|
Log-Analyse und Auswertung: Trojaner TR/Crypt.XPACK.Gen3 auf Laptop, wie entfernen?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
04.06.2013, 14:54 | #46 |
| Trojaner TR/Crypt.XPACK.Gen3 auf Laptop, wie entfernen? Ne, da sind sie nicht. |
04.06.2013, 17:05 | #47 |
/// the machine /// TB-Ausbilder | Trojaner TR/Crypt.XPACK.Gen3 auf Laptop, wie entfernen? Dann bitte ebenfalls bei den Einstellungen den Haken raus machen bei geschützte Systemdateien ausblenden.
__________________
__________________ |
04.06.2013, 21:03 | #48 |
| Trojaner TR/Crypt.XPACK.Gen3 auf Laptop, wie entfernen? Ok, habe ich gemacht.
__________________ |
05.06.2013, 08:06 | #49 |
/// the machine /// TB-Ausbilder | Trojaner TR/Crypt.XPACK.Gen3 auf Laptop, wie entfernen? Siehst den Ordner immer noch nicht? Poste mal bitte ein frisches OTL log.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
05.06.2013, 11:26 | #50 |
| Trojaner TR/Crypt.XPACK.Gen3 auf Laptop, wie entfernen? OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 05.06.2013 11:34:25 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\andrea\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,71 Gb Available Physical Memory | 35,31% Memory free 4,23 Gb Paging File | 2,42 Gb Available in Paging File | 57,17% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 93,16 Gb Total Space | 20,95 Gb Free Space | 22,49% Space Free | Partition Type: NTFS Drive E: | 91,69 Gb Total Space | 71,56 Gb Free Space | 78,04% Space Free | Partition Type: NTFS Computer Name: ANDREA-PC | User Name: andrea | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01717484-0127-4F96-8AD1-638D6613C11A}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{337C9546-73C1-4BD7-99A3-23FF82744528}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{4916DF3F-7178-4498-B28A-568306926FEE}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{5BD7BFC6-9898-4B10-BB62-DB0DF126CF9E}" = rport=2869 | protocol=6 | dir=out | app=system | "{724F783C-DEC9-4CBA-9314-C4670EF09DC9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{83C986F2-A746-4E51-A872-BDD79C54FDCD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{CA55E537-E2A8-4A83-975F-713AFBFCC8AB}" = lport=2869 | protocol=6 | dir=in | app=system | "{D0AD5344-87B6-402B-BC0F-147F9F31993D}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{05884BDD-2B61-4090-AAA5-7D8E2653AC45}" = protocol=17 | dir=in | app=c:\users\andrea\appdata\roaming\dropbox\bin\dropbox.exe | "{0A49CCCD-73B6-4A46-B0F2-9F9F04C47E67}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{13D5DE26-59D7-4C5B-B442-B76B58E96FDE}" = protocol=6 | dir=in | app=c:\users\andrea\appdata\roaming\dropbox\bin\dropbox.exe | "{1BCCDF91-72F0-4323-9FA2-A03720357883}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{281C9233-AF89-4EE6-BBEA-FF700E3C1463}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{61F69608-2326-411F-8C2E-FA6F3C0CABD2}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | "{62741E99-8BD6-404E-98E3-0FAD4B34F90E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{628C26BA-5D2C-42FB-B16F-A2E1E9CE5FC4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{62D52B6B-3F27-4BB5-9A09-C467EEBADD81}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{6FDEE10A-82D0-499B-BC97-3AA742C6C779}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{749684EC-E8BF-4C16-856E-6A0BB8BCEA65}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{B44407BA-520B-4FB7-A4F1-BD6327CD09CB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{CB9CA6EB-327E-4CA0-B5C3-E075630219FA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{DAD1035B-CF68-4914-AC2A-64FD284C4F9E}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | "{EB596009-015D-45CC-9483-00360A60D788}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{EBDC2DC8-C21A-4E96-9A3E-F7BC4A3A0A04}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{EFFC068A-1592-4D74-9F19-07F3C4A4CF84}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "TCP Query User{4AE9870C-B87D-4918-ACEB-020710339EE7}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe | "TCP Query User{6DCD2F6D-CDF4-4A7C-B0F0-BB06667C1DE3}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe | "TCP Query User{E15BB963-4F38-45C6-A7D9-A0136C455849}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | "UDP Query User{050D9B10-30D0-4905-ABCB-5069B985B8D5}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe | "UDP Query User{615AA72A-7E5B-4CD5-95D4-33A69DF80077}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | "UDP Query User{B8E90FD3-4EA4-4462-B399-C46463F661AB}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00004EE8-1E8B-BB10-6588-07DF0D120F6B}" = CCC Help Korean "{02E107FC-1861-FC4A-E80F-07DA9DC5808C}" = Catalyst Control Center Graphics Previews Vista "{03C55715-3545-2DF8-8C64-2BB877955150}" = Catalyst Control Center Localization Chinese Traditional "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0755396F-D048-8CDD-6AC3-C7C83A6869B5}" = CCC Help Czech "{08B7B1F9-A8EB-7632-FFC3-04AB5328143B}" = CCC Help Chinese Standard "{09F52B2B-8B36-130C-5EBD-6E5FFC5FA0B7}" = CCC Help English "{0E1C53DA-DF86-845A-7BEB-14C4A8E0B150}" = Catalyst Control Center Localization Korean "{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist "{15B924BC-AEB2-7E31-F414-1FC7B385846A}" = CCC Help Greek "{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserProtect "{20CFE038-F4CE-0716-DCA0-04BBD67FE5EA}" = CCC Help Turkish "{2126F5BB-AB90-083F-7AA8-A29D73819DAA}" = CCC Help French "{22543949-70E8-45D0-A938-F38143EB8BF8}" = Catalyst Control Center - Branding "{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information "{26A24AE4-039D-4CA4-87B4-2F83216045FF}" = Java(TM) 6 Update 45 "{26E6EA50-532C-8CF3-5EB4-8C8D306EAB58}" = Catalyst Control Center Localization Polish "{27CD3616-D3B0-834C-89A3-4FC5CEE7374D}" = Catalyst Control Center Graphics Full Existing "{28912B61-0265-3C33-7EC7-14345AC76E3D}" = CCC Help Hungarian "{2D06C1FE-8454-5663-D0E9-1C130FD96446}" = Catalyst Control Center Localization Norwegian "{30F9E15A-EE25-6D32-62CE-2E6BEAED3766}" = CCC Help Italian "{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6 "{342A19C7-3335-C02F-F1DD-3A0B49C3D047}" = Catalyst Control Center Localization Greek "{34EF4F67-A3CE-DAB6-FA06-7C4C59A0D462}" = Catalyst Control Center Localization Swedish "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3CE22BE4-E2D3-F0E8-1C52-1B5A5F97B876}" = Catalyst Control Center Localization Turkish "{400F4990-B111-109A-6B08-E80CB42651AA}" = Catalyst Control Center Localization Danish "{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager "{44479884-EB6D-38DA-1D3E-835625E40F7E}" = Catalyst Control Center Graphics Previews Common "{452473D3-1D26-4E61-8060-3B216620D60C}_is1" = Fahren Lernen Offline 1.2 "{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth "{480CA9F1-17E2-0B15-9684-511C0A083F92}" = Catalyst Control Center Localization Thai "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4F31172C-2692-BB28-8F5B-86474CEC5D33}" = Catalyst Control Center Localization Chinese Standard "{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password "{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup "{54AAFB71-6DCB-32EB-8F91-DA7643497ED4}" = Catalyst Control Center Localization Spanish "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008 "{5D1CB0EC-0CA2-B4FD-2A10-2503A3CF7E46}" = Catalyst Control Center Localization Italian "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator "{5EFE618D-0100-6DE7-9894-5FD057103871}" = Catalyst Control Center Core Implementation "{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility "{63D10FBD-5667-DAD9-0B31-CED873B3F7EF}" = Catalyst Control Center Graphics Light "{65D70656-D248-4C83-B594-E3029C43B37A}" = phase6_19 "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER "{6D9B9CF3-1E9C-45B6-B41E-5CF568605556}" = SPSS 15.0 für Windows [Auswertung Version] "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7936153F-8D09-BC11-6DC4-1D4DEAB9D680}" = CCC Help Thai "{816B8A02-76F0-AE47-E28F-0AD114CC261E}" = CCC Help Polish "{82AB4F83-BBBA-8F04-EE34-11F74E39A4B6}" = Catalyst Control Center Localization German "{86158699-F584-0DC9-119D-C5A6591090FB}" = CCC Help Chinese Traditional "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager "{920E3F1A-0B73-807D-EE0E-E6D89D4E5DDE}" = Catalyst Control Center Localization Dutch "{985AF15E-776F-3CDD-EB92-2DAFF02697FB}" = Skins "{98CE747E-4948-10B0-BBF0-5981A11114D1}" = Catalyst Control Center Localization Hungarian "{99F54171-AE4A-579B-1544-5870478FC8F7}" = Catalyst Control Center Graphics Full New "{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer "{A1BAD23B-748C-50FD-CCA9-956C3F54D138}" = CCC Help German "{A6D4234C-CB02-4048-AC3E-AD09404FA35A}" = Emdedded IR Driver "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{ABD82299-8034-4B44-4FDB-3F8971C20575}" = CCC Help Finnish "{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch "{ACE07E37-A416-9A6B-D352-C776FFA49493}" = CCC Help Spanish "{B2AEC44B-F926-773D-D028-77CADEF8D9D3}" = CCC Help Norwegian "{B537ACDB-7C56-83B6-034C-A5AF6400F789}" = CCC Help Swedish "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser "{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime "{B8AB4511-EECC-9299-45B3-F25F4774F6F2}" = CCC Help Russian "{BD75C1A0-F0ED-B54A-B49C-3244B47BA803}" = ccc-utility "{C6317675-96CC-D2AE-40F2-698F3DED64B4}" = CCC Help Portuguese "{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser "{C7FAEA9E-A14C-D8C9-EEE9-8D43F9E09565}" = Catalyst Control Center Localization Czech "{CC35C434-FFC8-BDD8-44F0-ED0972484C56}" = CCC Help Dutch "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba "{CF097717-F174-4144-954A-FBC4BF301031}" = Nero 7 Premium "{D646CA8B-5227-1598-5E9C-132B2D89A38D}" = Catalyst Control Center Localization Japanese "{D8E302CB-8517-3E9B-C6C9-E90A21C6EFC5}" = CCC Help Danish "{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI "{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation) "{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}" = MobileMe Control Panel "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe "{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities "{F0BB634D-B374-A329-EE5D-22C279F92A7F}" = ccc-core-static "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1C1426C-6670-4068-6398-EB490D45979F}" = Catalyst Control Center Localization Portuguese "{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F8B5B814-A3BF-F83F-09ED-AED9EE88211A}" = Catalyst Control Center Localization French "{F927176F-F8F0-FACF-A57E-4F95714B6F00}" = Catalyst Control Center Localization Russian "{FA7BB878-FC13-7548-13D3-18A53381014D}" = CCC Help Japanese "{FB56EE4D-7CBC-6FDC-E336-52BD269E4CF6}" = Catalyst Control Center Localization Finnish "{FE7AD27A-62B1-44F6-B69C-25D1ECA94F5D}" = USB2.0 UVC WebCam "{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package "7-Zip" = 7-Zip 9.20 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus "AntiVir PersonalEdition Premium" = Avira AntiVir PersonalEdition Premium "AVI Media Player_is1" = AVI Media Player 1.0.1 "bi_uninstaller" = Bundled software uninstaller "delta" = Delta toolbar "Delta Chrome Toolbar" = Delta Chrome Toolbar "DVD Shrink_is1" = DVD Shrink 3.2 "ENTERPRISE" = Microsoft Office Enterprise 2007 "FilesFrog Update Checker" = FilesFrog Update Checker "Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D) "Free YouTube Download_is1" = Free YouTube Download version 3.0.14.908 "Google Chrome" = Google Chrome "Google Updater" = Google Updater "InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort "InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup "InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility "InstallShield_{A6D4234C-CB02-4048-AC3E-AD09404FA35A}" = Emdedded IR Driver "InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers. "InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package "LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation) "MAGIX Digital Foto Maker SE D" = MAGIX Digital Foto Maker SE 4.1.0.835 (D) "MAGIX Foto Suite D" = MAGIX Foto Suite 1.12.0.89 (D) "MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "PDF-XChange 3_is1" = PDF-XChange 3 "Secunia PSI" = Secunia PSI (3.0.0.7009) "SynTPDeinstKey" = Synaptics Pointing Device Driver "TOSHIBA Software Modem" = TOSHIBA Software Modem "Uninstall_is1" = Uninstall 1.0.0.1 "Unlocker" = Unlocker 1.9.1 "VLC media player" = VLC media player 2.0.6 "Windows Media Encoder 9" = Windows Media Encoder 9-Reihe "WinRAR archiver" = WinRAR ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 01.06.2013 04:02:46 | Computer Name = andrea-PC | Source = Windows Search Service | ID = 3006 Description = Error - 01.06.2013 04:02:47 | Computer Name = andrea-PC | Source = Windows Search Service | ID = 3007 Description = Error - 03.06.2013 10:59:15 | Computer Name = andrea-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 03.06.2013 10:59:16 | Computer Name = andrea-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 1920091 Error - 03.06.2013 10:59:16 | Computer Name = andrea-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 1920091 Error - 03.06.2013 14:53:47 | Computer Name = andrea-PC | Source = EventSystem | ID = 4621 Description = Error - 04.06.2013 03:59:26 | Computer Name = andrea-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 04.06.2013 03:59:26 | Computer Name = andrea-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 6239369 Error - 04.06.2013 03:59:26 | Computer Name = andrea-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 6239369 Error - 04.06.2013 16:22:49 | Computer Name = andrea-PC | Source = EventSystem | ID = 4621 Description = [ OSession Events ] Error - 02.06.2009 11:28:03 | Computer Name = andrea-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 396 seconds with 360 seconds of active time. This session ended with a crash. Error - 05.07.2010 15:08:42 | Computer Name = andrea-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 33 seconds with 0 seconds of active time. This session ended with a crash. Error - 07.09.2011 06:27:25 | Computer Name = andrea-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1741 seconds with 1260 seconds of active time. This session ended with a crash. [ System Events ] Error - 05.06.2013 05:23:30 | Computer Name = andrea-PC | Source = atikmdag | ID = 43034 Description = Unknown EDID version Error - 05.06.2013 05:23:30 | Computer Name = andrea-PC | Source = atikmdag | ID = 43034 Description = Unknown EDID version Error - 05.06.2013 05:23:42 | Computer Name = andrea-PC | Source = HTTP | ID = 15016 Description = Error - 05.06.2013 05:24:10 | Computer Name = andrea-PC | Source = ipnathlp | ID = 34001 Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren. Error - 05.06.2013 05:24:10 | Computer Name = andrea-PC | Source = ipnathlp | ID = 30013 Description = Die DHCP-Zuweisung wurde für IP-Adresse 192.168.2.114 deaktiviert, da die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt, von der die Adressen DHCP-Clients zu gewiesen werden. Ändern Sie den Bereich, sodass die IP-Adresse mit einbezogen wird, oder ändern Sie die IP-Adresse, sodass sie innerhalb dieses Bereichs liegt, um die DHCP-Zuweisung zu aktivieren. Error - 05.06.2013 05:25:09 | Computer Name = andrea-PC | Source = Service Control Manager | ID = 7000 Description = Error - 05.06.2013 05:25:09 | Computer Name = andrea-PC | Source = Service Control Manager | ID = 7000 Description = Error - 05.06.2013 05:25:09 | Computer Name = andrea-PC | Source = Service Control Manager | ID = 7000 Description = Error - 05.06.2013 05:25:09 | Computer Name = andrea-PC | Source = Service Control Manager | ID = 7001 Description = Error - 05.06.2013 05:25:09 | Computer Name = andrea-PC | Source = Service Control Manager | ID = 7026 Description = < End of report > OTL Logfile: Code:
ATTFilter OTL logfile created on: 05.06.2013 11:34:25 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\andrea\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,71 Gb Available Physical Memory | 35,31% Memory free 4,23 Gb Paging File | 2,42 Gb Available in Paging File | 57,17% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 93,16 Gb Total Space | 20,95 Gb Free Space | 22,49% Space Free | Partition Type: NTFS Drive E: | 91,69 Gb Total Space | 71,56 Gb Free Space | 78,04% Space Free | Partition Type: NTFS Computer Name: ANDREA-PC | User Name: andrea | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.05 11:33:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\andrea\Desktop\OTL.exe PRC - [2013.06.03 11:57:49 | 003,085,264 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe PRC - [2013.05.25 02:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\andrea\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013.05.07 01:08:11 | 006,579,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SoftwareDistribution\Download\Install\Windows-KB890830-V4.20-delta.exe PRC - [2013.05.03 15:57:16 | 000,093,832 | ---- | M] (Microsoft Corporation) -- e:\8f90c75808879df0eec43b1c8cac528a\mrtstub.exe PRC - [2013.04.18 15:56:22 | 001,227,800 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psia.exe PRC - [2013.04.18 15:56:14 | 000,659,992 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\sua.exe PRC - [2013.04.18 15:56:10 | 000,563,224 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psi_tray.exe PRC - [2013.01.31 16:10:00 | 000,201,808 | ---- | M] (Somoto) -- C:\Programme\FilesFrog Update Checker\update_checker.exe PRC - [2009.02.26 18:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.10.24 18:42:29 | 000,068,865 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe PRC - [2008.10.24 18:42:25 | 000,151,297 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe PRC - [2008.05.15 21:24:20 | 000,929,792 | ---- | M] (Silicon Motion) -- C:\Programme\Silicon Motion\USB2.0 UVC WebCam\STIMON.exe PRC - [2008.01.29 17:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe PRC - [2008.01.19 09:33:30 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2007.09.26 11:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe PRC - [2007.06.13 07:11:00 | 004,489,216 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.06.07 13:30:40 | 000,192,512 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynToshiba.exe PRC - [2007.05.23 15:57:12 | 000,509,496 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\SmoothView\SmoothView.exe PRC - [2007.05.22 16:32:00 | 000,538,744 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe PRC - [2007.05.17 21:12:30 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe PRC - [2007.04.16 07:04:49 | 000,077,824 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Java\jre1.6.0\bin\jusched.exe PRC - [2007.03.29 10:39:00 | 000,427,576 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe PRC - [2007.03.29 10:39:00 | 000,411,192 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe PRC - [2007.02.12 14:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.02.12 14:37:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2006.11.14 22:02:36 | 001,372,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe PRC - [2006.11.14 21:19:42 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSwMgr.exe PRC - [2006.11.14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe PRC - [2006.11.06 17:14:44 | 000,034,352 | ---- | M] () -- C:\Programme\TOSHIBA\Utilities\KeNotify.exe PRC - [2006.10.05 13:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe PRC - [2006.05.25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe ========== Modules (No Company Name) ========== MOD - [2013.06.03 11:57:49 | 003,085,264 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe MOD - [2013.06.03 11:57:01 | 002,521,552 | ---- | M] () -- c:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll MOD - [2013.03.13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\andrea\AppData\Roaming\Dropbox\bin\libcef.dll MOD - [2012.11.14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\andrea\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll MOD - [2011.09.07 13:05:03 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll MOD - [2011.09.07 13:04:52 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll MOD - [2011.09.07 13:04:37 | 000,519,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\TCrdMain\d0df9e2668ffa3fbd9b3298e4bf9d690\TCrdMain.ni.exe MOD - [2011.09.07 12:36:58 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll MOD - [2011.09.07 12:36:30 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll MOD - [2011.09.07 12:36:16 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll MOD - [2011.09.07 12:35:47 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6bebfe5b7776c84cb38efdb2a7c9d447\PresentationFramework.Aero.ni.dll MOD - [2011.09.07 12:35:44 | 014,327,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\415ef2ec8cbd9f3368da6ade10beae26\PresentationFramework.ni.dll MOD - [2011.09.07 12:35:09 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\c1498ba4652483d5adddd4c5d3927170\PresentationCore.ni.dll MOD - [2011.09.07 12:34:50 | 003,313,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\29d729043903b7b4b2ea695db220d866\WindowsBase.ni.dll MOD - [2011.09.07 12:34:42 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll MOD - [2011.09.07 12:34:14 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll MOD - [2008.11.25 01:34:49 | 001,736,528 | ---- | M] () -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\wpfgfx_v0300.dll MOD - [2008.07.27 20:03:15 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll MOD - [2008.07.27 20:03:08 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2008.07.27 20:03:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2008.07.27 20:03:08 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2008.01.04 11:12:10 | 001,675,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2728.28937__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2008.01.04 11:12:10 | 000,360,448 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2728.29164__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll MOD - [2008.01.04 11:12:10 | 000,233,472 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2728.28895__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2008.01.04 11:12:10 | 000,184,320 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2728.28951__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2008.01.04 11:12:10 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2728.29157__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2008.01.04 11:12:10 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2728.28930__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2008.01.04 11:12:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Runtime\2.0.2728.28950__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Runtime.dll MOD - [2008.01.04 11:12:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2728.29051__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2008.01.04 11:12:10 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2728.28915__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2008.01.04 11:12:09 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2728.29192__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2008.01.04 11:12:09 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2728.29115__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2008.01.04 11:11:44 | 000,331,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2728.29124__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2008.01.04 11:11:44 | 000,139,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.2728.29185__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll MOD - [2008.01.04 11:11:44 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2728.29198__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2008.01.04 11:11:44 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2728.29131__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2008.01.04 11:11:44 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2728.28909__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2008.01.04 11:11:44 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2728.29123__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2008.01.04 11:11:44 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2728.29184__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll MOD - [2008.01.04 11:11:43 | 000,917,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.2728.29159__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll MOD - [2008.01.04 11:11:43 | 000,667,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2728.29061__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2008.01.04 11:11:43 | 000,585,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2728.28964__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2008.01.04 11:11:43 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2728.29052__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2008.01.04 11:11:43 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2728.28916__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll MOD - [2008.01.04 11:11:43 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2728.29145__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2008.01.04 11:11:43 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2728.29102__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll MOD - [2008.01.04 11:11:43 | 000,323,584 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.2728.29044__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2008.01.04 11:11:43 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2728.28971__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll MOD - [2008.01.04 11:11:43 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2728.28957__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2008.01.04 11:11:43 