57 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\SysWow64\oflc-nz.rs
[2013.01.11 08:10:57 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\SysNative\oflc-nz.rs
[2013.01.11 08:10:57 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegibbfc.rs
[2013.01.11 08:10:57 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegibbfc.rs
[2013.01.11 08:10:57 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\SysWow64\csrr.rs
[2013.01.11 08:10:57 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\SysNative\csrr.rs
[2013.01.11 08:10:57 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\SysWow64\cob-au.rs
[2013.01.11 08:10:57 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\SysNative\cob-au.rs
[2013.01.11 08:10:57 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\SysWow64\usk.rs
[2013.01.11 08:10:57 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\SysNative\usk.rs
[2013.01.11 08:10:57 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\SysWow64\grb.rs
[2013.01.11 08:10:57 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\SysNative\grb.rs
[2013.01.11 08:10:57 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi-pt.rs
[2013.01.11 08:10:57 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi-pt.rs
[2013.01.11 08:10:57 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi.rs
[2013.01.11 08:10:57 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi.rs
[2013.01.11 08:10:57 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\SysWow64\djctq.rs
[2013.01.11 08:10:57 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\SysNative\djctq.rs
[2013.01.11 08:10:56 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\SysWow64\cero.rs
[2013.01.11 08:10:56 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\SysNative\cero.rs
[2013.01.11 08:10:56 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\SysWow64\esrb.rs
[2013.01.11 08:10:56 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\SysNative\esrb.rs
[2013.01.11 08:10:56 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\SysWow64\oflc.rs
[2013.01.11 08:10:56 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\SysNative\oflc.rs
[2013.01.11 08:10:56 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi-fi.rs
[2013.01.11 08:10:56 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi-fi.rs
[2013.01.11 08:10:36 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2013.01.11 08:10:36 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
[2013.01.11 08:10:36 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe
[2013.01.11 08:10:36 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2013.01.11 08:10:35 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
[2013.01.11 08:10:35 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2013.01.11 08:10:35 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2013.01.11 08:10:35 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
[2013.01.11 08:10:35 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2013.01.11 08:10:35 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
[2013.01.11 08:10:35 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2013.01.11 08:10:35 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013.01.11 08:10:35 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013.01.11 08:10:35 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013.01.11 08:10:35 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013.01.11 08:10:35 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2013.01.11 08:10:35 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013.01.11 08:10:35 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013.01.11 08:10:35 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013.01.11 08:10:35 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013.01.11 08:10:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.01.11 08:10:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.01.11 08:10:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013.01.11 08:10:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013.01.11 08:10:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013.01.11 08:10:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013.01.11 08:10:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013.01.11 08:10:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013.01.11 08:10:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013.01.11 08:10:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013.01.11 08:10:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2013.01.11 08:10:22 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\taskhost.exe
[2013.01.03 22:53:53 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\TFC.exe
[2013.01.03 22:37:28 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013.01.03 22:37:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2013.01.03 22:37:24 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSSTDFMT.DLL
[2013.01.03 22:37:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2013.01.03 22:32:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\WinPatrol
[2013.01.03 22:32:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
[2013.01.03 22:32:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BillP Studios
[2013.01.03 22:18:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Secunia PSI
[2013.01.03 22:17:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2013.01.03 22:01:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013.01.03 22:01:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013.01.03 21:47:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.01.03 21:47:42 | 000,859,552 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\npDeployJava1.dll
[2013.01.03 18:33:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2013.01.03 18:33:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.03 18:33:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.03 18:33:03 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013.01.03 18:33:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.01.03 18:31:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Programs
[2013.01.02 20:01:23 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2013.01.02 19:52:56 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2012.12.30 22:35:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Macromedia
[2012.12.30 20:40:48 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.12.30 20:40:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.12.30 20:40:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.12.30 19:51:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.12.30 19:51:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.12.30 19:51:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012.12.30 19:50:37 | 000,959,976 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\deployJava1.dll
[2012.12.30 19:50:35 | 001,081,320 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\npDeployJava1.dll
[2012.12.30 19:05:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Mozilla
[2012.12.30 19:05:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Mozilla
[2012.12.30 19:05:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.12.30 19:05:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.12.29 21:52:43 | 000,000,000 | ---D | C] -- C:\windows\de
[2012.12.29 21:52:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2012.12.29 21:52:10 | 000,000,000 | ---D | C] -- C:\windows\PCHEALTH
[2012.12.29 21:51:26 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_7.dll
[2012.12.29 21:51:26 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_7.dll
[2012.12.29 21:51:26 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_5.dll
[2012.12.29 21:51:26 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_5.dll
[2012.12.29 21:51:24 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_43.dll
[2012.12.29 21:51:24 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx11_43.dll
[2012.12.29 21:47:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Windows Live
[2012.12.29 19:43:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Adobe
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.23 19:28:57 | 000,024,400 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.23 19:28:57 | 000,024,400 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.23 19:25:27 | 001,498,506 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013.01.23 19:25:27 | 000,654,166 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013.01.23 19:25:27 | 000,616,008 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013.01.23 19:25:27 | 000,130,006 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013.01.23 19:25:27 | 000,106,388 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013.01.23 19:23:08 | 000,000,828 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2013.01.23 19:21:04 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.01.23 19:20:57 | 2115,870,719 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.23 19:01:01 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.01.22 18:50:27 | 000,574,315 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe
[2013.01.22 13:37:47 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2013.01.22 12:39:19 | 005,025,054 | R--- | M] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe
[2013.01.22 12:08:27 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe
[2013.01.22 12:01:54 | 000,001,046 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.01.22 11:57:49 | 000,000,512 | ---- | M] () -- C:\Users\***\Desktop\MBR.dat
[2013.01.22 11:55:16 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe
[2013.01.22 11:41:53 | 000,261,024 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2013.01.22 11:41:53 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2013.01.22 11:41:53 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2013.01.22 11:41:53 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2013.01.22 11:41:52 | 000,859,552 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\npDeployJava1.dll
[2013.01.22 11:41:52 | 000,780,192 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\deployJava1.dll
[2013.01.22 11:07:16 | 013,462,931 | ---- | M] () -- C:\Users\***\Desktop\mbar-1.01.0.1016.zip
[2013.01.21 21:56:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.01.21 21:56:12 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.01.21 21:55:38 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2013.01.21 20:57:30 | 000,000,833 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.01.18 17:44:39 | 000,001,055 | ---- | M] () -- C:\Users\Public\Desktop\PokerStars.eu.lnk
[2013.01.18 15:45:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2013.01.16 10:30:33 | 000,411,552 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013.01.15 20:03:59 | 000,002,697 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office Word 2007.lnk
[2013.01.15 20:03:54 | 000,002,795 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office Outlook 2007.lnk
[2013.01.15 20:03:45 | 000,002,703 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office Excel 2007.lnk
[2013.01.15 19:25:40 | 000,001,754 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.01.11 23:43:02 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Mp3tag.lnk
[2013.01.11 10:31:56 | 000,001,077 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2013.01.11 10:01:23 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013.01.11 10:01:23 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.01.03 22:53:53 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\TFC.exe
[2013.01.03 22:37:25 | 000,001,050 | ---- | M] () -- C:\Users\***\Desktop\SpywareBlaster.lnk
[2013.01.03 18:33:04 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.30 20:47:31 | 000,002,535 | ---- | M] () -- C:\Users\***\Desktop\Skype.lnk
[2012.12.30 19:50:19 | 001,081,320 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\npDeployJava1.dll
[2012.12.30 19:50:19 | 000,959,976 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\deployJava1.dll
[2012.12.29 20:50:15 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
 
