| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: wssetup.exe immer wieder beim hochfahrenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
18.06.2013, 17:15
| #16 |
| /// Malware-holic   |  wssetup.exe immer wieder beim hochfahren ok uninstall list fehlt immernoch
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
19.06.2013, 18:06
| #17 |
 | wssetup.exe immer wieder beim hochfahren OK, aber bitte frag mich nicht was ich davon wirklich brauche :-)
__________________Adobe AIR Adobe Systems Inc. 18.03.2011 2.0.3.13070 Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 13.06.2013 6,00MB 11.7.700.224 Adobe Flash Player 11 Plugin Adobe Systems Incorporated 13.06.2013 6,00MB 11.7.700.224 Adobe Reader X (10.1.7) MUI Adobe Systems Incorporated 18.05.2013 479MB 10.1.7 Adobe Shockwave Player 11.6 Adobe Systems, Inc. 18.10.2012 11.6.7.637 AllShare Framework DMS Samsung 08.11.2012 32,9MB 1.3.06 AllShare Play 1.3.0.1211061557 Copyright 2012 SAMSUNG 08.11.2012 1.3.0.1211061557 Allway Sync version 12.0.12 Botkind Inc 24.03.2012 24,6MB Amazon.de Amazon EU S.a.r.L. 03.05.2011 Apple Application Support Apple Inc. 15.03.2013 62,7MB 2.3.3 Apple Mobile Device Support Apple Inc. 15.03.2013 25,2MB 6.1.0.13 Apple Software Update Apple Inc. 18.06.2011 2,25MB 2.1.3.127 Atheros Bluetooth Filter Driver Package Atheros Communications 04.04.2011 105KB 1.00.0004 Atheros Driver Installation Program Atheros 04.04.2011 9.2 AudibleManager Audible, Inc. 24.11.2012 2001550574.48.56.35788154 Bluetooth Stack for Windows by Toshiba TOSHIBA CORPORATION 04.04.2011 73,7MB v8.00.05(T) Bonjour Apple Inc. 18.10.2011 2,00MB 3.0.0.10 CCleaner Piriform 24.05.2013 4.02 Contrôle ActiveX Windows Live Mesh pour connexions à distance Microsoft Corporation 18.03.2011 5,57MB 15.4.5722.2 Corel Digital Studio SE Corel Corporation 05.04.2011 1,61GB 1.5.10.332 Corel WinDVD Corel Inc. 04.04.2011 294MB 10.0.5.822 cyberJack Base Components REINER SCT 04.05.2011 6.8.0 Dropbox Dropbox, Inc. 06.06.2013 2.0.22 Druckerdeinstallation für EPSON SX525WD Series SEIKO EPSON Corporation 19.02.2012 eBay eBay Inc. 03.05.2011 168KB 1.1.9 ENE CIR Receiver Driver ENE 05.04.2011 2.7.4.1 EPSON BX525WD Series Handbuch 14.03.2012 EPSON BX525WD Series Netzwerk-Handbuch 14.03.2012 EPSON BX525WD Series Printer Uninstall SEIKO EPSON Corporation 14.03.2012 Epson Easy Photo Print 2 SEIKO EPSON CORPORATION 13.03.2012 2.2.3.0 Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) SEIKO EPSON CORPORATION 13.03.2012 1.00.0000 Epson Event Manager SEIKO EPSON CORPORATION 13.03.2012 38,7MB 2.40.0001 EPSON Scan Seiko Epson Corporation 12.08.2011 EpsonNet Print SEIKO EPSON CORPORATION 13.03.2012 2.4j EpsonNet Setup 3.3 SEIKO EPSON CORPORATION 14.03.2012 3.3a FormatFactory 2.95 Free Time 14.05.2012 2.95 Foxit Reader 5.1 Foxit Corporation 07.03.2012 30,8MB 5.1.4.104 Freemake Music Box Ellora Assets Corporation 30.01.2013 44,7MB 0.9.7 FRITZ!Box USB-Fernanschluss AVM Berlin 20.12.2012 2.3.0.2 Google Chrome Google Inc. 18.08.2011 27.0.1453.110 Google Earth Google 26.03.2013 173MB 7.0.3.8542 iCloud Apple