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2728.29082__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2008.01.04 11:11:43 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2728.29051__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2008.01.04 11:11:43 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2728.29059__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2008.01.04 11:11:43 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2728.28970__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2008.01.04 11:11:43 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2728.29059__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2008.01.04 11:11:43 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2728.29081__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2008.01.04 11:11:43 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2728.29102__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2008.01.04 11:11:42 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2665.42152__90ba9c70f846762e\CLI.Foundation.dll MOD - [2008.01.04 11:11:42 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2665.42162__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2008.01.04 11:11:42 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2008.01.04 11:11:42 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2665.42149__90ba9c70f846762e\LOG.Foundation.dll MOD - [2008.01.04 11:11:42 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2665.42240__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2008.01.04 11:11:42 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2665.42151__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2008.01.04 11:11:42 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2665.42178__90ba9c70f846762e\DEM.OS.I0602.dll MOD - [2008.01.04 11:11:42 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2665.42166__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2008.01.04 11:11:42 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2665.42161__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2008.01.04 11:11:42 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2665.42156__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2008.01.04 11:11:42 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2665.42157__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2008.01.04 11:11:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2665.42168__90ba9c70f846762e\MOM.Foundation.dll MOD - [2008.01.04 11:11:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2665.42177__90ba9c70f846762e\DEM.OS.dll MOD - [2008.01.04 11:11:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2665.42179__90ba9c70f846762e\DEM.Graphics.dll MOD - [2008.01.04 11:11:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2008.01.04 11:11:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2665.42164__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2008.01.04 11:11:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2665.42181__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2008.01.04 11:11:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2665.42180__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2008.01.04 11:11:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2665.42187__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2008.01.04 11:11:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2665.42196__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2008.01.04 11:11:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2665.42166__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2008.01.04 11:11:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2665.42196__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2008.01.04 11:11:42 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2008.01.04 11:11:41 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2665.42187__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2008.01.04 11:11:41 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Shared\2.0.2665.42182__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Shared.dll MOD - [2008.01.04 11:11:41 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2665.42184__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2008.01.04 11:11:41 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2665.42186__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2008.01.04 11:11:41 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2665.42198__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2008.01.04 11:11:41 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2665.42184__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2008.01.04 11:11:41 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2665.42186__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2008.01.04 11:11:41 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2665.42184__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2008.01.04 11:11:41 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2665.42182__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2008.01.04 11:11:41 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2665.42167__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2008.01.04 11:11:41 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2665.42180__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2008.01.04 11:11:41 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2665.42197__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll MOD - [2008.01.04 11:11:41 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2665.42185__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2008.01.04 11:11:41 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2665.42166__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2008.01.04 11:11:41 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2665.42187__90ba9c70f846762e\APM.Foundation.dll MOD - [2008.01.04 11:11:41 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2665.42150__90ba9c70f846762e\AEM.Foundation.dll MOD - [2008.01.04 11:11:41 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll MOD - [2008.01.04 11:11:41 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2665.42181__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2008.01.04 11:11:41 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2665.42160__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2008.01.04 11:11:36 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.2728.29169_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll MOD - [2008.01.04 11:11:35 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2728.29220__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2008.01.04 11:11:35 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2728.28892__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2008.01.04 11:11:34 | 001,503,232 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2728.28903__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2008.01.04 11:11:34 | 000,466,944 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2728.28924__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2008.01.04 11:11:34 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2728.29169__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2008.01.04 11:11:34 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2728.29178__90ba9c70f846762e\MOM.Implementation.dll MOD - [2008.01.04 11:11:34 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2728.28894__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2008.01.04 11:11:34 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2728.29176__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2008.01.04 11:11:34 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2728.28894__90ba9c70f846762e\ATIDEMOS.dll MOD - [2008.01.04 11:11:34 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2728.28893__90ba9c70f846762e\AEM.Server.dll MOD - [2008.01.04 11:11:34 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2665.42165__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2008.01.04 11:11:34 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2665.42160__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2008.01.04 11:11:34 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2665.42158__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2008.01.04 11:11:34 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2728.29177__90ba9c70f846762e\CCC.Implementation.dll MOD - [2008.01.04 11:11:34 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2008.01.04 11:11:34 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2665.42196__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2008.01.04 11:11:34 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2665.42169__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2008.01.04 11:11:34 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2665.42154__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2008.01.04 11:11:34 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2665.42167__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2008.01.04 11:11:34 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2665.42188__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2007.06.21 11:27:32 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll MOD - [2007.05.31 16:38:22 | 000,958,464 | ---- | M] () -- C:\Programme\TOSHIBA\FlashCards\de\TCrdMain.resources.dll MOD - [2007.05.31 11:12:32 | 000,016,384 | R--- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll MOD - [2007.04.23 10:38:08 | 000,009,216 | ---- | M] () -- C:\Programme\TOSHIBA\ConfigFree\NotifyCFF.dll MOD - [2006.12.01 18:55:42 | 000,009,216 | ---- | M] () -- C:\Programme\TOSHIBA\TBS\NotifyTBS.dll MOD - [2006.11.09 18:27:06 | 000,090,112 | ---- | M] () -- C:\Programme\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll MOD - [2006.11.08 19:08:30 | 000,009,216 | ---- | M] () -- C:\Programme\TOSHIBA\PCDiag\NotifyPCD.dll MOD - [2006.11.06 17:14:44 | 000,034,352 | ---- | M] () -- C:\Programme\TOSHIBA\Utilities\KeNotify.exe MOD - [2006.10.10 11:44:16 | 000,009,728 | ---- | M] () -- C:\Programme\TOSHIBA\TOSHIBA Assist\NotifyX.dll MOD - [2006.10.07 12:57:04 | 000,053,248 | ---- | M] () -- C:\Programme\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (LiveUpdate Notice Ex) SRV - File not found [Auto | Stopped] -- C:\Program Files\AntiVir PersonalEdition Premium\avesvc.exe -- (AVEService) SRV - File not found [Auto | Stopped] -- C:\Program Files\AntiVir PersonalEdition Premium\avmailc.exe -- (AntiVirMailService) SRV - [2013.06.03 11:57:49 | 003,085,264 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect) SRV - [2013.05.27 11:48:01 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.17 13:42:41 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.04.18 15:56:22 | 001,227,800 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\psia.exe -- (Secunia PSI Agent) SRV - [2013.04.18 15:56:14 | 000,659,992 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2009.02.26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2008.10.24 18:42:29 | 000,068,865 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler) SRV - [2008.10.24 18:42:25 | 000,151,297 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService) SRV - [2008.01.29 17:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service) SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.15 13:33:07 | 000,306,432 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2007.09.26 11:53:56 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate) SRV - [2007.09.26 11:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler) SRV - [2007.09.04 12:59:02 | 000,029,704 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2007.05.17 21:12:30 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv) SRV - [2007.03.29 10:39:00 | 000,427,576 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV - [2007.02.12 14:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2006.11.14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.10.05 13:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) SRV - [2006.05.25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv) SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\TpChoice.sys -- (TpChoice) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Tosrfcom) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\igdkmd32.sys -- (igfx) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\andrea\AppData\Local\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - File not found [File_System | Boot | Stopped] -- SYSTEM32\drivers\avgntmgr.sys -- (avgntmgr) DRV - File not found [File_System | System | Stopped] -- SYSTEM32\DRIVERS\avgntdd.sys -- (avgntdd) DRV - [2013.04.18 15:55:52 | 000,016,024 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf_x86.sys -- (PSI) DRV - [2009.05.27 16:28:18 | 000,075,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.05.27 16:28:16 | 000,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt) DRV - [2009.05.27 16:28:14 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio) DRV - [2008.04.17 10:20:34 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.01.15 14:00:27 | 000,223,128 | ---- | M] (DT Soft Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dtscsi.sys -- (dtscsi) DRV - [2008.01.15 12:55:40 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2007.06.21 11:36:32 | 002,600,960 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2007.04.30 07:42:14 | 000,081,408 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007.04.27 21:13:58 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32) DRV - [2007.04.26 22:09:38 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) DRV - [2007.03.06 15:01:04 | 000,014,848 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\CplIR.sys -- (CplIR) DRV - [2007.01.24 14:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21) DRV - [2007.01.18 16:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N) DRV - [2007.01.18 16:40:56 | 000,219,392 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I) DRV - [2006.11.28 16:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006.11.02 09:30:52 | 000,467,456 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2006.10.23 16:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec) DRV - [2006.10.18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst) DRV - [2006.10.05 22:22:14 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ) DRV - [2006.07.28 16:25:26 | 000,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\LPCFilter.sys -- (LPCFilter) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = Bing IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = Delta Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Upgrade to Google Chrome IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=119556&tt=300513_ctrl&babsrc=SP_ss_din2g&mntrId=9EA20013E8CB3E29 IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=BLPV5&o=13153&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^S2&apn_dtid=^smt001^YY^DE&apn_uid=d1e5afc4-6f38-46d7-acac-8bfc13328ebe&apn_sauid=F908CFFD-9DF9-45E3-9823-CF14F7706054 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.selectedEngine: "Delta Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_45: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.29 18:40:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.30 08:36:09 | 000,000,000 | ---D | M] [2008.08.28 11:51:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\andrea\AppData\Roaming\mozilla\Extensions [2013.05.31 12:38:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\andrea\AppData\Roaming\mozilla\Firefox\Profiles\4jlhvzgi.default\extensions [2013.05.27 23:37:21 | 000,001,050 | ---- | M] () -- C:\Users\andrea\AppData\Roaming\mozilla\firefox\profiles\4jlhvzgi.default\searchplugins\11-suche.xml [2013.05.30 14:26:06 | 000,002,337 | ---- | M] () -- C:\Users\andrea\AppData\Roaming\mozilla\firefox\profiles\4jlhvzgi.default\searchplugins\askcom.xml [2013.05.31 09:37:31 | 000,006,511 | ---- | M] () -- C:\Users\andrea\AppData\Roaming\mozilla\firefox\profiles\4jlhvzgi.default\searchplugins\babylon.xml [2013.05.31 09:37:55 | 000,001,294 | ---- | M] () -- C:\Users\andrea\AppData\Roaming\mozilla\firefox\profiles\4jlhvzgi.default\searchplugins\delta.xml [2013.05.27 10:53:09 | 000,002,418 | ---- | M] () -- C:\Users\andrea\AppData\Roaming\mozilla\firefox\profiles\4jlhvzgi.default\searchplugins\englische-ergebnisse.xml [2013.05.27 10:53:09 | 000,010,701 | ---- | M] () -- C:\Users\andrea\AppData\Roaming\mozilla\firefox\profiles\4jlhvzgi.default\searchplugins\gmx-suche.xml [2013.05.27 10:53:09 | 000,002,432 | ---- | M] () -- C:\Users\andrea\AppData\Roaming\mozilla\firefox\profiles\4jlhvzgi.default\searchplugins\lastminute.xml [2013.05.27 10:53:09 | 000,005,682 | ---- | M] () -- C:\Users\andrea\AppData\Roaming\mozilla\firefox\profiles\4jlhvzgi.default\searchplugins\webde-suche.xml [2013.05.31 11:10:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.05.29 18:30:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} [2013.05.27 11:48:02 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions [2013.05.27 11:48:02 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ========== Chrome ========== CHR - homepage: CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: CHR - Extension: No name found = C:\Users\andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\6.21.4.1\ O1 HOSTS File: ([2013.05.27 17:00:54 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Programme\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com) O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Programme\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [KeNotify] C:\Programme\TOSHIBA\Utilities\KeNotify.exe () O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA) O4 - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [UnlockerAssistant] "C:\Users\andrea\Desktop\Unlocker\UnlockerAssistant.exe" File not found O4 - HKCU..\Run: [SDP] C:\Program Files\FilesFrog Update Checker\update_checker.exe (Somoto) O4 - Startup: C:\Users\andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\andrea\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPath = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Free YouTube Download - C:\Users\andrea\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\andrea\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - Preispiraten.de - Preisvergleich File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab (Java Plug-in 1.6.0_45) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab (Java Plug-in 1.6.0_45) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab (Java Plug-in 1.6.0_45) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00CCAFB6-0F5C-4CEF-8F4E-1470B893D116}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll () O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - File not found O24 - Desktop WallPaper: C:\Users\andrea\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\andrea\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.06.05 11:33:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\andrea\Desktop\OTL.exe [2013.06.03 17:01:10 | 003,715,248 | ---- | C] (Speedchecker Limited ) -- C:\Users\andrea\Documents\PCSUUpdate.exe [2013.06.03 14:07:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.06.03 14:06:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.05.31 13:11:41 | 000,000,000 | ---D | C] -- C:\Users\andrea\Documents\Bafög Uni Osnabrück [2013.05.31 13:08:55 | 000,000,000 | ---D | C] -- C:\Users\andrea\Documents\Band [2013.05.31 09:37:55 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect [2013.05.31 09:37:44 | 000,000,000 | ---D | C] -- C:\Users\andrea\AppData\Roaming\BabSolution [2013.05.31 09:37:40 | 000,000,000 | ---D | C] -- C:\Program Files\Delta [2013.05.31 09:37:37 | 000,000,000 | ---D | C] -- C:\Users\andrea\AppData\Roaming\Delta [2013.05.31 09:37:09 | 000,000,000 | ---D | C] -- C:\Users\andrea\AppData\Roaming\Babylon [2013.05.31 09:37:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2013.05.30 14:24:41 | 000,000,000 | ---D | C] -- C:\Users\andrea\AppData\Local\APN [2013.05.30 14:24:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask [2013.05.30 14:19:52 | 000,000,000 | ---D | C] -- C:\Users\andrea\AppData\Roaming\WinPatrol [2013.05.30 14:12:52 | 000,000,000 | ---D | C] -- C:\Users\andrea\Desktop\PC Schutz [2013.05.30 14:09:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.05.30 14:09:55 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.05.30 14:09:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.05.30 09:19:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2013.05.30 09:19:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft [2013.05.30 08:35:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2013.05.29 18:39:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2013.05.29 18:38:59 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2013.05.29 18:36:01 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2013.05.29 18:09:29 | 000,000,000 | ---D | C] -- C:\Users\andrea\AppData\Local\WindowsUpdate [2013.05.29 18:07:27 | 000,000,000 | ---D | C] -- C:\Users\andrea\AppData\Local\Secunia PSI [2013.05.29 18:07:17 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia [2013.05.29 16:56:13 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.05.29 16:29:50 | 000,000,000 | ---D | C] -- C:\Users\andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker [2013.05.29 16:29:50 | 000,000,000 | ---D | C] -- C:\Program Files\FilesFrog Update Checker [2013.05.27 17:50:16 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.05.27 16:45:03 | 000,000,000 | R--D | C] -- C:\Users\andrea\Desktop\Pictures [2013.05.27 16:44:27 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.05.27 11:47:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.05.27 10:53:05 | 000,000,000 | ---D | C] -- C:\Users\andrea\Local Settings [2013.05.27 10:53:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2013.05.27 10:53:03 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2013.05.27 10:51:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\jmdp [2013.05.27 10:51:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\ARFC [2013.05.18 10:40:14 | 000,000,000 | ---D | C] -- C:\Users\andrea\AppData\Roaming\Malwarebytes [2013.05.18 10:39:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes ========== Files - Modified Within 30 Days ========== [2013.06.05 11:40:58 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.05 11:33:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\andrea\Desktop\OTL.exe [2013.06.05 11:24:19 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.05 11:24:10 | 000,000,435 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics [2013.06.05 11:23:45 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.05 11:23:45 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.05 11:23:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.05 11:23:30 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys [2013.06.04 22:08:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.04 13:53:16 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{929C5347-AE8B-4470-A617-D957BEE3A63C}.job [2013.06.04 13:32:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2013.06.04 11:55:52 | 000,111,857 | ---- | M] () -- C:\Users\andrea\Desktop\Aufzeichnen.JPG [2013.06.03 17:01:10 | 003,715,248 | ---- | M] (Speedchecker Limited ) -- C:\Users\andrea\Documents\PCSUUpdate.exe [2013.06.03 14:07:53 | 000,055,088 | ---- | M] () -- C:\Users\andrea\Documents\PCSU_Update.exe [2013.06.03 14:06:07 | 002,086,240 | ---- | M] () -- C:\Users\andrea\Desktop\avira-free-antivirus.exe [2013.06.01 15:00:20 | 000,000,957 | ---- | M] () -- C:\Users\andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.05.31 10:36:05 | 000,008,831 | ---- | M] () -- C:\ProgramData\LUUnInstall.LiveUpdate [2013.05.31 10:30:58 | 000,000,862 | ---- | M] () -- C:\Windows\System32\InstallUtil.InstallLog [2013.05.30 10:37:42 | 000,000,904 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013.05.30 10:16:40 | 000,340,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.05.27 18:22:38 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.05.27 18:22:38 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.05.27 18:22:38 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.05.27 18:22:38 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.05.27 17:39:53 | 000,000,130 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013.05.27 17:00:54 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013.05.27 14:49:58 | 268,499,548 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.05.17 19:18:13 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2013.05.16 14:30:02 | 000,028,160 | ---- | M] () -- C:\Windows\System32\ImHttpComm.dll [2013.05.13 17:43:14 | 000,002,637 | ---- | M] () -- C:\Users\andrea\Desktop\Microsoft Office Word 2007.lnk ========== Files Created - No Company Name ========== [2013.06.04 11:55:52 | 000,111,857 | ---- | C] () -- C:\Users\andrea\Desktop\Aufzeichnen.JPG [2013.06.03 14:07:53 | 000,055,088 | ---- | C] () -- C:\Users\andrea\Documents\PCSU_Update.exe [2013.06.03 14:06:07 | 002,086,240 | ---- | C] () -- C:\Users\andrea\Desktop\avira-free-antivirus.exe [2013.05.31 09:39:39 | 000,000,862 | ---- | C] () -- C:\Windows\System32\InstallUtil.InstallLog [2013.05.30 10:37:42 | 000,000,904 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013.05.30 10:37:41 | 000,000,867 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk [2013.05.30 08:36:09 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk [2013.05.27 17:39:41 | 000,000,130 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013.05.27 10:51:54 | 000,028,160 | ---- | C] () -- C:\Windows\System32\ImHttpComm.dll [2011.09.21 17:10:43 | 000,000,016 | -H-- | C] () -- C:\ProgramData\mxfilerelatedcache.mxc2 [2009.12.19 14:27:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.11.04 15:06:04 | 000,008,831 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate [2009.01.17 15:57:07 | 000,007,268 | ---- | C] () -- C:\Users\andrea\AppData\Local\d3d9caps.dat [2008.03.21 19:10:47 | 000,000,016 | -H-- | C] () -- C:\Users\andrea\AppData\Roaming\mxfilerelatedcache.mxc2 [2008.03.13 13:11:06 | 000,000,258 | ---- | C] () -- C:\Users\andrea\AppData\Roaming\iPod Access v4 Prefs [2008.03.13 13:03:56 | 000,000,010 | -H-- | C] () -- C:\Users\andrea\AppData\Roaming\iPodAccess_Time [2008.03.02 17:35:54 | 000,000,016 | -H-- | C] () -- C:\Users\andrea\AppData\Local\mxfilerelatedcache.mxc2 [2008.03.02 17:35:34 | 000,000,016 | -H-- | C] () -- C:\Users\andrea\mxfilerelatedcache.mxc2 [2008.02.13 17:23:26 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2008.01.13 21:28:56 | 000,111,258 | ---- | C] () -- C:\ProgramData\firstlsp.reg.dat [2008.01.09 13:20:05 | 000,011,264 | ---- | C] () -- C:\Users\andrea\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 17:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 06:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.19 09:36:49 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.05.31 09:37:50 | 000,000,000 | ---D | M] -- C:\Users\andrea\AppData\Roaming\BabSolution [2013.05.31 09:37:09 | 000,000,000 | ---D | M] -- C:\Users\andrea\AppData\Roaming\Babylon [2008.01.15 14:10:38 | 000,000,000 | ---D | M] -- C:\Users\andrea\AppData\Roaming\DAEMON Tools Pro [2013.05.31 09:37:37 | 000,000,000 | ---D | M] -- C:\Users\andrea\AppData\Roaming\Delta [2008.03.16 15:05:57 | 000,000,000 | ---D | M] -- C:\Users\andrea\AppData\Roaming\DesktopSMS [2013.06.05 11:26:52 | 000,000,000 | ---D | M] -- C:\Users\andrea\AppData\Roaming\Dropbox [2011.09.16 15:04:10 | 000,000,000 | ---D | M] -- C:\Users\andrea\AppData\Roaming\DVDVideoSoft [2009.11.18 15:59:56 | 000,000,000 | ---D | M] -- C:\Users\andrea\AppData\Roaming\EPSON [2010.05.28 13:13:00 | 000,000,000 | ---D | M] -- C:\Users\andrea\AppData\Roaming\FocusDVD [2008.03.21 19:14:01 | 000,000,000 | ---D | M] -- C:\Users\andrea\AppData\Roaming\MAGIX [2008.02.14 16:11:56 | 000,000,000 | ---D | M] -- C:\Users\andrea\AppData\Roaming\Radmin [2008.03.16 15:09:26 | 000,000,000 | ---D | M] -- C:\Users\andrea\AppData\Roaming\Toshiba [2008.06.22 18:54:27 | 000,000,000 | ---D | M] -- C:\Users\andrea\AppData\Roaming\TrueCrypt [2008.01.15 13:33:12 | 000,000,000 | ---D | M] -- C:\Users\andrea\AppData\Roaming\TuneUp Software [2008.11.23 22:37:32 | 000,000,000 | ---D | M] -- C:\Users\andrea\AppData\Roaming\WEB.DE [2013.05.30 14:19:52 | 000,000,000 | ---D | M] -- C:\Users\andrea\AppData\Roaming\WinPatrol ========== Purity Check ========== < End of report > |