========== Files Created - No Company Name ==========
 
[2013.01.22 18:50:27 | 000,574,315 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe
[2013.01.22 12:41:12 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013.01.22 12:41:12 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013.01.22 12:41:12 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013.01.22 12:41:12 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013.01.22 12:41:12 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013.01.22 11:57:49 | 000,000,512 | ---- | C] () -- C:\Users\***\Desktop\MBR.dat
[2013.01.22 11:07:04 | 013,462,931 | ---- | C] () -- C:\Users\***\Desktop\mbar-1.01.0.1016.zip
[2013.01.21 21:56:12 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.01.21 21:55:38 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2013.01.18 17:44:39 | 000,001,055 | ---- | C] () -- C:\Users\Public\Desktop\PokerStars.eu.lnk
[2013.01.18 16:56:37 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.01.15 20:12:09 | 000,002,172 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk
[2013.01.15 20:03:59 | 000,002,697 | ---- | C] () -- C:\Users\***\Desktop\Microsoft Office Word 2007.lnk
[2013.01.15 20:03:54 | 000,002,795 | ---- | C] () -- C:\Users\***\Desktop\Microsoft Office Outlook 2007.lnk
[2013.01.15 20:03:45 | 000,002,703 | ---- | C] () -- C:\Users\***\Desktop\Microsoft Office Excel 2007.lnk
[2013.01.15 19:25:40 | 000,001,754 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.01.15 19:22:53 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013.01.11 23:43:02 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Mp3tag.lnk
[2013.01.11 13:41:31 | 000,000,833 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.01.11 10:31:56 | 000,001,077 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2013.01.11 10:31:56 | 000,001,040 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2013.01.03 22:37:25 | 000,001,050 | ---- | C] () -- C:\Users\***\Desktop\SpywareBlaster.lnk
[2013.01.03 18:33:04 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.30 20:47:31 | 000,002,535 | ---- | C] () -- C:\Users\***\Desktop\Skype.lnk
[2012.12.30 19:05:34 | 000,001,058 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.12.30 19:05:34 | 000,001,046 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.12.29 21:52:39 | 000,001,276 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2012.12.29 21:52:32 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2012.12.29 20:50:15 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.12.21 20:33:58 | 000,007,605 | ---- | C] () -- C:\Users\***\AppData\Local\resmon.resmoncfg
[2012.06.07 02:13:04 | 000,128,312 | ---- | C] () -- C:\windows\SysWow64\GFNEX.dll
[2012.06.07 01:58:43 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2012.06.07 01:56:23 | 000,204,960 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat
[2012.06.07 01:56:23 | 000,157,152 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat
[2012.06.07 01:56:23 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2012.02.03 06:08:26 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll
[2012.01.20 12:49:58 | 000,059,904 | ---- | C] () -- C:\windows\SysWow64\OpenVideo.dll
[2012.01.20 12:49:48 | 000,054,784 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