05.06.2013, 11:29 | #51 |
| Trojaner TR/Crypt.XPACK.Gen3 auf Laptop, wie entfernen? OTL Logfile: Code:
ATTFilter OTL logfile created on: 05.06.2013 11:34:25 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\andrea\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,71 Gb Available Physical Memory | 35,31% Memory free 4,23 Gb Paging File | 2,42 Gb Available in Paging File | 57,17% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 93,16 Gb Total Space | 20,95 Gb Free Space | 22,49% Space Free | Partition Type: NTFS Drive E: | 91,69 Gb Total Space | 71,56 Gb Free Space | 78,04% Space Free | Partition Type: NTFS Computer Name: ANDREA-PC | User Name: andrea | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.05 11:33:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\andrea\Desktop\OTL.exe PRC - [2013.06.03 11:57:49 | 003,085,264 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe PRC - [2013.05.25 02:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\andrea\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013.05.07 01:08:11 | 006,579,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SoftwareDistribution\Download\Install\Windows-KB890830-V4.20-delta.exe PRC - [2013.05.03 15:57:16 | 000,093,832 | ---- | M] (Microsoft Corporation) -- e:\8f90c75808879df0eec43b1c8cac528a\mrtstub.exe PRC - [2013.04.18 15:56:22 | 001,227,800 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psia.exe PRC - [2013.04.18 15:56:14 | 000,659,992 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\sua.exe PRC - [2013.04.18 15:56:10 | 000,563,224 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psi_tray.exe PRC - [2013.01.31 16:10:00 | 000,201,808 | ---- | M] (Somoto) -- C:\Programme\FilesFrog Update Checker\update_checker.exe PRC - [2009.02.26 18:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.10.24 18:42:29 | 000,068,865 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe PRC - [2008.10.24 18:42:25 | 000,151,297 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe PRC - [2008.05.15 21:24:20 | 000,929,792 | ---- | M] (Silicon Motion) -- C:\Programme\Silicon Motion\USB2.0 UVC WebCam\STIMON.exe PRC - [2008.01.29 17:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe PRC - [2008.01.19 09:33:30 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2007.09.26 11:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe PRC - [2007.06.13 07:11:00 | 004,489,216 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.06.07 13:30:40 | 000,192,512 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynToshiba.exe PRC - [2007.05.23 15:57:12 | 000,509,496 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\SmoothView\SmoothView.exe PRC - [2007.05.22 16:32:00 | 000,538,744 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe PRC - [2007.05.17 21:12:30 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe PRC - [2007.04.16 07:04:49 | 000,077,824 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Java\jre1.6.0\bin\jusched.exe PRC - [2007.03.29 10:39:00 | 000,427,576 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe PRC - [2007.03.29 10:39:00 | 000,411,192 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe PRC - [2007.02.12 14:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.02.12 14:37:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2006.11.14 22:02:36 | 001,372,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe PRC - [2006.11.14 21:19:42 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSwMgr.exe PRC - [2006.11.14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe PRC - [2006.11.06 17:14:44 | 000,034,352 | ---- | M] () -- C:\Programme\TOSHIBA\Utilities\KeNotify.exe PRC - [2006.10.05 13:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe PRC - [2006.05.25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe ========== Modules (No Company Name) ========== MOD - [2013.06.03 11:57:49 | 003,085,264 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe MOD - [2013.06.03 11:57:01 | 002,521,552 | ---- | M] () -- c:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll MOD - [2013.03.13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\andrea\AppData\Roaming\Dropbox\bin\libcef.dll MOD - [2012.11.14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\andrea\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll MOD - [2011.09.07 13:05:03 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll MOD - [2011.09.07 13:04:52 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll MOD - [2011.09.07 13:04:37 | 000,519,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\TCrdMain\d0df9e2668ffa3fbd9b3298e4bf9d690\TCrdMain.ni.exe MOD - [2011.09.07 12:36:58 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll MOD - [2011.09.07 12:36:30 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll MOD - [2011.09.07 12:36:16 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll MOD - [2011.09.07 12:35:47 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6bebfe5b7776c84cb38efdb2a7c9d447\PresentationFramework.Aero.ni.dll MOD - [2011.09.07 12:35:44 | 014,327,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\415ef2ec8cbd9f3368da6ade10beae26\PresentationFramework.ni.dll MOD - [2011.09.07 12:35:09 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\c1498ba4652483d5adddd4c5d3927170\PresentationCore.ni.dll MOD - [2011.09.07 12:34:50 | 003,313,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\29d729043903b7b4b2ea695db220d866\WindowsBase.ni.dll MOD - [2011.09.07 12:34:42 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll MOD - [2011.09.07 12:34:14 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll MOD - [2008.11.25 01:34:49 | 001,736,528 | ---- | M] () -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\wpfgfx_v0300.dll MOD - [2008.07.27 20:03:15 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll MOD - [2008.07.27 20:03:08 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2008.07.27 20:03:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2008.07.27 20:03:08 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2008.01.04 11:12:10 | 001,675,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2728.28937__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2008.01.04 11:12:10 | 000,360,448 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2728.29164__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll MOD - [2008.01.04 11:12:10 | 000,233,472 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2728.28895__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2008.01.04 11:12:10 | 000,184,320 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2728.28951__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2008.01.04 11:12:10 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2728.29157__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2008.01.04 11:12:10 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2728.28930__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2008.01.04 11:12:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Runtime\2.0.2728.28950__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Runtime.dll MOD - [2008.01.04 11:12:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2728.29051__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2008.01.04 11:12:10 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2728.28915__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2008.01.04 11:12:09 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2728.29192__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2008.01.04 11:12:09 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2728.29115__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2008.01.04 11:11:44 | 000,331,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2728.29124__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2008.01.04 11:11:44 | 000,139,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.2728.29185__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll MOD - [2008.01.04 11:11:44 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2728.29198__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2008.01.04 11:11:44 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2728.29131__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2008.01.04 11:11:44 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2728.28909__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2008.01.04 11:11:44 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2728.29123__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2008.01.04 11:11:44 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2728.29184__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll MOD - [2008.01.04 11:11:43 | 000,917,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.2728.29159__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll MOD - [2008.01.04 11:11:43 | 000,667,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2728.29061__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2008.01.04 11:11:43 | 000,585,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2728.28964__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2008.01.04 11:11:43 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2728.29052__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2008.01.04 11:11:43 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2728.28916__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll MOD - [2008.01.04 11:11:43 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2728.29145__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2008.01.04 11:11:43 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2728.29102__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll MOD - [2008.01.04 11:11:43 | 000,323,584 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.2728.29044__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2008.01.04 11:11:43 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2728.28971__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll MOD - [2008.01.04 11:11:43 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2728.28957__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2008.01.04 11:11:43 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2728.29082__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2008.01.04 11:11:43 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2728.29051__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2008.01.04 11:11:43 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2728.29059__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2008.01.04 11:11:43 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2728.28970__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2008.01.04 11:11:43 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2728.29059__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2008.01.04 11:11:43 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2728.29081__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2008.01.04 11:11:43 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2728.29102__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2008.01.04 11:11:42 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2665.42152__90ba9c70f846762e\CLI.Foundation.dll MOD - [2008.01.04 11:11:42 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2665.42162__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2008.01.04 11:11:42 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2008.01.04 11:11:42 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2665.42149__90ba9c70f846762e\LOG.Foundation.dll MOD - [2008.01.04 11:11:42 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2665.42240__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2008.01.04 11:11:42 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2665.42151__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2008.01.04 11:11:42 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2665.42178__90ba9c70f846762e\DEM.OS.I0602.dll MOD - [2008.01.04 11:11:42 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2665.42166__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2008.01.04 11:11:42 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2665.42161__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2008.01.04 11:11:42 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2665.42156__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2008.01.04 11:11:42 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2665.42157__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2008.01.04 11:11:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2665.42168__90ba9c70f846762e\MOM.Foundation.dll MOD - [2008.01.04 11:11:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2665.42177__90ba9c70f846762e\DEM.OS.dll MOD - [2008.01.04 11:11:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2665.42179__90ba9c70f846762e\DEM.Graphics.dll MOD - [2008.01.04 11:11:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2008.01.04 11:11:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2665.42164__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2008.01.04 11:11:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2665.42181__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2008.01.04 11:11:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2665.42180__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2008.01.04 11:11:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2665.42187__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2008.01.04 11:11:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2665.42196__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2008.01.04 11:11:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2665.42166__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2008.01.04 11:11:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2665.42196__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2008.01.04 11:11:42 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2008.01.04 11:11:41 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2665.42187__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2008.01.04 11:11:41 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Shared\2.0.2665.42182__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Shared.dll MOD - [2008.01.04 11:11:41 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2665.42184__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2008.01.04 11:11:41 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2665.42186__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2008.01.04 11:11:41 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2665.42198__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2008.01.04 11:11:41 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2665.42184__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2008.01.04 11:11:41 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2665.42186__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2008.01.04 11:11:41 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2665.42184__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2008.01.04 11:11:41 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2665.42182__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2008.01.04 11:11:41 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2665.42167__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2008.01.04 11:11:41 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2665.42180__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2008.01.04 11:11:41 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2665.42197__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll MOD - [2008.01.04 11:11:41 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2665.42185__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2008.01.04 11:11:41 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2665.42166__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2008.01.04 11:11:41 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2665.42187__90ba9c70f846762e\APM.Foundation.dll MOD - [2008.01.04 11:11:41 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2665.42150__90ba9c70f846762e\AEM.Foundation.dll MOD - [2008.01.04 11:11:41 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll MOD - [2008.01.04 11:11:41 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2665.42181__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2008.01.04 11:11:41 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2665.42160__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2008.01.04 11:11:36 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.2728.29169_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll MOD - [2008.01.04 11:11:35 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2728.29220__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2008.01.04 11:11:35 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2728.28892__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2008.01.04 11:11:34 | 001,503,232 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2728.28903__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2008.01.04 11:11:34 | 000,466,944 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2728.28924__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2008.01.04 11:11:34 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2728.29169__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2008.01.04 11:11:34 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2728.29178__90ba9c70f846762e\MOM.Implementation.dll MOD - [2008.01.04 11:11:34 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2728.28894__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2008.01.04 11:11:34 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2728.29176__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2008.01.04 11:11:34 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2728.28894__90ba9c70f846762e\ATIDEMOS.dll MOD - [2008.01.04 11:11:34 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2728.28893__90ba9c70f846762e\AEM.Server.dll MOD - [2008.01.04 11:11:34 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2665.42165__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2008.01.04 11:11:34 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2665.42160__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2008.01.04 11:11:34 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2665.42158__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2008.01.04 11:11:34 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2728.29177__90ba9c70f846762e\CCC.Implementation.dll MOD - [2008.01.04 11:11:34 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2008.01.04 11:11:34 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2665.42196__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2008.01.04 11:11:34 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2665.42169__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2008.01.04 11:11:34 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2665.42154__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2008.01.04 11:11:34 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2665.42167__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2008.01.04 11:11:34 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2665.42188__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2007.06.21 11:27:32 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll MOD - [2007.05.31 16:38:22 | 000,958,464 | ---- | M] () -- C:\Programme\TOSHIBA\FlashCards\de\TCrdMain.resources.dll MOD - [2007.05.31 11:12:32 | 000,016,384 | R--- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll MOD - [2007.04.23 10:38:08 | 000,009,216 | ---- | M] () -- C:\Programme\TOSHIBA\ConfigFree\NotifyCFF.dll MOD - [2006.12.01 18:55:42 | 000,009,216 | ---- | M] () -- C:\Programme\TOSHIBA\TBS\NotifyTBS.dll MOD - [2006.11.09 18:27:06 | 000,090,112 | ---- | M] () -- C:\Programme\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll MOD - [2006.11.08 19:08:30 | 000,009,216 | ---- | M] () -- C:\Programme\TOSHIBA\PCDiag\NotifyPCD.dll MOD - [2006.11.06 17:14:44 | 000,034,352 | ---- | M] () -- C:\Programme\TOSHIBA\Utilities\KeNotify.exe MOD - [2006.10.10 11:44:16 | 000,009,728 | ---- | M] () -- C:\Programme\TOSHIBA\TOSHIBA Assist\NotifyX.dll MOD - [2006.10.07 12:57:04 | 000,053,248 | ---- | M] () -- C:\Programme\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (LiveUpdate Notice Ex) SRV - File not found [Auto | Stopped] -- C:\Program Files\AntiVir PersonalEdition Premium\avesvc.exe -- (AVEService) SRV - File not found [Auto | Stopped] -- C:\Program Files\AntiVir PersonalEdition Premium\avmailc.exe -- (AntiVirMailService) SRV - [2013.06.03 11:57:49 | 003,085,264 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect) SRV - [2013.05.27 11:48:01 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.17 13:42:41 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.04.18 15:56:22 | 001,227,800 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\psia.exe -- (Secunia PSI Agent) SRV - [2013.04.18 15:56:14 | 000,659,992 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2009.02.26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2008.10.24 18:42:29 | 000,068,865 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler) SRV - [2008.10.24 18:42:25 | 000,151,297 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService) SRV - [2008.01.29 17:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service) SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.15 13:33:07 | 000,306,432 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2007.09.26 11:53:56 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate) SRV - [2007.09.26 11:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler) SRV - [2007.09.04 12:59:02 | 000,029,704 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2007.05.17 21:12:30 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv) SRV - [2007.03.29 10:39:00 | 000,427,576 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV - [2007.02.12 14:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2006.11.14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.10.05 13:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) SRV - [2006.05.25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv) SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\TpChoice.sys -- (TpChoice) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Tosrfcom) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\igdkmd32.sys -- (igfx) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\andrea\AppData\Local\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - File not found [File_System | Boot | Stopped] -- SYSTEM32\drivers\avgntmgr.sys -- (avgntmgr) DRV - File not found [File_System | System | Stopped] -- SYSTEM32\DRIVERS\avgntdd.sys -- (avgntdd) DRV - [2013.04.18 15:55:52 | 000,016,024 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf_x86.sys -- (PSI) DRV - [2009.05.27 16:28:18 | 000,075,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.05.27 16:28:16 | 000,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt) DRV - [2009.05.27 16:28:14 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio) DRV - [2008.04.17 10:20:34 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.01.15 14:00:27 | 000,223,128 | ---- | M] (DT Soft Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dtscsi.sys -- (dtscsi) DRV - [2008.01.15 12:55:40 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2007.06.21 11:36:32 | 002,600,960 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2007.04.30 07:42:14 | 000,081,408 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007.04.27 21:13:58 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32) DRV - [2007.04.26 22:09:38 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) DRV - [2007.03.06 15:01:04 | 000,014,848 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\CplIR.sys -- (CplIR) DRV - [2007.01.24 14:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21) DRV - [2007.01.18 16:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N) DRV - [2007.01.18 16:40:56 | 000,219,392 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I) DRV - [2006.11.28 16:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006.11.02 09:30:52 | 000,467,456 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2006.10.23 16:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec) DRV - [2006.10.18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst) DRV - [2006.10.05 22:22:14 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ) DRV - [2006.07.28 16:25:26 | 000,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\LPCFilter.sys -- (LPCFilter) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = Bing IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = Delta Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Upgrade to Google Chrome IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=119556&tt=300513_ctrl&babsrc=SP_ss_din2g&mntrId=9EA20013E8CB3E29 IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=BLPV5&o=13153&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^S2&apn_dtid=^smt001^YY^DE&apn_uid=d1e5afc4-6f38-46d7-acac-8bfc13328ebe&apn_sauid=F908CFFD-9DF9-45E3-9823-CF14F7706054 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.selectedEngine: "Delta Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_45: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.29 18:40:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.30 08:36:09 | 000,000,000 | ---D | M] [2008.08.28 11:51:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\andrea\AppData\Roaming\mozilla\Extensions [2013.05.31 12:38:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\andrea\AppData\Roaming\mozilla\Firefox\Profiles\4jlhvzgi.default\extensions [2013.05.27 23:37:21 | 000,001,050 | ---- | M] () -- C:\Users\andrea\AppData\Roaming\mozilla\firefox\profiles\4jlhvzgi.default\searchplugins\11-suche.xml [2013.05.30 14:26:06 | 000,002,337 | ---- | M] () -- C:\Users\andrea\AppData\Roaming\mozilla\firefox\profiles\4jlhvzgi.default\searchplugins\askcom.xml [2013.05.31 09:37:31 | 000,006,511 | ---- | M] () -- C:\Users\andrea\AppData\Roaming\mozilla\firefox\profiles\4jlhvzgi.default\searchplugins\babylon.xml [2013.05.31 09:37:55 | 000,001,294 | ---- | M] () -- C:\Users\andrea\AppData\Roaming\mozilla\firefox\profiles\4jlhvzgi.default\searchplugins\delta.xml [2013.05.27 10:53:09 | 000,002,418 | ---- | M] () -- C:\Users\andrea\AppData\Roaming\mozilla\firefox\profiles\4jlhvzgi.default\searchplugins\englische-ergebnisse.xml [2013.05.27 10:53:09 | 000,010,701 | ---- | M] () -- C:\Users\andrea\AppData\Roaming\mozilla\firefox\profiles\4jlhvzgi.default\searchplugins\gmx-suche.xml [2013.05.27 10:53:09 | 000,002,432 | ---- | M] () -- C:\Users\andrea\AppData\Roaming\mozilla\firefox\profiles\4jlhvzgi.default\searchplugins\lastminute.xml [2013.05.27 10:53:09 | 000,005,682 | ---- | M] () -- C:\Users\andrea\AppData\Roaming\mozilla\firefox\profiles\4jlhvzgi.default\searchplugins\webde-suche.xml [2013.05.31 11:10:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.05.29 18:30:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} [2013.05.27 11:48:02 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions [2013.05.27 11:48:02 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ========== Chrome ========== CHR - homepage: CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: CHR - Extension: No name found = C:\Users\andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\6.21.4.1\ O1 HOSTS File: ([2013.05.27 17:00:54 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Programme\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com) O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Programme\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [KeNotify] C:\Programme\TOSHIBA\Utilities\KeNotify.exe () O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA) O4 - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [UnlockerAssistant] "C:\Users\andrea\Desktop\Unlocker\UnlockerAssistant.exe" File not found O4 - HKCU..\Run: [SDP] C:\Program Files\FilesFrog Update Checker\update_checker.exe (Somoto) O4 - Startup: C:\Users\andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\andrea\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPath = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Free YouTube Download - C:\Users\andrea\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\andrea\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - Preispiraten.de - Preisvergleich File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab (Java Plug-in 1.6.0_45) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab (Java Plug-in 1.6.0_45) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab (Java Plug-in 1.6.0_45) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00CCAFB6-0F5C-4CEF-8F4E-1470B893D116}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll () O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - File not found O24 - Desktop WallPaper: C:\Users\andrea\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\andrea\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.06.05 11:33:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\andrea\Desktop\OTL.exe [2013.06.03 17:01:10 | 003,715,248 | ---- | C] (Speedchecker Limited ) -- C:\Users\andrea\Documents\PCSUUpdate.exe [2013.06.03 14:07:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.06.03 14:06:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.05.31 13:11:41 | 000,000,000 | ---D | C] -- C:\Users\andrea\Documents\Bafög Uni Osnabrück [2013.05.31 13:08:55 | 000,000,000 | ---D | C] -- C:\Users\andrea\Documents\Band [2013.05.31 09:37:55 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect [2013.05.31 09:37:44 | 000,000,000 | ---D | C] -- C:\Users\andrea\AppData\Roaming\BabSolution [2013.05.31 09:37:40 | 000,000,000 | ---D | C] -- C:\Program Files\Delta [2013.05.31 09:37:37 | 000,000,000 | ---D | C] -- C:\Users\andrea\AppData\Roaming\Delta [2013.05.31 09:37:09 | 000,000,000 | ---D | C] -- C:\Users\andrea\AppData\Roaming\Babylon [2013.05.31 09:37:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2013.05.30 14:24:41 | 000,000,000 | ---D | C] -- C:\Users\andrea\AppData\Local\APN [2013.05.30 14:24:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask [2013.05.30 14:19:52 | 000,000,000 | ---D | C] -- C:\Users\andrea\AppData\Roaming\WinPatrol [2013.05.30 14:12:52 | 000,000,000 | ---D | C] -- C:\Users\andrea\Desktop\PC Schutz [2013.05.30 14:09:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.05.30 14:09:55 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.05.30 14:09:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.05.30 09:19:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2013.05.30 09:19:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft [2013.05.30 08:35:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2013.05.29 18:39:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2013.05.29 18:38:59 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2013.05.29 18:36:01 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2013.05.29 18:09:29 | 000,000,000 | ---D | C] -- C:\Users\andrea\AppData\Local\WindowsUpdate [2013.05.29 18:07:27 | 000,000,000 | ---D | C] -- C:\Users\andrea\AppData\Local\Secunia PSI [2013.05.29 18:07:17 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia [2013.05.29 16:56:13 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.05.29 16:29:50 | 000,000,000 | ---D | C] -- C:\Users\andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker [2013.05.29 16:29:50 | 000,000,000 | ---D | C] -- C:\Program Files\FilesFrog Update Checker [2013.05.27 17:50:16 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.05.27 16:45:03 | 000,000,000 | R--D | C] -- C:\Users\andrea\Desktop\Pictures [2013.05.27 16:44:27 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.05.27 11:47:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.05.27 10:53:05 | 000,000,000 | ---D | C] -- C:\Users\andrea\Local Settings [2013.05.27 10:53:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2013.05.27 10:53:03 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2013.05.27 10:51:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\jmdp [2013.05.27 10:51:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\ARFC [2013.05.18 10:40:14 | 000,000,000 | ---D | C] -- C:\Users\andrea\AppData\Roaming\Malwarebytes [2013.05.18 10:39:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes ========== Files - Modified Within 30 Days ========== [2013.06.05 11:40:58 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.05 11:33:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\andrea\Desktop\OTL.exe [2013.06.05 11:24:19 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.05 11:24:10 | 000,000,435 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics [2013.06.05 11:23:45 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.05 11:23:45 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.05 11:23:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.05 11:23:30 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys [2013.06.04 22:08:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.04 13:53:16 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{929C5347-AE8B-4470-A617-D957BEE3A63C}.job [2013.06.04 13:32:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2013.06.04 11:55:52 | 000,111,857 | ---- | M] () -- C:\Users\andrea\Desktop\Aufzeichnen.JPG [2013.06.03 17:01:10 | 003,715,248 | ---- | M] (Speedchecker Limited ) -- C:\Users\andrea\Documents\PCSUUpdate.exe [2013.06.03 14:07:53 | 000,055,088 | ---- | M] () -- C:\Users\andrea\Documents\PCSU_Update.exe [2013.06.03 14:06:07 | 002,086,240 | ---- | M] () -- C:\Users\andrea\Desktop\avira-free-antivirus.exe [2013.06.01 15:00:20 | 000,000,957 | ---- | M] () -- C:\Users\andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.05.31 10:36:05 | 000,008,831 | ---- | M] () -- C:\ProgramData\LUUnInstall.LiveUpdate [2013.05.31 10:30:58 | 000,000,862 | ---- | M] () -- C:\Windows\System32\InstallUtil.InstallLog [2013.05.30 10:37:42 | 000,000,904 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013.05.30 10:16:40 | 000,340,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.05.27 18:22:38 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.05.27 18:22:38 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.05.27 18:22:38 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.05.27 18:22:38 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.05.27 17:39:53 | 000,000,130 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013.05.27 17:00:54 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013.05.27 14:49:58 | 268,499,548 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.05.17 19:18:13 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2013.05.16 14:30:02 | 000,028,160 | ---- | M] () -- C:\Windows\System32\ImHttpComm.dll [2013.05.13 17:43:14 | 000,002,637 | ---- | M] () -- C:\Users\andrea\Desktop\Microsoft Office Word 2007.lnk ========== Files Created - No Company Name ========== [2013.06.04 11:55:52 | 000,111,857 | ---- | C] () -- C:\Users\andrea\Desktop\Aufzeichnen.JPG [2013.06.03 14:07:53 | 000,055,088 | ---- | C] () -- C:\Users\andrea\Documents\PCSU_Update.exe [2013.06.03 14:06:07 | 002,086,240 | ---- | C] () -- C:\Users\andrea\Desktop\avira-free-antivirus.exe [2013.05.31 09:39:39 | 000,000,862 | ---- | C] () -- C:\Windows\System32\InstallUtil.InstallLog [2013.05.30 10:37:42 | 000,000,904 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013.05.30 10:37:41 | 000,000,867 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk [2013.05.30 08:36:09 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk [2013.05.27 17:39:41 | 000,000,130 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013.05.27 10:51:54 | 000,028,160 | ---- | C] () -- C:\Windows\System32\ImHttpComm.dll [2011.09.21 17:10:43 | 000,000,016 | -H-- | C] () -- C:\ProgramData\mxfilerelatedcache.mxc2 [2009.12.19 14:27:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.11.04 15:06:04 | 000,008,831 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate [2009.01.17 15:57:07 | 000,007,268 | ---- | C] () -- C:\Users\andrea\AppData\Local\d3d9caps.dat [2008.03.21 19:10:47 | 000,000,016 | -H-- | C] () -- C:\Users\andrea\AppData\Roaming\mxfilerelatedcache.mxc2 [2008.03.13 13:11:06 | 000,000,258 | ---- | C] () -- C:\Users\andrea\AppData\Roaming\iPod Access v4 Prefs [2008.03.13 13:03:56 | 000,000,010 | -H-- | C] () -- C:\Users\andrea\AppData\Roaming\iPodAccess_Time [2008.03.02 17:35:54 | 000,000,016 | -H-- | C] () -- C:\Users\andrea\AppData\Local\mxfilerelatedcache.mxc2 [2008.03.02 17:35:34 | 000,000,016 | -H-- | C] () -- C:\Users\andrea\mxfilerelatedcache.mxc2 [2008.02.13 17:23:26 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2008.01.13 21:28:56 | 000,111,258 | ---- | C] () -- C:\ProgramData\firstlsp.reg.dat [2008.01.09 13:20:05 | 000,011,264 | ---- | C] () -- C:\Users\andrea\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 17:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 06:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.19 09:36:49 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.05.31 09:37:50 | 000,000,000 | ---D | M] -- C:\Users\andrea\AppData\Roaming\BabSolution [2013.05.31 09:37:09 | 000,000,000 | ---D | M] -- C:\Users\andrea\AppData\Roaming\Babylon [2008.01.15 14:10:38 | 000,000,000 | ---D | M] -- C:\Users\andrea\AppData\Roaming\DAEMON Tools Pro [2013.05.31 09:37:37 | 000,000,000 | ---D | M] -- C:\Users\andrea\AppData\Roaming\Delta [2008.03.16 15:05:57 | 000,000,000 | ---D | M] -- C:\Users\andrea\AppData\Roaming\DesktopSMS [2013.06.05 11:26:52 | 000,000,000 | ---D | M] -- C:\Users\andrea\AppData\Roaming\Dropbox [2011.09.16 15:04:10 | 000,000,000 | ---D | M] -- C:\Users\andrea\AppData\Roaming\DVDVideoSoft [2009.11.18 15:59:56 | 000,000,000 | ---D | M] -- C:\Users\andrea\AppData\Roaming\EPSON [2010.05.28 13:13:00 | 000,000,000 | ---D | M] -- C:\Users\andrea\AppData\Roaming\FocusDVD [2008.03.21 19:14:01 | 000,000,000 | ---D | M] -- C:\Users\andrea\AppData\Roaming\MAGIX [2008.02.14 16:11:56 | 000,000,000 | ---D | M] -- C:\Users\andrea\AppData\Roaming\Radmin [2008.03.16 15:09:26 | 000,000,000 | ---D | M] -- C:\Users\andrea\AppData\Roaming\Toshiba [2008.06.22 18:54:27 | 000,000,000 | ---D | M] -- C:\Users\andrea\AppData\Roaming\TrueCrypt [2008.01.15 13:33:12 | 000,000,000 | ---D | M] -- C:\Users\andrea\AppData\Roaming\TuneUp Software [2008.11.23 22:37:32 | 000,000,000 | ---D | M] -- C:\Users\andrea\AppData\Roaming\WEB.DE [2013.05.30 14:19:52 | 000,000,000 | ---D | M] -- C:\Users\andrea\AppData\Roaming\WinPatrol ========== Purity Check ========== < End of report > |
05.06.2013, 12:44 | #52 |
/// the machine /// TB-Ausbilder | Trojaner TR/Crypt.XPACK.Gen3 auf Laptop, wie entfernen?Fixen mit OTL
Code:
ATTFilter :OTL PRC - [2013.06.03 11:57:49 | 003,085,264 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe SRV - [2013.06.03 11:57:49 | 003,085,264 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect) IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=119556&tt=300513_ctrl&babsrc=SP_ss_din2g&mntrId=9EA20013E8CB3E29 IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=BLPV5&o=13153&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^S2&apn_dtid=^smt001^YY^DE&apn_uid=d1e5afc4-6f38-46d7-acac-8bfc13328ebe&apn_sauid=F908CFFD-9DF9-45E3-9823-CF14F7706054 FF - prefs.js..browser.search.selectedEngine: "Delta Search" FF - prefs.js..browser.search.useDBForOrder: true [2013.05.30 14:26:06 | 000,002,337 | ---- | M] () -- C:\Users\andrea\AppData\Roaming\mozilla\firefox\profiles\4jlhvzgi.default\searchplugins\askcom.xml [2013.05.31 09:37:31 | 000,006,511 | ---- | M] () -- C:\Users\andrea\AppData\Roaming\mozilla\firefox\profiles\4jlhvzgi.default\searchplugins\babylon.xml [2013.05.31 09:37:55 | 000,001,294 | ---- | M] () -- C:\Users\andrea\AppData\Roaming\mozilla\firefox\profiles\4jlhvzgi.default\searchplugins\delta.xml O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Programme\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com) O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Programme\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O20 - AppInit_DLLs: (c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll () [2013.05.31 09:37:55 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect [2013.05.31 09:37:44 | 000,000,000 | ---D | C] -- C:\Users\andrea\AppData\Roaming\BabSolution [2013.05.31 09:37:40 | 000,000,000 | ---D | C] -- C:\Program Files\Delta [2013.05.31 09:37:37 | 000,000,000 | ---D | C] -- C:\Users\andrea\AppData\Roaming\Delta [2013.05.31 09:37:09 | 000,000,000 | ---D | C] -- C:\Users\andrea\AppData\Roaming\Babylon [2013.05.31 09:37:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2013.05.30 14:24:41 | 000,000,000 | ---D | C] -- C:\Users\andrea\AppData\Local\APN [2013.05.30 14:24:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask [2013.05.31 09:37:50 | 000,000,000 | ---D | M] -- C:\Users\andrea\AppData\Roaming\BabSolution [2013.05.31 09:37:09 | 000,000,000 | ---D | M] -- C:\Users\andrea\AppData\Roaming\Babylon [2013.05.31 09:37:37 | 000,000,000 | ---D | M] -- C:\Users\andrea\AppData\Roaming\Delta :files E:\1b371942ca3c183f7b0cd2ac :Commands [emptytemp]
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
06.06.2013, 10:49 | #53 |
| Trojaner TR/Crypt.XPACK.Gen3 auf Laptop, wie entfernen? Hey, ich habe das jetzt dreimal probiert. Mein Rechner stürzt jedes Mal dabei ab :-(. Irgendwie läuft der seit Tagen auch echt langsam und hängt oft. |
06.06.2013, 11:41 | #54 |
/// the machine /// TB-Ausbilder | Trojaner TR/Crypt.XPACK.Gen3 auf Laptop, wie entfernen? Lass mal das :Commands [emptytemp] weg im Fix und versuch es nochmal.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
06.06.2013, 16:37 | #55 |
| Trojaner TR/Crypt.XPACK.Gen3 auf Laptop, wie entfernen? Klappt leider auch nicht. Der hängt sich immer wieder auf :-( |
06.06.2013, 16:39 | #56 |
/// the machine /// TB-Ausbilder | Trojaner TR/Crypt.XPACK.Gen3 auf Laptop, wie entfernen? Manchmal geht mir OTL so richtig auf die Eier..... mach mal bitte nen neuen Scan mit OTL und poste das Log.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
07.06.2013, 15:11 | #57 |
| Trojaner TR/Crypt.XPACK.Gen3 auf Laptop, wie entfernen? Jo, und mir erst! OTL hat mir jetzt nach zweimal ausprobieren immer nur Otl.txt ausgespuckt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 07.06.2013 15:34:56 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\andrea\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,07 Gb Available Physical Memory | 53,57% Memory free 4,23 Gb Paging File | 2,97 Gb Available in Paging File | 70,30% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 93,16 Gb Total Space | 21,84 Gb Free Space | 23,45% Space Free | Partition Type: NTFS Drive E: | 91,69 Gb Total Space | 71,56 Gb Free Space | 78,05% Space Free | Partition Type: NTFS Computer Name: ANDREA-PC | User Name: andrea | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.05 11:33:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\andrea\Desktop\OTL.exe PRC - [2013.05.25 02:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\andrea\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013.04.18 15:56:22 | 001,227,800 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psia.exe PRC - [2013.04.18 15:56:14 | 000,659,992 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\sua.exe PRC - [2013.04.18 15:56:10 | 000,563,224 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psi_tray.exe PRC - [2013.01.31 16:10:00 | 000,201,808 | ---- | M] (Somoto) -- C:\Programme\FilesFrog Update Checker\update_checker.exe PRC - [2009.02.26 18:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.10.24 18:42:29 | 000,068,865 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe PRC - [2008.10.24 18:42:25 | 000,151,297 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe PRC - [2008.05.15 21:24:20 | 000,929,792 | ---- | M] (Silicon Motion) -- C:\Programme\Silicon Motion\USB2.0 UVC WebCam\STIMON.exe PRC - [2008.01.29 17:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe PRC - [2008.01.19 09:33:30 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2007.09.26 11:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe PRC - [2007.06.13 07:11:00 | 004,489,216 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.06.07 13:30:40 | 000,192,512 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynToshiba.exe PRC - [2007.05.23 15:57:12 | 000,509,496 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\SmoothView\SmoothView.exe PRC - [2007.05.22 16:32:00 | 000,538,744 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe PRC - [2007.05.17 21:12:30 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe PRC - [2007.04.16 07:04:49 | 000,077,824 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Java\jre1.6.0\bin\jusched.exe PRC - [2007.03.29 10:39:00 | 000,427,576 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe PRC - [2007.03.29 10:39:00 | 000,411,192 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe PRC - [2007.02.12 14:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.02.12 14:37:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2006.11.14 22:02:36 | 001,372,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe PRC - [2006.11.14 21:19:42 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSwMgr.exe PRC - [2006.11.14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe PRC - [2006.11.06 17:14:44 | 000,034,352 | ---- | M] () -- C:\Programme\TOSHIBA\Utilities\KeNotify.exe PRC - [2006.10.05 13:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe PRC - [2006.05.25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe ========== Modules (No Company Name) ========== MOD - [2013.06.03 11:57:01 | 002,521,552 | ---- | M] () -- c:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll MOD - [2013.03.13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\andrea\AppData\Roaming\Dropbox\bin\libcef.dll MOD - [2012.11.14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\andrea\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll MOD - [2011.09.07 13:05:03 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll MOD - [2011.09.07 13:04:52 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll MOD - [2011.09.07 13:04:37 | 000,519,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\TCrdMain\d0df9e2668ffa3fbd9b3298e4bf9d690\TCrdMain.ni.exe MOD - [2011.09.07 12:36:58 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll MOD - [2011.09.07 12:36:30 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll MOD - [2011.09.07 12:36:16 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll MOD - [2011.09.07 12:35:47 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6bebfe5b7776c84cb38efdb2a7c9d447\PresentationFramework.Aero.ni.dll MOD - [2011.09.07 12:35:44 | 014,327,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\415ef2ec8cbd9f3368da6ade10beae26\PresentationFramework.ni.dll MOD - [2011.09.07 12:35:09 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\c1498ba4652483d5adddd4c5d3927170\PresentationCore.ni.dll MOD - [2011.09.07 12:34:50 | 003,313,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\29d729043903b7b4b2ea695db220d866\WindowsBase.ni.dll MOD - [2011.09.07 12:34:42 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll MOD - [2011.09.07 12:34:14 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll MOD - [2008.11.25 01:34:49 | 001,736,528 | ---- | M] () -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\wpfgfx_v0300.dll MOD - [2008.07.27 20:03:15 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll MOD - [2008.07.27 20:03:08 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2008.07.27 20:03:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2008.07.27 20:03:08 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2008.07.27 20:03:08 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2008.01.04 11:12:10 | 001,675,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2728.28937__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2008.01.04 11:12:10 | 000,360,448 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2728.29164__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll MOD - [2008.01.04 11:12:10 | 000,233,472 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2728.28895__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2008.01.04 11:12:10 | 000,184,320 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2728.28951__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2008.01.04 11:12:10 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2728.29157__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2008.01.04 11:12:10 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2728.28930__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2008.01.04 11:12:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Runtime\2.0.2728.28950__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Runtime.dll MOD - [2008.01.04 11:12:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2728.29051__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2008.01.04 11:12:10 