3. Extras:

Code:

ATTFilter

OTL Extras logfile created on: 23.01.2013 19:29:10 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,96 Gb Total Physical Memory | 6,13 Gb Available Physical Memory | 77,00% Memory free
15,92 Gb Paging File | 13,90 Gb Available in Paging File | 87,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 913,93 Gb Total Space | 864,40 Gb Free Space | 94,58% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
 
[HKEY_USERS\S-1-5-21-1458013422-641338021-464897306-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{086728F5-ADD9-4BCD-AD10-42C5EC030461}" = lport=445 | protocol=6 | dir=in | app=system | 
"{185A9376-3701-41A0-8ACE-8683AFA315AA}" = lport=139 | protocol=6 | dir=in | app=system | 
"{35C4F671-491A-4B60-B61E-03630118BE4D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4CA19686-130B-4B14-8CCC-B1D1475306AF}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5616EE1D-1BF1-4C9C-B5AD-1CC4A36ECBC8}" = rport=445 | protocol=6 | dir=out | app=system | 
"{5672D0CC-A89A-40B5-B35F-98238E3E9BF7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{82F4537B-F4C3-4201-86A0-973D12EC6713}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{89C062F2-F386-4E38-92C5-926859ABDF8D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{982D84CC-C5F3-490E-AFB5-E9B6DBA7B4B0}" = lport=138 | protocol=17 | dir=in | app=system | 
"{9BC8959E-271E-41D7-9D61-9AA65FB8B29E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{9BE54A73-C520-4619-B70E-3A7B3738E750}" = lport=137 | protocol=17 | dir=in | app=system | 
"{A0CF979A-1937-4231-81CF-41A4D19D647D}" = rport=139 | protocol=6 | dir=out | app=system | 
"{CD82CFD6-ED62-4D1B-9042-F80E0FBC0EF0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F2719E6B-A688-4FC3-9756-84959FBEAE1B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{FD96F7AD-0E41-47F5-913B-9B827951861A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03F1BC3F-A03E-4842-BD98-1D5218F0EF20}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{083C5813-5E83-4014-ACBD-1ABEFCE92A10}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{09027CD5-1026-4C46-B668-6E60552B2307}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{2796D9AC-2F13-4C04-AC7C-C69343D517F3}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{4E5A398B-3D01-47EC-B580-6CBB2E3C3E0F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5F783AFE-BAAD-41BE-A563-1E260EA7F753}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{6F93BFDB-30B9-4367-BD78-275B78BD8890}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{79FBC2F9-9BF0-4BFD-A356-057313988AE9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7FFBDC1B-254D-4C16-8E41-D6C28B3A0E59}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{889948F5-FF5E-4C6D-B1BF-927BDCB41DA0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{9AF02E70-3E26-432A-9815-FEE87AAD95DA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{A02E32D8-05A9-423D-90DB-2082DB52011C}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{B33307FD-FD1A-4593-85DF-250AE9D6D5AF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B9E1393B-FD66-410F-AB5E-900EAE440AB0}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{BD4A7058-B20C-4524-B1B0-8A9D90D200FD}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{C013A3B0-ABC0-440C-958D-D8303624127C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C80D09EB-8D27-44E6-AE89-C28BC9E80C18}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C981C7A2-96FC-4B90-B53C-97FD05F31313}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{CBB9300C-B218-4072-9464-F3249A9D8792}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{DCD32CCC-AE79-43B8-8AF4-8FE38077BE87}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DF2CC932-F1EC-4A65-A647-34D012BA0698}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{F0BBBA62-07EE-47AF-BC33-44E429FC73D9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{F1766A19-209D-406E-BA1D-1EC2A7991B02}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{FDBF15F9-844E-40B6-A665-4F61EA40FCCA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"TCP Query User{26DD2C82-C8DE-4F48-8B6C-17D9268FFC77}C:\users\***\appdata\roaming\evmya\gouqr.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\evmya\gouqr.exe | 
"UDP Query User{3E0439F9-E4B9-4A19-ACF3-B4288EAAE1A0}C:\users\***\appdata\roaming\evmya\gouqr.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\evmya\gouqr.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{2C486987-D447-4E36-8D61-86E48E24199C}" = TOSHIBA eco Utility
"{3007FF9F-5B2C-41FF-8BFC-08BF25DB2681}" = Premium Sound HD