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2728.28915__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2008.01.04 11:12:09 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2728.29192__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2008.01.04 11:12:09 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2728.29115__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2008.01.04 11:11:44 | 000,331,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2728.29124__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2008.01.04 11:11:44 | 000,139,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.2728.29185__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll MOD - [2008.01.04 11:11:44 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2728.29198__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2008.01.04 11:11:44 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2728.29131__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2008.01.04 11:11:44 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2728.28909__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2008.01.04 11:11:44 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2728.29123__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2008.01.04 11:11:44 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2728.29184__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll MOD - [2008.01.04 11:11:43 | 000,917,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.2728.29159__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll MOD - [2008.01.04 11:11:43 | 000,667,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2728.29061__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2008.01.04 11:11:43 | 000,585,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2728.28964__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2008.01.04 11:11:43 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2728.29052__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2008.01.04 11:11:43 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2728.28916__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll MOD - [2008.01.04 11:11:43 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2728.29145__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2008.01.04 11:11:43 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2728.29102__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll MOD - [2008.01.04 11:11:43 | 000,323,584 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.2728.29044__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2008.01.04 11:11:43 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2728.28971__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll MOD - [2008.01.04 11:11:43 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2728.28957__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2008.01.04 11:11:43 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2728.29082__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2008.01.04 11:11:43 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2728.29051__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2008.01.04 11:11:43 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2728.29059__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2008.01.04 11:11:43 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2728.28970__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2008.01.04 11:11:43 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2728.29059__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2008.01.04 11:11:43 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2728.29081__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2008.01.04 11:11:43 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2728.29102__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2008.01.04 11:11:42 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2665.42152__90ba9c70f846762e\CLI.Foundation.dll MOD - [2008.01.04 11:11:42 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2665.42162__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2008.01.04 11:11:42 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2008.01.04 11:11:42 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2665.42149__90ba9c70f846762e\LOG.Foundation.dll MOD - [2008.01.04 11:11:42 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2665.42240__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2008.01.04 11:11:42 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2665.42151__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2008.01.04 11:11:42 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2665.42178__90ba9c70f846762e\DEM.OS.I0602.dll MOD - [2008.01.04 11:11:42 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2665.42166__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2008.01.04 11:11:42 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2665.42161__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2008.01.04 11:11:42 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2665.42156__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2008.01.04 11:11:42 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2665.42157__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2008.01.04 11:11:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2665.42168__90ba9c70f846762e\MOM.Foundation.dll MOD - [2008.01.04 11:11:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2665.42177__90ba9c70f846762e\DEM.OS.dll MOD - [2008.01.04 11:11:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2665.42179__90ba9c70f846762e\DEM.Graphics.dll MOD - [2008.01.04 11:11:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2008.01.04 11:11:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2665.42164__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2008.01.04 11:11:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2665.42181__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2008.01.04 11:11:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2665.42180__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2008.01.04 11:11:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2665.42187__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2008.01.04 11:11:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2665.42196__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2008.01.04 11:11:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2665.42166__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2008.01.04 11:11:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2665.42196__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2008.01.04 11:11:42 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2008.01.04 11:11:41 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2665.42187__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2008.01.04 11:11:41 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Shared\2.0.2665.42182__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Shared.dll MOD - [2008.01.04 11:11:41 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2665.42184__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2008.01.04 11:11:41 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2665.42186__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2008.01.04 11:11:41 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2665.42198__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2008.01.04 11:11:41 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2665.42184__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2008.01.04 11:11:41 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2665.42186__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2008.01.04 11:11:41 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2665.42184__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2008.01.04 11:11:41 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2665.42182__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2008.01.04 11:11:41 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2665.42167__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2008.01.04 11:11:41 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2665.42180__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2008.01.04 11:11:41 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2665.42197__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll MOD - [2008.01.04 11:11:41 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2665.42185__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2008.01.04 11:11:41 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2665.42166__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2008.01.04 11:11:41 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2665.42187__90ba9c70f846762e\APM.Foundation.dll MOD - [2008.01.04 11:11:41 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2665.42150__90ba9c70f846762e\AEM.Foundation.dll MOD - [2008.01.04 11:11:41 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll MOD - [2008.01.04 11:11:41 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2665.42181__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2008.01.04 11:11:41 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2665.42160__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2008.01.04 11:11:36 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.2728.29169_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll MOD - [2008.01.04 11:11:35 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2728.29220__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2008.01.04 11:11:35 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2728.28892__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2008.01.04 11:11:34 | 001,503,232 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2728.28903__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2008.01.04 11:11:34 | 000,466,944 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2728.28924__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2008.01.04 11:11:34 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2728.29169__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2008.01.04 11:11:34 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2728.29178__90ba9c70f846762e\MOM.Implementation.dll MOD - [2008.01.04 11:11:34 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2728.28894__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2008.01.04 11:11:34 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2728.29176__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2008.01.04 11:11:34 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2728.28894__90ba9c70f846762e\ATIDEMOS.dll MOD - [2008.01.04 11:11:34 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2728.28893__90ba9c70f846762e\AEM.Server.dll MOD - [2008.01.04 11:11:34 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2665.42165__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2008.01.04 11:11:34 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2665.42160__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2008.01.04 11:11:34 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2665.42158__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2008.01.04 11:11:34 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2728.29177__90ba9c70f846762e\CCC.Implementation.dll MOD - [2008.01.04 11:11:34 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2008.01.04 11:11:34 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2665.42196__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2008.01.04 11:11:34 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2665.42169__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2008.01.04 11:11:34 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2665.42154__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2008.01.04 11:11:34 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2665.42167__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2008.01.04 11:11:34 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2665.42188__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2007.09.20 19:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2007.06.21 11:27:32 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll MOD - [2007.05.31 16:38:22 | 000,958,464 | ---- | M] () -- C:\Programme\TOSHIBA\FlashCards\de\TCrdMain.resources.dll MOD - [2007.05.31 11:12:32 | 000,016,384 | R--- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll MOD - [2007.04.23 10:38:08 | 000,009,216 | ---- | M] () -- C:\Programme\TOSHIBA\ConfigFree\NotifyCFF.dll MOD - [2006.12.01 18:55:42 | 000,009,216 | ---- | M] () -- C:\Programme\TOSHIBA\TBS\NotifyTBS.dll MOD - [2006.11.09 18:27:06 | 000,090,112 | ---- | M] () -- C:\Programme\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll MOD - [2006.11.08 19:08:30 | 000,009,216 | ---- | M] () -- C:\Programme\TOSHIBA\PCDiag\NotifyPCD.dll MOD - [2006.11.06 17:14:44 | 000,034,352 | ---- | M] () -- C:\Programme\TOSHIBA\Utilities\KeNotify.exe MOD - [2006.10.10 11:44:16 | 000,009,728 | ---- | M] () -- C:\Programme\TOSHIBA\TOSHIBA Assist\NotifyX.dll MOD - [2006.10.07 12:57:04 | 000,053,248 | ---- | M] () -- C:\Programme\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (LiveUpdate Notice Ex) SRV - File not found [Auto | Stopped] -- C:\Program Files\AntiVir PersonalEdition Premium\avesvc.exe -- (AVEService) SRV - File not found [Auto | Stopped] -- C:\Program Files\AntiVir PersonalEdition Premium\avmailc.exe -- (AntiVirMailService) SRV - [2013.05.27 11:48:01 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.17 13:42:41 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.04.18 15:56:22 | 001,227,800 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\psia.exe -- (Secunia PSI Agent) SRV - [2013.04.18 15:56:14 | 000,659,992 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2009.02.26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2008.10.24 18:42:29 | 000,068,865 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler) SRV - [2008.10.24 18:42:25 | 000,151,297 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService) SRV - [2008.01.29 17:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service) SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.15 13:33:07 | 000,306,432 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2007.09.26 11:53:56 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate) SRV - [2007.09.26 11:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler) SRV - [2007.09.04 12:59:02 | 000,029,704 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2007.05.17 21:12:30 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv) SRV - [2007.03.29 10:39:00 | 000,427,576 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV - [2007.02.12 14:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2006.11.14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.10.05 13:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) SRV - [2006.05.25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv) SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\TpChoice.sys -- (TpChoice) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Tosrfcom) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\igdkmd32.sys -- (igfx) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\andrea\AppData\Local\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - File not found [File_System | Boot | Stopped] -- SYSTEM32\drivers\avgntmgr.sys -- (avgntmgr) DRV - File not found [File_System | System | Stopped] -- SYSTEM32\DRIVERS\avgntdd.sys -- (avgntdd) DRV - [2013.04.18 15:55:52 | 000,016,024 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf_x86.sys -- (PSI) DRV - [2009.05.27 16:28:18 | 000,075,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.05.27 16:28:16 | 000,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt) DRV - [2009.05.27 16:28:14 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio) DRV - [2008.04.17 10:20:34 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.01.15 14:00:27 | 000,223,128 | ---- | M] (DT Soft Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dtscsi.sys -- (dtscsi) DRV - [2008.01.15 12:55:40 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2007.06.21 11:36:32 | 002,600,960 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2007.04.30 07:42:14 | 000,081,408 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007.04.27 21:13:58 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32) DRV - [2007.04.26 22:09:38 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) DRV - [2007.03.06 15:01:04 | 000,014,848 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\CplIR.sys -- (CplIR) DRV - [2007.01.24 14:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21) DRV - [2007.01.18 16:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N) DRV - [2007.01.18 16:40:56 | 000,219,392 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I) DRV - [2006.11.28 16:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006.11.02 09:30:52 | 000,467,456 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2006.10.23 16:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec) DRV - [2006.10.18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst) DRV - [2006.10.05 22:22:14 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ) DRV - [2006.07.28 16:25:26 | 000,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\LPCFilter.sys -- (LPCFilter) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = Bing IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = Delta Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Upgrade to Google Chrome IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.search.useDBForOrder: "" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_45: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.29 18:40:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.30 08:36:09 | 000,000,000 | ---D | M] [2008.08.28 11:51:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\andrea\AppData\Roaming\mozilla\Extensions [2013.05.31 12:38:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\andrea\AppData\Roaming\mozilla\Firefox\Profiles\4jlhvzgi.default\extensions [2013.05.27 23:37:21 | 000,001,050 | ---- | M] () -- C:\Users\andrea\AppData\Roaming\mozilla\firefox\profiles\4jlhvzgi.default\searchplugins\11-suche.xml [2013.05.27 10:53:09 | 000,002,418 | ---- | M] () -- C:\Users\andrea\AppData\Roaming\mozilla\firefox\profiles\4jlhvzgi.default\searchplugins\englische-ergebnisse.xml [2013.05.27 10:53:09 | 000,010,701 | ---- | M] () -- C:\Users\andrea\AppData\Roaming\mozilla\firefox\profiles\4jlhvzgi.default\searchplugins\gmx-suche.xml [2013.05.27 10:53:09 | 000,002,432 | ---- | M] () -- C:\Users\andrea\AppData\Roaming\mozilla\firefox\profiles\4jlhvzgi.default\searchplugins\lastminute.xml [2013.05.27 10:53:09 | 000,005,682 | ---- | M] () -- C:\Users\andrea\AppData\Roaming\mozilla\firefox\profiles\4jlhvzgi.default\searchplugins\webde-suche.xml [2013.05.31 11:10:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.05.29 18:30:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} [2013.05.27 11:48:02 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions [2013.05.27 11:48:02 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ========== Chrome ========== CHR - homepage: CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: CHR - Extension: No name found = C:\Users\andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\6.21.4.1\ O1 HOSTS File: ([2013.05.27 17:00:54 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [KeNotify] C:\Programme\TOSHIBA\Utilities\KeNotify.exe () O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA) O4 - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [UnlockerAssistant] "C:\Users\andrea\Desktop\Unlocker\UnlockerAssistant.exe" File not found O4 - HKCU..\Run: [SDP] C:\Program Files\FilesFrog Update Checker\update_checker.exe (Somoto) O4 - Startup: C:\Users\andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\andrea\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPath = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Free YouTube Download - C:\Users\andrea\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\andrea\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - Preispiraten.de - Preisvergleich File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab (Java Plug-in 1.6.0_45) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab (Java Plug-in 1.6.0_45) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab (Java Plug-in 1.6.0_45) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00CCAFB6-0F5C-4CEF-8F4E-1470B893D116}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll () O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - File not found O24 - Desktop WallPaper: C:\Users\andrea\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\andrea\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.06.05 14:19:46 | 000,000,000 | ---D | C] -- C:\_OTL [2013.06.05 11:33:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\andrea\Desktop\OTL.exe [2013.06.03 17:01:10 | 003,715,248 | ---- | C] (Speedchecker Limited ) -- C:\Users\andrea\Documents\PCSUUpdate.exe [2013.06.03 14:07:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.06.03 14:06:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.05.31 13:11:41 | 000,000,000 | ---D | C] -- C:\Users\andrea\Documents\Bafög Uni Osnabrück [2013.05.31 13:08:55 | 000,000,000 | ---D | C] -- C:\Users\andrea\Documents\Band [2013.05.31 09:37:55 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect [2013.05.31 09:37:44 | 000,000,000 | ---D | C] -- C:\Users\andrea\AppData\Roaming\BabSolution [2013.05.31 09:37:40 | 000,000,000 | ---D | C] -- C:\Program Files\Delta [2013.05.31 09:37:37 | 000,000,000 | ---D | C] -- C:\Users\andrea\AppData\Roaming\Delta [2013.05.31 09:37:09 | 000,000,000 | ---D | C] -- C:\Users\andrea\AppData\Roaming\Babylon [2013.05.31 09:37:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2013.05.30 14:24:41 | 000,000,000 | ---D | C] -- C:\Users\andrea\AppData\Local\APN [2013.05.30 14:24:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask [2013.05.30 14:19:52 | 000,000,000 | ---D | C] -- C:\Users\andrea\AppData\Roaming\WinPatrol [2013.05.30 14:12:52 | 000,000,000 | ---D | C] -- C:\Users\andrea\Desktop\PC Schutz [2013.05.30 14:09:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.05.30 14:09:55 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.05.30 14:09:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.05.30 09:19:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2013.05.30 09:19:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft [2013.05.30 08:35:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2013.05.29 18:39:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2013.05.29 18:38:59 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2013.05.29 18:36:01 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2013.05.29 18:09:29 | 000,000,000 | ---D | C] -- C:\Users\andrea\AppData\Local\WindowsUpdate [2013.05.29 18:07:27 | 000,000,000 | ---D | C] -- C:\Users\andrea\AppData\Local\Secunia PSI [2013.05.29 18:07:17 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia [2013.05.29 16:56:13 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.05.29 16:29:50 | 000,000,000 | ---D | C] -- C:\Users\andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker [2013.05.29 16:29:50 | 000,000,000 | ---D | C] -- C:\Program Files\FilesFrog Update Checker [2013.05.27 17:50:16 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.05.27 16:45:03 | 000,000,000 | R--D | C] -- C:\Users\andrea\Desktop\Pictures [2013.05.27 16:44:27 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.05.27 11:47:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.05.27 10:53:05 | 000,000,000 | ---D | C] -- C:\Users\andrea\Local Settings [2013.05.27 10:53:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2013.05.27 10:53:03 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2013.05.27 10:51:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\jmdp [2013.05.27 10:51:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\ARFC [2013.05.18 10:40:14 | 000,000,000 | ---D | C] -- C:\Users\andrea\AppData\Roaming\Malwarebytes [2013.05.18 10:39:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes ========== Files - Modified Within 30 Days ========== [2013.06.07 15:40:22 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.07 15:28:09 | 000,000,435 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics [2013.06.07 15:27:51 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.07 15:27:40 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.07 15:27:40 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.07 15:27:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.07 15:27:26 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys [2013.06.06 19:13:55 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.06 15:28:09 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{929C5347-AE8B-4470-A617-D957BEE3A63C}.job [2013.06.06 13:32:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2013.06.05 11:33:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\andrea\Desktop\OTL.exe [2013.06.04 11:55:52 | 000,111,857 | ---- | M] () -- C:\Users\andrea\Desktop\Aufzeichnen.JPG [2013.06.03 17:01:10 | 003,715,248 | ---- | M] (Speedchecker Limited ) -- C:\Users\andrea\Documents\PCSUUpdate.exe [2013.06.03 14:07:53 | 000,055,088 | ---- | M] () -- C:\Users\andrea\Documents\PCSU_Update.exe [2013.06.03 14:06:07 | 002,086,240 | ---- | M] () -- C:\Users\andrea\Desktop\avira-free-antivirus.exe [2013.06.01 15:00:20 | 000,000,957 | ---- | M] () -- C:\Users\andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.05.31 10:36:05 | 000,008,831 | ---- | M] () -- C:\ProgramData\LUUnInstall.LiveUpdate [2013.05.31 10:30:58 | 000,000,862 | ---- | M] () -- C:\Windows\System32\InstallUtil.InstallLog [2013.05.30 10:37:42 | 000,000,904 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013.05.30 