"{4BC12C41-9B5B-AEF9-0A63-EE2AA19FBFB8}" = ccc-utility64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{65486209-5C54-439C-8383-8AC9BBE25932}" = Atheros Bluetooth Filter Driver Package
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A62F9CD0-B2E0-4F2A-88F2-79254A3C8539}" = WinPatrol
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D600D357-5CB9-4DE9-8FD4-14E208BD1970}" = Nero Backup Drivers
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F856881A-D370-B1A7-2AFF-128F4AA93558}" = AMD Catalyst Install Manager
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{011E92F1-AF76-4983-8707-79F8F1956439}" = Nero Prerequisite Installer 1.0
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0AB6726B-2C04-75E6-D30A-AA8C0E26E46A}" = CCC Help Japanese
"{119826A8-4EF6-4BE5-A88B-D2D81FA7CEE2}" = TOSHIBA Supervisor Password
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{1B341C66-33EB-BAF0-6138-38AD1A502527}" = Catalyst Control Center
"{1D74451F-B220-E2E4-7FCD-520AA66F1A85}" = CCC Help Russian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FAB6902-546D-9060-D0C8-4B502160AA06}" = CCC Help English
"{216DF734-6004-42C7-AFC9-A81DFD344BA8}" = Nero BurnRights 11
"{2290A680-4083-410A-ADCC-7092C67FC052}" = TOSHIBA Online Product Information
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217011FF}" = Java 7 Update 11
"{2C14B193-A623-7DAA-9660-BB1EBF870D6B}" = Catalyst Control Center InstallProxy
"{2CC1453B-3385-F6FF-735F-F3BA36758715}" = CCC Help Swedish
"{2FD5D2C5-A7A1-4065-89BA-90542BF7CCD3}" = TOSHIBA Hardware Setup
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3253D3E5-C08E-E22B-BA99-DE88F520CBB3}" = CCC Help Korean
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3D516940-6675-41C1-E3DA-E3D358A7C207}" = CCC Help Italian
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{461F6F0D-7173-4902-9604-AB1A29108AF2}" = TOSHIBA Places Icon Utility
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4D2122D0-66F7-4A53-96FC-079C900B1CAF}" = Nero BurnRights 11 Help (CHM)
"{52B05867-9440-98ED-617B-6C05ACD1E457}" = Catalyst Control Center Graphics Previews Common
"{571F7B9B-96B8-E1B8-E198-0458BF5F80C4}" = CCC Help Hungarian
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
"{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7540EB6A-FE9B-4EE2-37D9-A88DC87AA9E6}" = CCC Help Turkish
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B69C60A-A148-4572-978C-729029390651}" = Catalyst Control Center - Branding
"{7D263751-40FB-D719-9F42-B62B67553D6F}" = CCC Help Chinese Traditional
"{82EE309C-B63C-1AAA-79AB-8A5E5986B687}" = CCC Help Norwegian
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{931991F4-99D4-95A6-1235-EAA599884AC6}" = CCC Help Danish
"{95140000-0081-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{990B884F-569C-5078-DD76-8BE91A569291}" = CCC Help Chinese Standard
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E77F8EF-588E-D11B-697F-5514B97779DF}" = CCC Help Greek
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent
"{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
"{AB34574F-AC24-AAB7-066E-680256DD91E9}" = Catalyst Control Center Localization All
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{B740C369-EA8D-2FDB-4265-CB70DD08095D}" = CCC Help Spanish
"{B9818C90-560C-8DC7-E254-38323B9A41EA}" = CCC Help Polish
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BD37CF23-3458-BFD1-7583-F8FFC37561F2}" = CCC Help Czech
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{BF34B28A-4D50-439A-6B6B-13EA41235E43}" = CCC Help German
"{C2471823-76DB-B529-F037-8D02CAC5DE5E}" = CCC Help Dutch
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}" = welcome
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{DAE76FE1-BD65-3251-1B6F-6B519A661A1F}" = CCC Help Finnish
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E7809829-3AC8-FBFA-2001-0D9BEBE51386}" = CCC Help Portuguese
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F082CB11-4794-4259-99A1-D91BA762AD15}" = TOSHIBA TEMPRO
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F79997CC-F030-93C6-7882-92DC241D7C07}" = CCC Help Thai
"{F8635CF8-B797-4EFD-80BC-DE2D26C65D4F}" = Nero 11 Essentials
"{FE3E16F2-D838-7B5F-A31E-2D55757D18E7}" = CCC Help French
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"ENTERPRISE" = Microsoft Office Enterprise 2007
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.54
"PokerStars.eu" = PokerStars.eu
"Secunia PSI" = Secunia PSI (3.0.0.6001)
"SpywareBlaster_is1" = SpywareBlaster 4.6
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"WinLiveSuite" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 21.01.2013 16:01:00 | Computer Name = *** | Source = Windows Search Service | ID = 3058
Description = 
 