10:16:40 | 000,340,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.05.27 18:22:38 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.05.27 18:22:38 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.05.27 18:22:38 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.05.27 18:22:38 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.05.27 17:39:53 | 000,000,130 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013.05.27 17:00:54 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013.05.27 14:49:58 | 268,499,548 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.05.17 19:18:13 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2013.05.16 14:30:02 | 000,028,160 | ---- | M] () -- C:\Windows\System32\ImHttpComm.dll [2013.05.13 17:43:14 | 000,002,637 | ---- | M] () -- C:\Users\andrea\Desktop\Microsoft Office Word 2007.lnk ========== Files Created - No Company Name ========== [2013.06.04 11:55:52 | 000,111,857 | ---- | C] () -- C:\Users\andrea\Desktop\Aufzeichnen.JPG [2013.06.03 14:07:53 | 000,055,088 | ---- | C] () -- C:\Users\andrea\Documents\PCSU_Update.exe [2013.06.03 14:06:07 | 002,086,240 | ---- | C] () -- C:\Users\andrea\Desktop\avira-free-antivirus.exe [2013.05.31 09:39:39 | 000,000,862 | ---- | C] () -- C:\Windows\System32\InstallUtil.InstallLog [2013.05.30 10:37:42 | 000,000,904 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013.05.30 10:37:41 | 000,000,867 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk [2013.05.30 08:36:09 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk [2013.05.27 17:39:41 | 000,000,130 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013.05.27 10:51:54 | 000,028,160 | ---- | C] () -- C:\Windows\System32\ImHttpComm.dll [2011.09.21 17:10:43 | 000,000,016 | -H-- | C] () -- C:\ProgramData\mxfilerelatedcache.mxc2 [2009.12.19 14:27:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.11.04 15:06:04 | 000,008,831 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate [2009.01.17 15:57:07 | 000,007,268 | ---- | C] () -- C:\Users\andrea\AppData\Local\d3d9caps.dat [2008.03.21 19:10:47 | 000,000,016 | -H-- | C] () -- C:\Users\andrea\AppData\Roaming\mxfilerelatedcache.mxc2 [2008.03.13 13:11:06 | 000,000,258 | ---- | C] () -- C:\Users\andrea\AppData\Roaming\iPod Access v4 Prefs [2008.03.13 13:03:56 | 000,000,010 | -H-- | C] () -- C:\Users\andrea\AppData\Roaming\iPodAccess_Time [2008.03.02 17:35:54 | 000,000,016 | -H-- | C] () -- C:\Users\andrea\AppData\Local\mxfilerelatedcache.mxc2 [2008.03.02 17:35:34 | 000,000,016 | -H-- | C] () -- C:\Users\andrea\mxfilerelatedcache.mxc2 [2008.02.13 17:23:26 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2008.01.13 21:28:56 | 000,111,258 | ---- | C] () -- C:\ProgramData\firstlsp.reg.dat [2008.01.09 13:20:05 | 000,011,264 | ---- | C] () -- C:\Users\andrea\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 17:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 06:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.19 09:36:49 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.05.31 09:37:50 | 000,000,000 | ---D | M] -- C:\Users\andrea\AppData\Roaming\BabSolution [2013.05.31 09:37:09 | 000,000,000 | ---D | M] -- C:\Users\andrea\AppData\Roaming\Babylon [2008.01.15 14:10:38 | 000,000,000 | ---D | M] -- C:\Users\andrea\AppData\Roaming\DAEMON Tools Pro [2013.05.31 09:37:37 | 000,000,000 | ---D | M] -- C:\Users\andrea\AppData\Roaming\Delta [2008.03.16 15:05:57 | 000,000,000 | ---D | M] -- C:\Users\andrea\AppData\Roaming\DesktopSMS [2013.06.07 15:29:55 | 000,000,000 | ---D | M] -- C:\Users\andrea\AppData\Roaming\Dropbox [2011.09.16 15:04:10 | 000,000,000 | ---D | M] -- C:\Users\andrea\AppData\Roaming\DVDVideoSoft [2009.11.18 15:59:56 | 000,000,000 | ---D | M] -- C:\Users\andrea\AppData\Roaming\EPSON [2010.05.28 13:13:00 | 000,000,000 | ---D | M] -- C:\Users\andrea\AppData\Roaming\FocusDVD [2008.03.21 19:14:01 | 000,000,000 | ---D | M] -- C:\Users\andrea\AppData\Roaming\MAGIX [2008.02.14 16:11:56 | 000,000,000 | ---D | M] -- C:\Users\andrea\AppData\Roaming\Radmin [2008.03.16 15:09:26 | 000,000,000 | ---D | M] -- C:\Users\andrea\AppData\Roaming\Toshiba [2008.06.22 18:54:27 | 000,000,000 | ---D | M] -- C:\Users\andrea\AppData\Roaming\TrueCrypt [2008.01.15 13:33:12 | 000,000,000 | ---D | M] -- C:\Users\andrea\AppData\Roaming\TuneUp Software [2008.11.23 22:37:32 | 000,000,000 | ---D | M] -- C:\Users\andrea\AppData\Roaming\WEB.DE [2013.05.30 14:19:52 | 000,000,000 | ---D | M] -- C:\Users\andrea\AppData\Roaming\WinPatrol ========== Purity Check ========== < End of report > |
07.06.2013, 15:12 | #58 |
| Trojaner TR/Crypt.XPACK.Gen3 auf Laptop, wie entfernen? Jo, und mir erst! OTL hat mir jetzt nach zweimal ausprobieren immer nur Otl.txt ausgespuckt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 07.06.2013 15:34:56 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\andrea\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,07 Gb Available Physical Memory | 53,57% Memory free 4,23 Gb Paging File | 2,97 Gb Available in Paging File | 70,30% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 93,16 Gb Total Space | 21,84 Gb Free Space | 23,45% Space Free | Partition Type: NTFS Drive E: | 91,69 Gb Total Space | 71,56 Gb Free Space | 78,05% Space Free | Partition Type: NTFS Computer Name: ANDREA-PC | User Name: andrea | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.05 11:33:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\andrea\Desktop\OTL.exe PRC - [2013.05.25 02:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\andrea\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013.04.18 15:56:22 | 001,227,800 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psia.exe PRC - [2013.04.18 15:56:14 | 000,659,992 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\sua.exe PRC - [2013.04.18 15:56:10 | 000,563,224 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psi_tray.exe PRC - [2013.01.31 16:10:00 | 000,201,808 | ---- | M] (Somoto) -- C:\Programme\FilesFrog Update Checker\update_checker.exe PRC - [2009.02.26 18:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.10.24 18:42:29 | 000,068,865 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe PRC - [2008.10.24 18:42:25 | 000,151,297 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe PRC - [2008.05.15 21:24:20 | 000,929,792 | ---- | M] (Silicon Motion) -- C:\Programme\Silicon Motion\USB2.0 UVC WebCam\STIMON.exe PRC - [2008.01.29 17:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe PRC - [2008.01.19 09:33:30 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2007.09.26 11:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe PRC - [2007.06.13 07:11:00 | 004,489,216 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.06.07 13:30:40 | 000,192,512 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynToshiba.exe PRC - [2007.05.23 15:57:12 | 000,509,496 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\SmoothView\SmoothView.exe PRC - [2007.05.22 16:32:00 | 000,538,744 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe PRC - [2007.05.17 21:12:30 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe PRC - [2007.04.16 07:04:49 | 000,077,824 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Java\jre1.6.0\bin\jusched.exe PRC - [2007.03.29 10:39:00 | 000,427,576 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe PRC - [2007.03.29 10:39:00 | 000,411,192 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe PRC - [2007.02.12 14:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.02.12 14:37:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2006.11.14 22:02:36 | 001,372,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe PRC - [2006.11.14 21:19:42 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSwMgr.exe PRC - [2006.11.14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe PRC - [2006.11.06 17:14:44 | 000,034,352 | ---- | M] () -- C:\Programme\TOSHIBA\Utilities\KeNotify.exe PRC - [2006.10.05 13:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe PRC - [2006.05.25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe ========== Modules (No Company Name) ========== MOD - [2013.06.03 11:57:01 | 002,521,552 | ---- | M] () -- c:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll MOD - [2013.03.13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\andrea\AppData\Roaming\Dropbox\bin\libcef.dll MOD - [2012.11.14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\andrea\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll MOD - [2011.09.07 13:05:03 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll MOD - [2011.09.07 13:04:52 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll MOD - [2011.09.07 13:04:37 | 000,519,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\TCrdMain\d0df9e2668ffa3fbd9b3298e4bf9d690\TCrdMain.ni.exe MOD - [2011.09.07 12:36:58 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll MOD - [2011.09.07 12:36:30 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll MOD - [2011.09.07 12:36:16 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll MOD - [2011.09.07 12:35:47 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6bebfe5b7776c84cb38efdb2a7c9d447\PresentationFramework.Aero.ni.dll MOD - [2011.09.07 12:35:44 | 014,327,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\415ef2ec8cbd9f3368da6ade10beae26\PresentationFramework.ni.dll MOD - [2011.09.07 12:35:09 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\c1498ba4652483d5adddd4c5d3927170\PresentationCore.ni.dll MOD - [2011.09.07 12:34:50 | 003,313,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\29d729043903b7b4b2ea695db220d866\WindowsBase.ni.dll MOD - [2011.09.07 12:34:42 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll MOD - [2011.09.07 12:34:14 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll MOD - [2008.11.25 01:34:49 | 001,736,528 | ---- | M] () -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\wpfgfx_v0300.dll MOD - [2008.07.27 20:03:15 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll MOD - [2008.07.27 20:03:08 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2008.07.27 20:03:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2008.07.27 20:03:08 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2008.07.27 20:03:08 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2008.01.04 11:12:10 | 001,675,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2728.28937__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2008.01.04 11:12:10 | 000,360,448 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2728.29164__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll MOD - [2008.01.04 11:12:10 | 000,233,472 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2728.28895__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2008.01.04 11:12:10 | 000,184,320 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2728.28951__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2008.01.04 11:12:10 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2728.29157__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2008.01.04 11:12:10 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2728.28930__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2008.01.04 11:12:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Runtime\2.0.2728.28950__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Runtime.dll MOD - [2008.01.04 11:12:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2728.29051__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2008.01.04 11:12:10 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2728.28915__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2008.01.04 11:12:09 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2728.29192__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2008.01.04 11:12:09 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2728.29115__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2008.01.04 11:11:44 | 000,331,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2728.29124__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2008.01.04 11:11:44 | 000,139,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.2728.29185__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll MOD - [2008.01.04 11:11:44 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2728.29198__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2008.01.04 11:11:44 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2728.29131__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2008.01.04 11:11:44 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2728.28909__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2008.01.04 11:11:44 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2728.29123__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2008.01.04 11:11:44 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2728.29184__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll MOD - [2008.01.04 11:11:43 | 000,917,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.2728.29159__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll MOD - [2008.01.04 11:11:43 | 000,667,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2728.29061__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2008.01.04 11:11:43 | 000,585,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2728.28964__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2008.01.04 11:11:43 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2728.29052__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2008.01.04 11:11:43 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2728.28916__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll MOD - [2008.01.04 11:11:43 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2728.29145__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2008.01.04 11:11:43 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2728.29102__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll MOD - [2008.01.04 11:11:43 | 000,323,584 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.2728.29044__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2008.01.04 11:11:43 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2728.28971__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll MOD - [2008.01.04 11:11:43 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2728.28957__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2008.01.04 11:11:43 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2728.29082__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2008.01.04 11:11:43 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2728.29051__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2008.01.04 11:11:43 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2728.29059__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2008.01.04 11:11:43 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2728.28970__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2008.01.04 11:11:43 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2728.29059__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2008.01.04 11:11:43 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2728.29081__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2008.01.04 11:11:43 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2728.29102__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2008.01.04 11:11:42 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2665.42152__90ba9c70f846762e\CLI.Foundation.dll MOD - [2008.01.04 11:11:42 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2665.42162__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2008.01.04 11:11:42 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2008.01.04 11:11:42 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2665.42149__90ba9c70f846762e\LOG.Foundation.dll MOD - [2008.01.04 11:11:42 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2665.42240__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2008.01.04 11:11:42 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2665.42151__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2008.01.04 11:11:42 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2665.42178__90ba9c70f846762e\DEM.OS.I0602.dll MOD - [2008.01.04 11:11:42 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2665.42166__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2008.01.04 11:11:42 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2665.42161__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2008.01.04 11:11:42 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2665.42156__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2008.01.04 11:11:42 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2665.42157__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2008.01.04 11:11:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2665.42168__90ba9c70f846762e\MOM.Foundation.dll MOD - [2008.01.04 11:11:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2665.42177__90ba9c70f846762e\DEM.OS.dll MOD - [2008.01.04 11:11:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2665.42179__90ba9c70f846762e\DEM.Graphics.dll MOD - [2008.01.04 11:11:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2008.01.04 11:11:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2665.42164__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2008.01.04 11:11:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2665.42181__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2008.01.04 11:11:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2665.42180__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2008.01.04 11:11:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2665.42187__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2008.01.04 11:11:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2665.42196__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2008.01.04 11:11:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2665.42166__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2008.01.04 11:11:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2665.42196__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2008.01.04 11:11:42 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2008.01.04 11:11:41 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2665.42187__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2008.01.04 11:11:41 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Shared\2.0.2665.42182__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Shared.dll MOD - [2008.01.04 11:11:41 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2665.42184__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2008.01.04 11:11:41 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2665.42186__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2008.01.04 11:11:41 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2665.42198__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2008.01.04 11:11:41 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2665.42184__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2008.01.04 11:11:41 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2665.42186__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2008.01.04 11:11:41 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2665.42184__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2008.01.04 11:11:41 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2665.42182__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2008.01.04 11:11:41 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2665.42167__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2008.01.04 11:11:41 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2665.42180__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2008.01.04 11:11:41 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2665.42197__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll MOD - [2008.01.04 11:11:41 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2665.42185__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2008.01.04 11:11:41 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2665.42166__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2008.01.04 11:11:41 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2665.42187__90ba9c70f846762e\APM.Foundation.dll MOD - [2008.01.04 11:11:41 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2665.42150__90ba9c70f846762e\AEM.Foundation.dll MOD - [2008.01.04 11:11:41 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll MOD - [2008.01.04 11:11:41 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2665.42181__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2008.01.04 11:11:41 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2665.42160__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2008.01.04 11:11:36 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.2728.29169_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll MOD - [2008.01.04 11:11:35 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2728.29220__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2008.01.04 11:11:35 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2728.28892__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2008.01.04 11:11:34 | 001,503,232 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2728.28903__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2008.01.04 11:11:34 | 000,466,944 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2728.28924__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2008.01.04 11:11:34 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2728.29169__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2008.01.04 11:11:34 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2728.29178__90ba9c70f846762e\MOM.Implementation.dll MOD - [2008.01.04 11:11:34 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2728.28894__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2008.01.04 11:11:34 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2728.29176__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2008.01.04 11:11:34 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2728.28894__90ba9c70f846762e\ATIDEMOS.dll MOD - [2008.01.04 11:11:34 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2728.28893__90ba9c70f846762e\AEM.Server.dll MOD - [2008.01.04 11:11:34 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2665.42165__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2008.01.04 11:11:34 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2665.42160__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2008.01.04 11:11:34 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2665.42158__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2008.01.04 11:11:34 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2728.29177__90ba9c70f846762e\CCC.Implementation.dll MOD - [2008.01.04 11:11:34 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2008.01.04 11:11:34 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2665.42196__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2008.01.04 11:11:34 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2665.42169__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2008.01.04 11:11:34 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2665.42154__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2008.01.04 11:11:34 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2665.42167__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2008.01.04 11:11:34 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2665.42188__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2007.09.20 19:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2007.06.21 11:27:32 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll MOD - [2007.05.31 16:38:22 | 000,958,464 | ---- | M] () -- C:\Programme\TOSHIBA\FlashCards\de\TCrdMain.resources.dll MOD - [2007.05.31 11:12:32 | 000,016,384 | R--- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll MOD - [2007.04.23 10:38:08 | 000,009,216 | ---- | M] () -- C:\Programme\TOSHIBA\ConfigFree\NotifyCFF.dll MOD - [2006.12.01 18:55:42 | 000,009,216 | ---- | M] () -- C:\Programme\TOSHIBA\TBS\NotifyTBS.dll MOD - [2006.11.09 18:27:06 | 000,090,112 | ---- | M] () -- C:\Programme\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll MOD - [2006.11.08 19:08:30 | 000,009,216 | ---- | M] () -- C:\Programme\TOSHIBA\PCDiag\NotifyPCD.dll MOD - [2006.11.06 17:14:44 | 000,034,352 | ---- | M] () -- C:\Programme\TOSHIBA\Utilities\KeNotify.exe MOD - [2006.10.10 11:44:16 | 000,009,728 | ---- | M] () -- C:\Programme\TOSHIBA\TOSHIBA Assist\NotifyX.dll MOD - [2006.10.07 12:57:04 | 000,053,248 | ---- | M] () -- C:\Programme\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (LiveUpdate Notice Ex) SRV - File not found [Auto | Stopped] -- C:\Program Files\AntiVir PersonalEdition Premium\avesvc.exe -- (AVEService) SRV - File not found [Auto | Stopped] -- C:\Program Files\AntiVir PersonalEdition Premium\avmailc.exe -- (AntiVirMailService) SRV - [2013.05.27 11:48:01 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.17 13:42:41 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.04.18 15:56:22 | 001,227,800 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\psia.exe -- (Secunia PSI Agent) SRV - [2013.04.18 15:56:14 | 000,659,992 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2009.02.26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2008.10.24 18:42:29 | 000,068,865 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler) SRV - [2008.10.24 18:42:25 | 000,151,297 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService) SRV - [2008.01.29 17:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service) SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.15 13:33:07 | 000,306,432 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2007.09.26 11:53:56 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate) SRV - [2007.09.26 11:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler) SRV - [2007.09.04 12:59:02 | 000,029,704 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2007.05.17 21:12:30 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv) SRV - [2007.03.29 10:39:00 | 000,427,576 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV - [2007.02.12 14:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2006.11.14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.10.05 13:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) SRV - [2006.05.25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv) SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\TpChoice.sys -- (TpChoice) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Tosrfcom) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\igdkmd32.sys -- (igfx) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\andrea\AppData\Local\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - File not found [File_System | Boot | Stopped] -- SYSTEM32\drivers\avgntmgr.sys -- (avgntmgr) DRV - File not found [File_System | System | Stopped] -- SYSTEM32\DRIVERS\avgntdd.sys -- (avgntdd) DRV - [2013.04.18 15:55:52 | 000,016,024 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf_x86.sys -- (PSI) DRV - [2009.05.27 16:28:18 | 000,075,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.05.27 16:28:16 | 000,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt) DRV - [2009.05.27 16:28:14 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio) DRV - [2008.04.17 10:20:34 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.01.15 14:00:27 | 000,223,128 | ---- | M] (DT Soft Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dtscsi.sys -- (dtscsi) DRV - [2008.01.15 12:55:40 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2007.06.21 11:36:32 | 002,600,960 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2007.04.30 07:42:14 | 000,081,408 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007.04.27 21:13:58 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32) DRV - [2007.04.26 22:09:38 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) DRV - [2007.03.06 15:01:04 | 000,014,848 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\CplIR.sys -- (CplIR) DRV - [2007.01.24 14:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21) DRV - [2007.01.18 16:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N) DRV - [2007.01.18 16:40:56 | 000,219,392 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I) DRV - [2006.11.28 16:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006.11.02 09:30:52 | 000,467,456 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2006.10.23 16:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec) DRV - [2006.10.18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst) DRV - [2006.10.05 22:22:14 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ) DRV - [2006.07.28 16:25:26 | 000,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\LPCFilter.sys -- (LPCFilter) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = Bing IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = Delta Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Upgrade to Google Chrome IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.search.useDBForOrder: "" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_45: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.29 18:40:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.30 08:36:09 | 000,000,000 | ---D | M] [2008.08.28 11:51:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\andrea\AppData\Roaming\mozilla\Extensions [2013.05.31 12:38:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\andrea\AppData\Roaming\mozilla\Firefox\Profiles\4jlhvzgi.default\extensions [2013.05.27 23:37:21 | 000,001,050 | ---- | M] () -- C:\Users\andrea\AppData\Roaming\mozilla\firefox\profiles\4jlhvzgi.default\searchplugins\11-suche.xml [2013.05.27 10:53:09 | 000,002,418 | ---- | M] () -- C:\Users\andrea\AppData\Roaming\mozilla\firefox\profiles\4jlhvzgi.default\searchplugins\englische-ergebnisse.xml [2013.05.27 10:53:09 | 000,010,701 | ---- | M] () -- C:\Users\andrea\AppData\Roaming\mozilla\firefox\profiles\4jlhvzgi.default\searchplugins\gmx-suche.xml [2013.05.27 10:53:09 | 000,002,432 | ---- | M] () -- C:\Users\andrea\AppData\Roaming\mozilla\firefox\profiles\4jlhvzgi.default\searchplugins\lastminute.xml [2013.05.27 10:53:09 | 000,005,682 | ---- | M] () -- C:\Users\andrea\AppData\Roaming\mozilla\firefox\profiles\4jlhvzgi.default\searchplugins\webde-suche.xml [2013.05.31 11:10:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.05.29 18:30:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} [2013.05.27 11:48:02 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions [2013.05.27 11:48:02 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ========== Chrome ========== CHR - homepage: CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: CHR - Extension: No name found = C:\Users\andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\6.21.4.1\ O1 HOSTS File: ([2013.05.27 17:00:54 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [KeNotify] C:\Programme\TOSHIBA\Utilities\KeNotify.exe () O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA) O4 - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [UnlockerAssistant] "C:\Users\andrea\Desktop\Unlocker\UnlockerAssistant.exe" File not found O4 - HKCU..\Run: [SDP] C:\Program Files\FilesFrog Update Checker\update_checker.exe (Somoto) O4 - Startup: C:\Users\andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\andrea\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPath = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Free YouTube Download - C:\Users\andrea\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\andrea\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - Preispiraten.de - Preisvergleich File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab (Java Plug-in 1.6.0_45) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab (Java Plug-in 1.6.0_45) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab (Java Plug-in 1.6.0_45) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00CCAFB6-0F5C-4CEF-8F4E-1470B893D116}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll () O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - File not found O24 - Desktop WallPaper: C:\Users\andrea\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\andrea\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.06.05 14:19:46 | 000,000,000 | ---D | C] -- C:\_OTL [2013.06.05 11:33:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\andrea\Desktop\OTL.exe [2013.06.03 17:01:10 | 003,715,248 | ---- | C] (Speedchecker Limited ) -- C:\Users\andrea\Documents\PCSUUpdate.exe [2013.06.03 14:07:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.06.03 14:06:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.05.31 13:11:41 | 000,000,000 | ---D | C] -- C:\Users\andrea\Documents\Bafög Uni Osnabrück [2013.05.31 13:08:55 | 000,000,000 | ---D | C] -- C:\Users\andrea\Documents\Band [2013.05.31 09:37:55 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect [2013.05.31 09:37:44 | 000,000,000 | ---D | C] -- C:\Users\andrea\AppData\Roaming\BabSolution [2013.05.31 09:37:40 | 000,000,000 | ---D | C] -- C:\Program Files\Delta [2013.05.31 09:37:37 | 000,000,000 | ---D | C] -- C:\Users\andrea\AppData\Roaming\Delta [2013.05.31 09:37:09 | 000,000,000 | ---D | C] -- C:\Users\andrea\AppData\Roaming\Babylon [2013.05.31 09:37:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2013.05.30 14:24:41 | 000,000,000 | ---D | C] -- C:\Users\andrea\AppData\Local\APN [2013.05.30 14:24:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask [2013.05.30 14:19:52 | 000,000,000 | ---D | C] -- C:\Users\andrea\AppData\Roaming\WinPatrol [2013.05.30 14:12:52 | 000,000,000 | ---D | C] -- C:\Users\andrea\Desktop\PC Schutz [2013.05.30 14:09:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.05.30 14:09:55 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.05.30 14:09:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.05.30 09:19:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2013.05.30 09:19:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft [2013.05.30 08:35:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2013.05.29 18:39:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2013.05.29 18:38:59 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2013.05.29 18:36:01 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2013.05.29 18:09:29 | 000,000,000 | ---D | C] -- C:\Users\andrea\AppData\Local\WindowsUpdate [2013.05.29 18:07:27 | 000,000,000 | ---D | C] -- C:\Users\andrea\AppData\Local\Secunia PSI [2013.05.29 18:07:17 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia [2013.05.29 16:56:13 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.05.29 16:29:50 | 000,000,000 | ---D | C] -- C:\Users\andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker [2013.05.29 16:29:50 | 000,000,000 | ---D | C] -- C:\Program Files\FilesFrog Update Checker [2013.05.27 17:50:16 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.05.27 16:45:03 | 000,000,000 | R--D | C] -- C:\Users\andrea\Desktop\Pictures [2013.05.27 16:44:27 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.05.27 11:47:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.05.27 10:53:05 | 000,000,000 | ---D | C] -- C:\Users\andrea\Local Settings [2013.05.27 10:53:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2013.05.27 10:53:03 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2013.05.27 10:51:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\jmdp [2013.05.27 10:51:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\ARFC [2013.05.18 10:40:14 | 000,000,000 | ---D | C] -- C:\Users\andrea\AppData\Roaming\Malwarebytes [2013.05.18 10:39:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes ========== Files - Modified Within 30 Days ========== [2013.06.07 15:40:22 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.07 15:28:09 | 000,000,435 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics [2013.06.07 15:27:51 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.07 15:27:40 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.07 15:27:40 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.07 15:27:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.07 15:27:26 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys [2013.06.06 19:13:55 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.06 15:28:09 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{929C5347-AE8B-4470-A617-D957BEE3A63C}.job [2013.06.06 13:32:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2013.06.05 11:33:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\andrea\Desktop\OTL.exe [2013.06.04 11:55:52 | 000,111,857 | ---- | M] () -- C:\Users\andrea\Desktop\Aufzeichnen.JPG [2013.06.03 17:01:10 | 003,715,248 | ---- | M] (Speedchecker Limited ) -- C:\Users\andrea\Documents\PCSUUpdate.exe [2013.06.03 14:07:53 | 000,055,088 | ---- | M] () -- C:\Users\andrea\Documents\PCSU_Update.exe [2013.06.03 14:06:07 | 002,086,240 | ---- | M] () -- C:\Users\andrea\Desktop\avira-free-antivirus.exe [2013.06.01 15:00:20 | 000,000,957 | ---- | M] () -- C:\Users\andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.05.31 10:36:05 | 000,008,831 | ---- | M] () -- C:\ProgramData\LUUnInstall.LiveUpdate [2013.05.31 10:30:58 | 000,000,862 | ---- | M] () -- C:\Windows\System32\InstallUtil.InstallLog [2013.05.30 10:37:42 | 000,000,904 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013.05.30 10:16:40 | 000,340,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.05.27 18:22:38 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.05.27 18:22:38 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.05.27 18:22:38 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.05.27 18:22:38 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.05.27 17:39:53 | 000,000,130 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013.05.27 17:00:54 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013.05.27 14:49:58 | 268,499,548 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.05.17 19:18:13 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2013.05.16 14:30:02 | 000,028,160 | ---- | M] () -- C:\Windows\System32\ImHttpComm.dll [2013.05.13 17:43:14 | 000,002,637 | ---- | M] () -- C:\Users\andrea\Desktop\Microsoft Office Word 2007.lnk ========== Files Created - No Company Name ========== [2013.06.04 11:55:52 | 000,111,857 | ---- | C] () -- C:\Users\andrea\Desktop\Aufzeichnen.JPG [2013.06.03 14:07:53 | 000,055,088 | ---- | C] () -- C:\Users\andrea\Documents\PCSU_Update.exe [2013.06.03 14:06:07 | 002,086,240 | ---- | C] () -- C:\Users\andrea\Desktop\avira-free-antivirus.exe [2013.05.31 09:39:39 | 000,000,862 | ---- | C] () -- C:\Windows\System32\InstallUtil.InstallLog [2013.05.30 10:37:42 | 000,000,904 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013.05.30 10:37:41 | 000,000,867 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk [2013.05.30 08:36:09 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk [2013.05.27 17:39:41 | 000,000,130 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013.05.27 10:51:54 | 000,028,160 | ---- | C] () -- C:\Windows\System32\ImHttpComm.dll [2011.09.21 17:10:43 | 000,000,016 | -H-- | C] () -- C:\ProgramData\mxfilerelatedcache.mxc2 [2009.12.19 14:27:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.11.04 15:06:04 | 000,008,831 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate [2009.01.17 15:57:07 | 000,007,268 | ---- | C] () -- C:\Users\andrea\AppData\Local\d3d9caps.dat [2008.03.21 19:10:47 | 000,000,016 | -H-- | C] () -- C:\Users\andrea\AppData\Roaming\mxfilerelatedcache.mxc2 [2008.03.13 13:11:06 | 000,000,258 | ---- | C] () -- C:\Users\andrea\AppData\Roaming\iPod Access v4 Prefs [2008.03.13 13:03:56 | 000,000,010 | -H-- | C] () -- C:\Users\andrea\AppData\Roaming\iPodAccess_Time [2008.03.02 17:35:54 | 000,000,016 | -H-- | C] () -- C:\Users\andrea\AppData\Local\mxfilerelatedcache.mxc2 [2008.03.02 17:35:34 | 000,000,016 | -H-- | C] () -- C:\Users\andrea\mxfilerelatedcache.mxc2 [2008.02.13 17:23:26 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2008.01.13 21:28:56 | 000,111,258 | ---- | C] () -- C:\ProgramData\firstlsp.reg.dat [2008.01.09 13:20:05 | 000,011,264 | ---- | C] () -- C:\Users\andrea\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 17:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 06:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.19 09:36:49 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.05.31 09:37:50 | 000,000,000 | ---D | M] -- C:\Users\andrea\AppData\Roaming\BabSolution [2013.05.31 09:37:09 | 000,000,000 | ---D | M] -- C:\Users\andrea\AppData\Roaming\Babylon [2008.01.15 14:10:38 | 000,000,000 | ---D | M] -- C:\Users\andrea\AppData\Roaming\DAEMON Tools Pro [2013.05.31 09:37:37 | 000,000,000 | ---D | M] -- C:\Users\andrea\AppData\Roaming\Delta [2008.03.16 15:05:57 | 000,000,000 | ---D | M] -- C:\Users\andrea\AppData\Roaming\DesktopSMS [2013.06.07 15:29:55 | 000,000,000 | ---D | M] -- C:\Users\andrea\AppData\Roaming\Dropbox [2011.09.16 15:04:10 | 000,000,000 | ---D | M] -- C:\Users\andrea\AppData\Roaming\DVDVideoSoft [2009.11.18 15:59:56 | 000,000,000 | ---D | M] -- C:\Users\andrea\AppData\Roaming\EPSON [2010.05.28 13:13:00 | 000,000,000 | ---D | M] -- C:\Users\andrea\AppData\Roaming\FocusDVD [2008.03.21 19:14:01 | 000,000,000 | ---D | M] -- C:\Users\andrea\AppData\Roaming\MAGIX [2008.02.14 16:11:56 | 000,000,000 | ---D | M] -- C:\Users\andrea\AppData\Roaming\Radmin [2008.03.16 15:09:26 | 000,000,000 | ---D | M] -- C:\Users\andrea\AppData\Roaming\Toshiba [2008.06.22 18:54:27 | 000,000,000 | ---D | M] -- C:\Users\andrea\AppData\Roaming\TrueCrypt [2008.01.15 13:33:12 | 000,000,000 | ---D | M] -- C:\Users\andrea\AppData\Roaming\TuneUp Software [2008.11.23 22:37:32 | 000,000,000 | ---D | M] -- C:\Users\andrea\AppData\Roaming\WEB.DE [2013.05.30 14:19:52 | 000,000,000 | ---D | M] -- C:\Users\andrea\AppData\Roaming\WinPatrol ========== Purity Check ========== < End of report > |
07.06.2013, 17:45 | #59 |
/// the machine /// TB-Ausbilder | Trojaner TR/Crypt.XPACK.Gen3 auf Laptop, wie entfernen? Dad machen wir jetzt anders Systemscan mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
08.06.2013, 07:52 | #60 |
| Trojaner TR/Crypt.XPACK.Gen3 auf Laptop, wie entfernen? FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-06-2013 02 Ran by andrea (administrator) on 08-06-2013 08:46:11 Running from C:\Users\andrea\Desktop Windows Vista (TM) Home Premium Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 7 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe (Avira GmbH) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Agere Systems) C:\Windows\system32\agrsmsvc.exe (Avira GmbH) C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Symantec Corporation) C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Secunia) C:\Program Files\Secunia\PSI\PSIA.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Secunia) C:\Program Files\Secunia\PSI\sua.exe () C:\Program Files\TOSHIBA\Utilities\KeNotify.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0\bin\jusched.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynToshiba.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Somoto) C:\Program Files\FilesFrog Update Checker\update_checker.exe (Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe (Silicon Motion) C:\Program Files\Silicon Motion\USB2.0 UVC WebCam\STIMON.exe (Dropbox, Inc.) C:\Users\andrea\AppData\Roaming\Dropbox\bin\Dropbox.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\system32\wuauclt.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe (Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [34352 2006-11-06] () HKLM\...\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL [438272 2006-03-22] (TOSHIBA) HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x] HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [411192 2007-03-29] (TOSHIBA Corporation) HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [55416 2006-12-07] (TOSHIBA Corporation) HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [509496 2007-05-23] (TOSHIBA Corporation) HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [538744 2007-05-22] (TOSHIBA Corporation) HKLM\...\Run: [NDSTray.exe] NDSTray.exe [x] HKLM\...\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] () HKLM\...\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [174872 2007-02-12] (Intel Corporation) HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [894512 2007-06-08] (Synaptics, Inc.) HKLM\...\Run: [Skytel] Skytel.exe [x] HKLM\...\Run: [UnlockerAssistant] "C:\Users\andrea\Desktop\Unlocker\UnlockerAssistant.exe" [x] HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [77824 2007-04-16] (Sun Microsystems, Inc.) HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.) HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-01-03] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated) HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation) Winlogon\Notify\igfxcui: igfxdev.dll [X] HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1233920 2008-01-19] (Microsoft Corporation) HKCU\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation) HKCU\...\Run: [SDP] C:\Program Files\FilesFrog Update Checker\update_checker.exe /auto [201808 2013-01-31] (Somoto) HKU\Default\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2006-11-13] (TOSHIBA) HKU\Default User\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2006-11-13] (TOSHIBA) Startup: C:\ProgramData\Start Menu\Programs\Startup\Secunia PSI Tray.lnk ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia) Startup: C:\ProgramData\Start Menu\Programs\Startup\STIMON.lnk ShortcutTarget: STIMON.lnk -> C:\Program Files\Silicon Motion\USB2.0 UVC WebCam\STIMON.exe (Silicon Motion) Startup: C:\Users\andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\andrea\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Sign In HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKCU SearchScopes: DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Toolbar: HKCU -No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\andrea\AppData\Roaming\Mozilla\Firefox\Profiles\4jlhvzgi.default FF SearchEngine: user_pref("browser.search.selectedEngine", ""); FF Homepage: hxxp://www.google.de/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=1.6.0_45 - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) Chrome: ======= CHR Extension: (Iminent) - C:\Users\andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\6.21.4.1 ========================== Services (Whitelisted) ================= R2 AntiVirScheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [68865 2008-10-24] (Avira GmbH) R2 AntiVirService; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [151297 2008-10-24] (Avira GmbH) R2 Automatisches LiveUpdate - Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [554352 2007-09-26] (Symantec Corporation) S3 FirebirdServerMAGIXInstance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) S2 gupdate1c9e6e4bfd02130; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-06-06] (Google Inc.) S3 LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2999664 2007-09-26] (Symantec Corporation) R2 LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll [537992 2008-04-10] (Symantec Corporation) R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1227800 2013-04-18] (Secunia) R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [659992 2013-04-18] (Secunia) S3 TuneUp.Defrag; C:\Windows\System32\TuneUpDefragService.exe [306432 2008-01-15] (TuneUp Software GmbH) R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) S2 AntiVirMailService; C:\Program Files\AntiVir PersonalEdition Premium\avmailc.exe [x] S2 AVEService; C:\Program Files\AntiVir PersonalEdition Premium\avesvc.exe [x] S2 LiveUpdate Notice Ex; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [x] S2 TOSHIBA Bluetooth Service; c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [x] ==================== Drivers (Whitelisted) ==================== R1 avgio; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [11608 2009-05-27] (Avira GmbH) R3 avgntflt; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [52056 2009-05-27] (Avira GmbH) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [75096 2009-05-27] (Avira GmbH) R0 CplIR; C:\Windows\System32\DRIVERS\CplIR.SYS [14848 2007-03-06] (COMPAL ELECTRONIC INC.) S3 dtscsi; C:\Windows\System32\Drivers\dtscsi.sys [223128 2008-01-15] (DT Soft Ltd.) R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [19456 2006-07-28] (COMPAL ELECTRONIC INC.) R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-04-18] (Secunia) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [685816 2008-01-15] () R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [21248 2008-04-17] (AVIRA GmbH) S1 avgntdd; SYSTEM32\DRIVERS\avgntdd.sys [x] S0 avgntmgr; SYSTEM32\drivers\avgntmgr.sys [x] S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x] S3 catchme; \??\C:\Users\andrea\AppData\Local\Temp\catchme.sys [x] S3 igfx; system32\DRIVERS\igdkmd32.sys [x] S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] S3 Tosrfcom; No ImagePath S3 TpChoice; system32\DRIVERS\TpChoice.