Error - 21.01.2013 16:01:00 | Computer Name = *** | Source = Windows Search Service | ID = 7010
Description = 
 
Error - 21.01.2013 16:01:41 | Computer Name = *** | Source = Windows Search Service | ID = 1019
Description = 
 
Error - 21.01.2013 16:43:45 | Computer Name = *** | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.01.2013 04:03:09 | Computer Name = *** | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.01.2013 06:59:23 | Computer Name = *** | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.01.2013 13:41:38 | Computer Name = *** | Source = WinMgmt | ID = 10
Description = 
 
Error - 23.01.2013 04:53:00 | Computer Name = *** | Source = WinMgmt | ID = 10
Description = 
 
Error - 23.01.2013 13:55:21 | Computer Name = *** | Source = WinMgmt | ID = 10
Description = 
 
Error - 23.01.2013 14:21:27 | Computer Name = *** | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 22.01.2013 07:44:19 | Computer Name = *** | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 22.01.2013 07:44:36 | Computer Name = *** | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 22.01.2013 08:36:38 | Computer Name = *** | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 22.01.2013 08:37:36 | Computer Name = *** | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 22.01.2013 08:37:36 | Computer Name = *** | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 22.01.2013 08:37:49 | Computer Name = *** | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 22.01.2013 13:41:27 | Computer Name = *** | Source = Microsoft-Windows-TaskScheduler | ID = 413
Description = Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen
 werden. Zusätzliche Daten: Fehlerwert: 2147549183.
 
Error - 23.01.2013 04:52:38 | Computer Name = *** | Source = Microsoft-Windows-TaskScheduler | ID = 413
Description = Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen
 werden. Zusätzliche Daten: Fehlerwert: 2147549183.
 
Error - 23.01.2013 13:55:13 | Computer Name = *** | Source = Microsoft-Windows-TaskScheduler | ID = 413
Description = Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen
 werden. Zusätzliche Daten: Fehlerwert: 2147549183.
 
Error - 23.01.2013 14:21:11 | Computer Name = *** | Source = Microsoft-Windows-TaskScheduler | ID = 413
Description = Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen
 werden. Zusätzliche Daten: Fehlerwert: 2147549183.
 
 
< End of report >

cosinus · 23.01.2013, 21:04

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

partychick · 23.01.2013, 23:32

1. Malwarebytes:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.23.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: *** [Administrator]

23.01.2013 22:17:22
mbam-log-2013-01-23 (22-17-22).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 215032
Laufzeit: 1 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

2. ESET:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6889
# api_version=3.0.2
# EOSSerial=2f7a3ff11ea83d44b81ee3f9d33ca44e
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-01-23 10:09:18
# local_time=2013-01-23 11:09:18 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 15257 224402248 43845 0
# compatibility_mode=5893 16776574 100 94 2423172 110608808 0 0
# scanned=109857
# found=1
# cleaned=0
# scan_time=2714
C:\Qoobox\Quarantine\C\Users\***\AppData\Roaming\Evmya\gouqr.exe.vir	Win32/Spy.Zbot.AAO trojan	54BDDED1B759CAF614349EE9DFFF3B6C4E543882	I