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-06-08 08:45 - 2013-06-08 08:45 - 01358671 ____A (Farbar) C:\Users\andrea\Desktop\FRST.exe 2013-06-08 08:45 - 2013-06-08 08:45 - 00000000 ____D C:\FRST 2013-06-07 15:53 - 2013-06-07 15:53 - 00124392 ____A C:\Users\andrea\Desktop\OTL.Txt 2013-06-05 14:19 - 2013-06-05 14:19 - 00000000 ____D C:\_OTL 2013-06-05 11:33 - 2013-06-05 11:33 - 00602112 ____A (OldTimer Tools) C:\Users\andrea\Desktop\OTL.exe 2013-06-03 17:01 - 2013-06-03 17:01 - 03715248 ____A (Speedchecker Limited ) C:\Users\andrea\Documents\PCSUUpdate.exe 2013-06-03 14:07 - 2013-06-03 14:07 - 00055088 ____A C:\Users\andrea\Documents\PCSU_Update.exe 2013-06-03 14:06 - 2013-06-04 21:39 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-06-03 14:06 - 2013-06-03 14:06 - 02086240 ____A C:\Users\andrea\Desktop\avira-free-antivirus.exe 2013-06-01 10:04 - 2013-06-01 10:04 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help 2013-06-01 10:04 - 2013-06-01 10:04 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help 2013-05-31 13:11 - 2013-05-31 13:12 - 00000000 ____D C:\Users\andrea\Documents\Bafög Uni Osnabrück 2013-05-31 13:08 - 2013-05-31 13:09 - 00000000 ____D C:\Users\andrea\Documents\Band 2013-05-31 09:39 - 2013-05-31 10:30 - 00000862 ____A C:\Windows\System32\InstallUtil.InstallLog 2013-05-31 09:37 - 2013-06-04 21:39 - 00000000 ____D C:\ProgramData\BrowserProtect 2013-05-31 09:37 - 2013-05-31 09:37 - 00000000 ____D C:\Users\andrea\AppData\Roaming\Delta 2013-05-31 09:37 - 2013-05-31 09:37 - 00000000 ____D C:\Users\andrea\AppData\Roaming\Babylon 2013-05-31 09:37 - 2013-05-31 09:37 - 00000000 ____D C:\Users\andrea\AppData\Roaming\BabSolution 2013-05-31 09:37 - 2013-05-31 09:37 - 00000000 ____D C:\ProgramData\Babylon 2013-05-31 09:37 - 2013-05-31 09:37 - 00000000 ____D C:\Program Files\Delta 2013-05-30 14:24 - 2013-05-30 14:24 - 00000000 ____D C:\Users\andrea\AppData\Local\APN 2013-05-30 14:24 - 2013-05-30 14:24 - 00000000 ____D C:\ProgramData\Ask 2013-05-30 14:19 - 2013-05-30 14:19 - 00000000 ____D C:\Users\andrea\AppData\Roaming\WinPatrol 2013-05-30 14:12 - 2013-05-31 13:17 - 00000000 ____D C:\Users\andrea\Desktop\PC Schutz 2013-05-30 14:09 - 2013-05-30 14:09 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-05-30 14:09 - 2013-04-04 14:50 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2013-05-30 08:35 - 2013-05-30 08:36 - 00000000 ____D C:\Program Files\Common Files\Adobe 2013-05-29 18:38 - 2013-05-29 18:40 - 00000000 ____D C:\Program Files\QuickTime 2013-05-29 18:36 - 2013-05-29 18:36 - 00000000 ____D C:\Program Files\Bonjour 2013-05-29 18:30 - 2013-05-29 18:30 - 00477616 ____A (Sun Microsystems, Inc.) C:\Windows\System32\npdeployJava1.dll 2013-05-29 18:30 - 2013-05-29 18:30 - 00162224 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe 2013-05-29 18:30 - 2013-05-29 18:30 - 00149936 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe 2013-05-29 18:30 - 2013-05-29 18:30 - 00149936 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe 2013-05-29 18:09 - 2013-05-29 18:09 - 00000000 ____D C:\Users\andrea\AppData\Local\WindowsUpdate 2013-05-29 18:07 - 2013-05-29 18:07 - 00000000 ____D C:\Users\andrea\AppData\Local\Secunia PSI 2013-05-29 18:07 - 2013-05-29 18:07 - 00000000 ____D C:\Program Files\Secunia 2013-05-29 17:47 - 2013-05-29 17:48 - 00001789 ____A C:\DelFix.txt 2013-05-29 16:29 - 2013-05-29 16:29 - 00000000 ____D C:\Program Files\FilesFrog Update Checker 2013-05-27 17:50 - 2013-05-29 17:47 - 00000000 ____D C:\Windows\ERUNT 2013-05-27 17:39 - 2013-05-27 17:39 - 00000130 ____A C:\Windows\DeleteOnReboot.bat 2013-05-27 16:44 - 2013-05-27 17:02 - 00000000 ____D C:\Windows\erdnt 2013-05-27 14:50 - 2013-05-27 14:50 - 00138720 ____A C:\Windows\Minidump\Mini052713-01.dmp 2013-05-27 11:47 - 2013-05-31 09:38 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-05-27 10:53 - 2013-05-27 10:53 - 00000000 ____D C:\Program Files\7-Zip 2013-05-27 10:51 - 2013-05-27 10:52 - 00000000 ____D C:\Windows\System32\jmdp 2013-05-27 10:51 - 2013-05-27 10:51 - 00000000 ____D C:\Windows\System32\ARFC 2013-05-27 10:51 - 2013-05-16 14:30 - 00028160 ____A C:\Windows\System32\ImHttpComm.dll 2013-05-27 10:51 - 2013-05-16 14:02 - 00632656 ____A (Microsoft Corporation) C:\Windows\System32\msvcr80.dll 2013-05-27 10:51 - 2013-05-16 14:02 - 00554832 ____A (Microsoft Corporation) C:\Windows\System32\msvcp80.dll 2013-05-27 10:51 - 2013-05-16 14:02 - 00479232 ____A (Microsoft Corporation) C:\Windows\System32\msvcm80.dll 2013-05-27 10:51 - 2013-05-16 14:02 - 00001870 ____A C:\Windows\System32\Microsoft.VC80.CRT.manifest 2013-05-18 10:40 - 2013-05-18 10:40 - 00000000 ____D C:\Users\andrea\AppData\Roaming\Malwarebytes 2013-05-18 10:39 - 2013-05-18 10:39 - 00000000 ____D C:\ProgramData\Malwarebytes ==================== One Month Modified Files and Folders ======== 2013-06-08 08:45 - 2013-06-08 08:45 - 01358671 ____A (Farbar) C:\Users\andrea\Desktop\FRST.exe 2013-06-08 08:45 - 2013-06-08 08:45 - 00000000 ____D C:\FRST 2013-06-08 08:42 - 2006-11-02 14:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-06-08 08:42 - 2006-11-02 14:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-06-08 08:40 - 2012-04-24 17:32 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-06-08 08:36 - 2008-01-04 11:10 - 01416451 ____A C:\Windows\WindowsUpdate.log 2013-06-08 08:30 - 2008-01-04 12:43 - 00000420 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{929C5347-AE8B-4470-A617-D957BEE3A63C}.job 2013-06-08 08:29 - 2009-11-04 14:36 - 00000000 ___RD C:\Users\andrea\Documents\My Dropbox 2013-06-08 08:29 - 2009-11-04 14:34 - 00000000 ____D C:\Users\andrea\AppData\Roaming\Dropbox 2013-06-08 08:26 - 2009-07-02 16:11 - 00001094 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-06-08 08:24 - 2008-04-16 12:59 - 00000435 ____A C:\Windows\System32\Drivers\etc\hosts.ics 2013-06-08 08:24 - 2006-11-02 15:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-06-07 16:13 - 2006-11-02 15:01 - 00032562 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-06-07 16:08 - 2009-07-02 16:11 - 00001098 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-06-07 15:53 - 2013-06-07 15:53 - 00124392 ____A C:\Users\andrea\Desktop\OTL.Txt 2013-06-06 13:32 - 2009-06-06 22:23 - 00001052 ____A C:\Windows\Tasks\Google Software Updater.job 2013-06-05 14:19 - 2013-06-05 14:19 - 00000000 ____D C:\_OTL 2013-06-05 11:33 - 2013-06-05 11:33 - 00602112 ____A (OldTimer Tools) C:\Users\andrea\Desktop\OTL.exe 2013-06-05 11:30 - 2006-11-02 12:24 - 72607752 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe 2013-06-04 21:39 - 2013-06-03 14:06 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-06-04 21:39 - 2013-05-31 09:37 - 00000000 ____D C:\ProgramData\BrowserProtect 2013-06-04 21:39 - 2008-04-17 17:57 - 01347526 ____A C:\Windows\PFRO.log 2013-06-03 17:01 - 2013-06-03 17:01 - 03715248 ____A (Speedchecker Limited ) C:\Users\andrea\Documents\PCSUUpdate.exe 2013-06-03 14:07 - 2013-06-03 14:07 - 00055088 ____A C:\Users\andrea\Documents\PCSU_Update.exe 2013-06-03 14:06 - 2013-06-03 14:06 - 02086240 ____A C:\Users\andrea\Desktop\avira-free-antivirus.exe 2013-06-01 16:46 - 2011-07-14 12:23 - 00000000 ____D C:\Users\andrea\AppData\Roaming\vlc 2013-06-01 10:10 - 2008-11-16 16:14 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-06-01 10:04 - 2013-06-01 10:04 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help 2013-06-01 10:04 - 2013-06-01 10:04 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help 2013-05-31 13:52 - 2011-09-19 17:14 - 00000000 ____D C:\Users\andrea\Desktop\Programme 2013-05-31 13:17 - 2013-05-30 14:12 - 00000000 ____D C:\Users\andrea\Desktop\PC Schutz 2013-05-31 13:14 - 2010-11-07 14:02 - 00000000 ____D C:\Users\andrea\Documents\Uni 2013-05-31 13:12 - 2013-05-31 13:11 - 00000000 ____D C:\Users\andrea\Documents\Bafög Uni Osnabrück 2013-05-31 13:09 - 2013-05-31 13:08 - 00000000 ____D C:\Users\andrea\Documents\Band 2013-05-31 13:07 - 2011-09-19 15:55 - 00000000 ____D C:\Users\andrea\Documents\Sportpsychologie 2013-05-31 12:59 - 2009-07-14 21:29 - 00000000 ____D C:\Users\andrea\Documents\Bergsteigen 2009 2013-05-31 12:56 - 2011-01-06 01:53 - 00000000 ____D C:\Users\andrea\Documents\Bücher 2013-05-31 12:55 - 2011-09-19 15:50 - 00000000 ____D C:\Users\andrea\Desktop\Diplomprüfung! 2013-05-31 12:48 - 2011-09-12 19:30 - 00000000 ____D C:\Users\andrea\AppData\Roaming\Skype 2013-05-31 12:48 - 2009-12-19 14:18 - 00000000 ____D C:\ProgramData\Skype 2013-05-31 11:03 - 2010-12-18 16:08 - 00000000 ____D C:\Program Files\DVDVideoSoft 2013-05-31 11:03 - 2008-08-31 11:25 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft 2013-05-31 10:38 - 2007-04-16 08:23 - 00000000 ____D C:\ProgramData\Symantec 2013-05-31 10:38 - 2007-04-16 08:23 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared 2013-05-31 10:36 - 2009-11-04 15:06 - 00008831 ____A C:\ProgramData\LUUnInstall.LiveUpdate 2013-05-31 10:35 - 2007-04-16 08:23 - 00000000 ____D C:\Program Files\Symantec 2013-05-31 10:30 - 2013-05-31 09:39 - 00000862 ____A C:\Windows\System32\InstallUtil.InstallLog 2013-05-31 10:12 - 2008-03-13 10:48 - 00000000 ____D C:\ProgramData\EPSON 2013-05-31 10:11 - 2007-04-16 07:18 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2013-05-31 09:49 - 2008-01-17 13:47 - 00000000 ____D C:\Program Files\Common Files\Apple 2013-05-31 09:38 - 2013-05-27 11:47 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-05-31 09:37 - 2013-05-31 09:37 - 00000000 ____D C:\Users\andrea\AppData\Roaming\Delta 2013-05-31 09:37 - 2013-05-31 09:37 - 00000000 ____D C:\Users\andrea\AppData\Roaming\Babylon 2013-05-31 09:37 - 2013-05-31 09:37 - 00000000 ____D C:\Users\andrea\AppData\Roaming\BabSolution 2013-05-31 09:37 - 2013-05-31 09:37 - 00000000 ____D C:\ProgramData\Babylon 2013-05-31 09:37 - 2013-05-31 09:37 - 00000000 ____D C:\Program Files\Delta 2013-05-30 14:24 - 2013-05-30 14:24 - 00000000 ____D C:\Users\andrea\AppData\Local\APN 2013-05-30 14:24 - 2013-05-30 14:24 - 00000000 ____D C:\ProgramData\Ask 2013-05-30 14:19 - 2013-05-30 14:19 - 00000000 ____D C:\Users\andrea\AppData\Roaming\WinPatrol 2013-05-30 14:09 - 2013-05-30 14:09 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-05-30 10:25 - 2008-01-04 12:24 - 00093464 ____A C:\Users\andrea\AppData\Local\GDIPFONTCACHEV1.DAT 2013-05-30 10:22 - 2008-01-17 13:51 - 00000000 ____D C:\Users\andrea\AppData\Roaming\Apple Computer 2013-05-30 10:16 - 2006-11-02 14:47 - 00340040 ____A C:\Windows\System32\FNTCACHE.DAT 2013-05-30 09:13 - 2008-11-16 16:34 - 00000000 ____D C:\Program Files\Microsoft Works 2013-05-30 09:13 - 2006-11-02 13:18 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2013-05-30 08:36 - 2013-05-30 08:35 - 00000000 ____D C:\Program Files\Common Files\Adobe 2013-05-30 08:36 - 2010-09-25 12:34 - 00000000 ____D C:\ProgramData\Adobe 2013-05-30 08:35 - 2008-01-04 14:40 - 00000000 ____D C:\Users\andrea\AppData\Local\Adobe 2013-05-30 08:35 - 2007-04-16 08:30 - 00000000 ____D C:\Program Files\Adobe 2013-05-29 18:40 - 2013-05-29 18:38 - 00000000 ____D C:\Program Files\QuickTime 2013-05-29 18:36 - 2013-05-29 18:36 - 00000000 ____D C:\Program Files\Bonjour 2013-05-29 18:35 - 2008-01-17 13:47 - 00000000 ____D C:\ProgramData\Apple 2013-05-29 18:34 - 2008-01-04 12:24 - 00000000 ____D C:\users\andrea 2013-05-29 18:30 - 2013-05-29 18:30 - 00477616 ____A (Sun Microsystems, Inc.) C:\Windows\System32\npdeployJava1.dll 2013-05-29 18:30 - 2013-05-29 18:30 - 00162224 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe 2013-05-29 18:30 - 2013-05-29 18:30 - 00149936 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe 2013-05-29 18:30 - 2013-05-29 18:30 - 00149936 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe 2013-05-29 18:30 - 2010-06-26 10:04 - 00473520 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll 2013-05-29 18:30 - 2007-04-16 07:04 - 00000000 ____D C:\Program Files\Java 2013-05-29 18:09 - 2013-05-29 18:09 - 00000000 ____D C:\Users\andrea\AppData\Local\WindowsUpdate 2013-05-29 18:07 - 2013-05-29 18:07 - 00000000 ____D C:\Users\andrea\AppData\Local\Secunia PSI 2013-05-29 18:07 - 2013-05-29 18:07 - 00000000 ____D C:\Program Files\Secunia 2013-05-29 17:48 - 2013-05-29 17:47 - 00001789 ____A C:\DelFix.txt 2013-05-29 17:47 - 2013-05-27 17:50 - 00000000 ____D C:\Windows\ERUNT 2013-05-29 16:52 - 2006-11-02 12:23 - 00000215 ____A C:\Windows\system.ini 2013-05-29 16:29 - 2013-05-29 16:29 - 00000000 ____D C:\Program Files\FilesFrog Update Checker 2013-05-28 21:24 - 2008-04-24 12:18 - 00000074 ____A C:\Users\andrea\AppData\default.pls 2013-05-27 23:47 - 2010-08-07 20:25 - 00000000 ____D C:\Windows\pss 2013-05-27 18:22 - 2006-11-02 12:33 - 01445116 ____A C:\Windows\System32\PerfStringBackup.INI 2013-05-27 17:39 - 2013-05-27 17:39 - 00000130 ____A C:\Windows\DeleteOnReboot.bat 2013-05-27 17:05 - 2006-11-02 13:18 - 00000000 __RHD C:\users\Default 2013-05-27 17:05 - 2006-11-02 13:18 - 00000000 ___RD C:\users\Public 2013-05-27 17:02 - 2013-05-27 16:44 - 00000000 ____D C:\Windows\erdnt 2013-05-27 16:07 - 2012-05-07 20:28 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-05-27 14:50 - 2013-05-27 14:50 - 00138720 ____A C:\Windows\Minidump\Mini052713-01.dmp 2013-05-27 14:50 - 2008-04-18 02:40 - 00000000 ____D C:\Windows\Minidump 2013-05-27 14:49 - 2009-07-14 12:43 - 00000000 ____D C:\Users\Public\Documents\Symantec 2013-05-27 14:49 - 2008-04-18 02:39 - 268499548 ____A C:\Windows\MEMORY.DMP 2013-05-27 10:53 - 2013-05-27 10:53 - 00000000 ____D C:\Program Files\7-Zip 2013-05-27 10:52 - 2013-05-27 10:51 - 00000000 ____D C:\Windows\System32\jmdp 2013-05-27 10:51 - 2013-05-27 10:51 - 00000000 ____D C:\Windows\System32\ARFC 2013-05-18 11:05 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\registration 2013-05-18 10:40 - 2013-05-18 10:40 - 00000000 ____D C:\Users\andrea\AppData\Roaming\Malwarebytes 2013-05-18 10:39 - 2013-05-18 10:39 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-05-17 19:18 - 2008-01-15 13:33 - 00000392 ____A C:\Windows\Tasks\1-Klick-Wartung.job 2013-05-17 13:40 - 2012-04-24 17:32 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2013-05-17 13:40 - 2011-10-08 13:51 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2013-05-16 14:30 - 2013-05-27 10:51 - 00028160 ____A C:\Windows\System32\ImHttpComm.dll 2013-05-16 14:02 - 2013-05-27 10:51 - 00632656 ____A (Microsoft Corporation) C:\Windows\System32\msvcr80.dll 2013-05-16 14:02 - 2013-05-27 10:51 - 00554832 ____A (Microsoft Corporation) C:\Windows\System32\msvcp80.dll 2013-05-16 14:02 - 2013-05-27 10:51 - 00479232 ____A (Microsoft Corporation) C:\Windows\System32\msvcm80.dll 2013-05-16 14:02 - 2013-05-27 10:51 - 00001870 ____A C:\Windows\System32\Microsoft.VC80.CRT.manifest 2013-05-16 14:02 - 2011-02-19 23:03 - 00421200 ____A (Microsoft Corporation) C:\Windows\System32\msvcp100.dll 2013-05-16 14:02 - 2011-02-19 00:40 - 00773968 ____A (Microsoft Corporation) C:\Windows\System32\msvcr100.dll 2013-05-13 17:43 - 2008-11-16 16:36 - 00002637 ____A C:\Users\andrea\Desktop\Microsoft Office Word 2007.lnk Files to move or delete: ==================== C:\Users\Public\Firefox Setup 2.0.0.12.exe C:\Users\Public\IPODACCESS_SETUP.EXE C:\ProgramData\firstlsp.reg.dat ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit Last Boot: 2013-06-08 08:36 ==================== End Of Log ============================ FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-06-2013 02 Ran by andrea at 2013-06-08 08:47:21 Run: Running from C:\Users\andrea\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= 7-Zip 9.20 Adobe Flash Player 11 ActiveX (Version: 11.7.700.202) Adobe Flash Player 11 Plugin (Version: 11.7.700.202) Adobe Reader 9.5.0 - Deutsch (Version: 9.5.0) ATI Catalyst Install Manager (Version: 3.0.641.0) AVI Media Player 1.0.1 Avira AntiVir Personal - Free Antivirus Avira AntiVir PersonalEdition Premium Bluetooth Stack for Windows by Toshiba (Version: v5.10.06(T)) Bonjour (Version: 3.0.0.10) BrowserProtect Bundled software uninstaller Camera RAW Plug-In for EPSON Creativity Suite (Version: 2.1.0.0) Catalyst Control Center - Branding (Version: 1.00.0000) Catalyst Control Center Core Implementation (Version: 2007.0621.1715.28924) Catalyst Control Center Graphics Full Existing (Version: 2007.0621.1715.28924) Catalyst Control Center Graphics Full New (Version: 2007.0621.1715.28924) Catalyst Control Center Graphics Light (Version: 2007.0621.1715.28924) Catalyst Control Center Graphics Previews Common (Version: 2007.0621.1715.28924) Catalyst Control Center Graphics Previews Vista (Version: 2007.0621.1715.28924) Catalyst Control Center Localization Chinese Standard (Version: 2007.0621.1715.28924) Catalyst Control Center Localization Chinese Traditional (Version: 2007.0621.1715.28924) Catalyst Control Center Localization Czech (Version: 2007.0621.1715.28924) Catalyst Control Center Localization Danish (Version: 2007.0621.1715.28924) Catalyst Control Center Localization Dutch (Version: 2007.0621.1715.28924) Catalyst Control Center Localization Finnish (Version: 2007.0621.1715.28924) Catalyst Control Center Localization French (Version: 2007.0621.1715.28924) Catalyst Control Center Localization German (Version: 2007.0621.1715.28924) Catalyst Control Center Localization Greek (Version: 2007.0621.1715.28924) Catalyst Control Center Localization Hungarian (Version: 2007.0621.1715.28924) Catalyst Control Center Localization Italian (Version: 2007.0621.1715.28924) Catalyst Control Center Localization Japanese (Version: 2007.0621.1715.28924) Catalyst Control Center Localization Korean (Version: 2007.0621.1715.28924) Catalyst Control Center Localization Norwegian (Version: 2007.0621.1715.28924) Catalyst Control Center Localization Polish (Version: 2007.0621.1715.28924) Catalyst Control Center Localization Portuguese (Version: 2007.0621.1715.28924) Catalyst Control Center Localization Russian (Version: 2007.0621.1715.28924) Catalyst Control Center Localization Spanish (Version: 2007.0621.1715.28924) Catalyst Control Center Localization Swedish (Version: 2007.0621.1715.28924) Catalyst Control Center Localization Thai (Version: 2007.0621.1715.28924) Catalyst Control Center Localization Turkish (Version: 2007.0621.1715.28924) CCC Help Chinese Standard (Version: 2007.0621.1714.28924) CCC Help Chinese Traditional (Version: 2007.0621.1714.28924) CCC Help Czech (Version: 2007.0621.1714.28924) CCC Help Danish (Version: 2007.0621.1714.28924) CCC Help Dutch (Version: 2007.0621.1714.28924) CCC Help English (Version: 2007.0621.1714.28924) CCC Help Finnish (Version: 2007.0621.1714.28924) CCC Help French (Version: 2007.0621.1714.28924) CCC Help German (Version: 2007.0621.1714.28924) CCC Help Greek (Version: 2007.0621.1714.28924) CCC Help Hungarian (Version: 2007.0621.1714.28924) CCC Help Italian (Version: 2007.0621.1714.28924) CCC Help Japanese (Version: 2007.0621.1714.28924) CCC Help Korean (Version: 2007.0621.1714.28924) CCC Help Norwegian (Version: 2007.0621.1714.28924) CCC Help Polish (Version: 2007.0621.1714.28924) CCC Help Portuguese (Version: 2007.0621.1714.28924) CCC Help Russian (Version: 2007.0621.1714.28924) CCC Help Spanish (Version: 2007.0621.1714.28924) CCC Help Swedish (Version: 2007.0621.1714.28924) CCC Help Thai (Version: 2007.0621.1714.28924) CCC Help Turkish (Version: 2007.0621.1714.28924) ccc-core-static (Version: 2007.0621.1715.28924) ccc-utility (Version: 2007.0621.1715.28924) CD/DVD Drive Acoustic Silencer (Version: 2.00.02) Delta Chrome Toolbar Delta toolbar (Version: 1.8.21.5) Dropbox (Version: 2.0.22) DVD MovieFactory for TOSHIBA (Version: 5.3) DVD Shrink 3.2 Emdedded IR Driver (Version: 0.0.0.6C) Fahren Lernen Offline 1.2 FilesFrog Update Checker Firebird SQL Server - MAGIX Edition 2.0.0.1 (D) (Version: 2.0.0.1) Free YouTube Download version 3.0.14.908 Google Chrome (Version: 27.0.1453.110) Google Earth (Version: 7.0.3.8542) Google Update Helper (Version: 1.3.21.145) Google Updater (Version: 2.4.2432.1652) Intel Matrix Storage Manager Java Auto Updater (Version: 2.0.6.1) Java(TM) 6 Update 45 (Version: 6.0.450) Java(TM) SE Runtime Environment 6 (Version: 1.6.0.0) LiveUpdate 3.2 (Symantec Corporation) (Version: 3.2.0.68) LiveUpdate Notice (Symantec Corporation) (Version: 1.4.5) MAGIX Digital Foto Maker SE 4.1.0.835 (D) (Version: 4.1.0.835) MAGIX Foto Suite 1.12.0.89 (D) (Version: 1.12.0.89) MAGIX Online Druck Service 2.3.2.0 (D) (Version: 2.3.2.0) Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300) Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000) Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1) Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000) Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014) Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Silverlight (Version: 5.1.20125.0) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft XML Parser (Version: 8.0.7820.0) Microsoft XML Parser (Version: 8.20.8730.4) MobileMe Control Panel (Version: 2.5.0.28) Mozilla Firefox 21.0 (x86 de) (Version: 21.0) Mozilla Maintenance Service (Version: 21.0) MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0) MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0) MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) Nero 7 Premium (Version: 7.02.9753) neroxml (Version: 1.0.0) PDF-XChange 3 phase6_19 (Version: 1.90.0000) QuickTime (Version: 7.74.80.86) Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista (Version: 1.00.0000) Realtek High Definition Audio Driver (Version: 6.0.1.5433) Secunia PSI (3.0.0.7009) (Version: 3.0.0.7009) Skins (Version: 2007.0621.1715.28924) SPSS 15.0 für Windows [Auswertung Version] (Version: 15.0.1) Synaptics Pointing Device Driver (Version: 10.0.1.0) Texas Instruments PCIxx21/x515/xx12 drivers. (Version: 2.00.0001) TIPCI (Version: 2.00.0001) TOSHIBA Assist (Version: 2.01.02) TOSHIBA ConfigFree (Version: 7.00.29) TOSHIBA Disc Creator (Version: 2.0.0.8) TOSHIBA DVD PLAYER (Version: 1.00.24A) TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00) TOSHIBA Flash Cards Support Utility (Version: 1.48.0.3C) TOSHIBA Hardware Setup (Version: 1.48.0.11C) Toshiba Online Product Information (Version: 1.00.0009) TOSHIBA SD Memory Utilities (Version: 1.8.1.1) TOSHIBA Software Modem (Version: 2.1.77 (SM2177ALD03)) TOSHIBA Supervisor Password (Version: 1.48.0.8C) TOSHIBA Supervisorkennwort (Version: 1.48.0.8C) TOSHIBA Value Added Package (Version: 1.0.24) TuneUp Utilities 2008 (Version: 7.0.7986) Uninstall 1.0.0.1 Unlocker 1.9.1 (Version: 1.9.1) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817359) 32-Bit Edition Update für Microsoft Office Excel 2007 Help (KB963678) Update für Microsoft Office Outlook 2007 Help (KB963677) Update für Microsoft Office Powerpoint 2007 Help (KB963669) Update für Microsoft Office Word 2007 Help (KB963665) USB2.0 UVC WebCam (Version: 5.3.0.7) Utility Common Driver (Version: 0.0.1.1C) VCRedistSetup (Version: 1.0.0) VLC media player 2.0.6 (Version: 2.0.6) Windows Media Encoder 9-Reihe Windows Media Encoder 9-Reihe (Version: 9.00.3374) WinRAR ==================== Restore Points ========================= 04-06-2013 09:46:36 Windows Update 05-06-2013 09:26:05 Windows Update 06-06-2013 10:43:56 Geplanter Prüfpunkt 07-06-2013 13:43:15 Windows Update ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft Tun-Miniportadapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunmp Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (06/06/2013 07:48:59 PM) (Source: EventSystem) (User: ) Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000} Error: (06/06/2013 05:38:17 PM) (Source: Application Hang) (User: ) Description: Programm OTL.exe, Version 3.2.69.0 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: 1124 Anfangszeit: 01ce629bc1ff0ead Zeitpunkt der Beendigung: 16 Error: (06/06/2013 11:07:34 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 370035 Error: (06/06/2013 11:07:34 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 370035 Error: (06/06/2013 11:07:34 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/06/2013 10:57:48 AM) (Source: Application Hang) (User: ) Description: Programm OTL.exe, Version 3.2.69.0 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: 14a4 Anfangszeit: 01ce628412383001 Zeitpunkt der Beendigung: 0 Error: (06/05/2013 07:15:13 PM) (Source: Application Hang) (User: ) Description: Programm OTL.exe, Version 3.2.69.0 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: c1c Anfangszeit: 01ce61e6d6d4594c Zeitpunkt der Beendigung: 0 Error: (06/04/2013 10:22:49 PM) (Source: EventSystem) (User: ) Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000} Error: (06/04/2013 09:59:26 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 6239369 Error: (06/04/2013 09:59:26 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 6239369 System errors: ============= Error: (06/08/2013 08:29:56 AM) (Source: Service Control Manager) (User: ) Description: Windows Update Error: (06/08/2013 08:25:58 AM) (Source: Service Control Manager) (User: ) Description: avgntdd avgntmgr Error: (06/08/2013 08:25:58 AM) (Source: Service Control Manager) (User: ) Description: AntiVir PersonalEdition Premium MailGuardAntiVir PersonalEdition Premium MailGuard Hilfsdienst%%2 Error: (06/08/2013 08:25:58 AM) (Source: Service Control Manager) (User: ) Description: TOSHIBA Bluetooth Service%%2 Error: (06/08/2013 08:25:58 AM) (Source: Service Control Manager) (User: ) Description: AntiVir PersonalEdition Premium MailGuard Hilfsdienst%%2 Error: (06/08/2013 08:25:58 AM) (Source: Service Control Manager) (User: ) Description: Parallel port driver%%1058 Error: (06/08/2013 08:24:54 AM) (Source: ipnathlp) (User: ) Description: Die DHCP-Zuweisung wurde für IP-Adresse 192.168.2.114 deaktiviert, da die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt, von der die Adressen DHCP-Clients zu gewiesen werden. Ändern Sie den Bereich, sodass die IP-Adresse mit einbezogen wird, oder ändern Sie die IP-Adresse, sodass sie innerhalb dieses Bereichs liegt, um die DHCP-Zuweisung zu aktivieren. Error: (06/08/2013 08:24:54 AM) (Source: ipnathlp) (User: ) Description: ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren. Error: (06/08/2013 08:24:27 AM) (Source: HTTP) (User: ) Description: \Device\Http\ReqQueueKerberos Error: (06/08/2013 08:24:18 AM) (Source: atikmdag) (User: ) Description: Unknown EDID version Microsoft Office Sessions: ========================= Error: (09/07/2011 00:27:25 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1741 seconds with 1260 seconds of active time. This session ended with a crash. Error: (07/05/2010 09:08:42 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 33 seconds with 0 seconds of active time. This session ended with a crash. Error: (06/02/2009 05:28:03 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 396 seconds with 360 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2013-06-08 08:46:59.670 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-06-08 08:46:59.468 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-06-08 08:46:59.265 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-06-08 08:46:59.046 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-06-08 08:46:58.766 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-06-08 08:46:58.578 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-06-08 08:46:58.360 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-06-08 08:46:58.157 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-06-07 15:47:49.005 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-06-07 15:47:48.786 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 51% Total physical RAM: 2045.69 MB Available physical RAM: 990.29 MB Total Pagefile: 4330.64 MB Available Pagefile: 2944.86 MB Total Virtual: 2047.88 MB Available Virtual: 1900.98 MB ==================== Drives ================================ Drive c: (Vista) (Fixed) (Total:93.16 GB) (Free:21.71 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive e: (Data) (Fixed) (Total:91.69 GB) (Free:71.56 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 186 GB) (Disk ID: 612EBEDC) Partition 1: (Not Active) - (Size=1 GB) - (Type=27) Partition 2: (Active) - (Size=93 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=92 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
Themen zu Trojaner TR/Crypt.XPACK.Gen3 auf Laptop, wie entfernen? |
antivir, avira, bho, bonjour, branding, computer, computern, converter, entfernen, error, firefox, flash player, home, install.exe, logfile, mozilla, mp3, plug-in, realtek, registry, scan, security, software, somoto, svchost.exe, sweetpacks, symantec, tr/crypt.xpack.ge, tr/crypt.xpack.gen, trojaner, usb, vista, wie entfernen, wie entfernen?, ändern |