Inc. 12.04.2013 81,9MB 2.1.2.8 Intel(R) Management Engine Components Intel Corporation 7.0.0.1144 Intel(R) Processor Graphics Intel Corporation 8.15.10.2291 Intel(R) Rapid Storage Technology Intel Corporation 10.1.2.1004 Intelligent IP Installer ABUS Security-Center 06.06.2011 1.1.16.11 iTunes Apple Inc. 15.03.2013 187MB 11.0.2.26 Java 7 Update 21 Oracle 18.03.2013 129MB 7.0.210 JDownloader 0.9 AppWork GmbH 14.10.2012 0.9 JMicron Flash Media Controller Driver JMicron Technology Corp. 05.04.2011 1.0.57.2 K-Lite Codec Pack 8.4.0 (Basic) 18.08.2012 26,0MB 8.4.0 Malwarebytes Anti-Malware Version 1.75.0.1300 Malwarebytes Corporation 15.06.2013 19,2MB 1.75.0.1300 maxdome Download Manager 4.1.300.78 Prosieben 05.05.2011 10,5MB 4.1.30078 Mediaport 06.08.2011 Microsoft .NET Framework 4 Client Profile Microsoft Corporation 18.03.2011 38,8MB 4.0.30319 Microsoft Office 2010 Microsoft Corporation 18.03.2011 6,40MB 14.0.4763.1000 Microsoft Office Klick-und-Los 2010 Microsoft Corporation 04.05.2011 14.0.4763.1000 Microsoft Office Starter 2010 - Deutsch Microsoft Corporation 28.03.2012 14.0.5128.5002 Microsoft Primary Interoperability Assemblies 2005 Microsoft Corporation 18.03.2011 7,75MB 9.0.21022 Microsoft Silverlight Microsoft Corporation 13.03.2013 100MB 5.1.20125.0 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 18.03.2011 1,69MB 3.1.0000 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 12.08.2011 2,62MB 8.0.59193 Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 17.06.2011 572KB 8.0.61000 Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Corporation 04.05.2011 212KB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 18.03.2011 788KB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 17.06.2011 788KB 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 18.03.2011 596KB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 18.03.2011 596KB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 17.06.2011 600KB 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Corporation 30.06.2011 11,0MB 10.0.30319 MobileMe Control Panel Apple Inc. 28.10.2011 12,9MB 3.1.8.0 Mozilla Firefox 5.0.1 (x86 de) Mozilla 06.08.2011 31,1MB 5.0.1 MSXML 4.0 SP2 (KB954430) Microsoft Corporation 15.03.2012 1,27MB 4.20.9870.0 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 15.03.2012 1,33MB 4.20.9876.0 MSXML 4.0 SP3 Parser Microsoft Corporation 29.06.2011 1,47MB 4.30.2100.0 MSXML 4.0 SP3 Parser (KB973685) Microsoft Corporation 14.07.2011 1,53MB 4.30.2107.0 NAVIGON Fresh 3.4.1 NAVIGON 15.05.2012 3.4.1 Nero BackItUp 10 Nero AG 18.03.2011 109MB 5.6.11500.16.100 Nero BurnRights 10 Nero AG 18.03.2011 6,14MB 4.2.10500.1.102 Nero Express 10 Nero AG 18.03.2011 165MB 10.2.12000.21.100 Nero InfoTool 10 Nero AG 18.03.2011 8,06MB 7.2.10400.5.100 Nero MediaHub 10 Nero AG 18.03.2011 179MB 1.2.13300.36.100 Nero Multimedia Suite 10 Essentials Nero AG 18.03.2011 767MB 10.5.14800 Nero RescueAgent 10 Nero AG 18.03.2011 6,53MB 3.2.10800.9.100 Nero StartSmart 10 Nero AG 18.03.2011 143MB 10.2.11600.14.100 Nero Update Nero AG 18.03.2011 1,42MB 1.0.10300.25.0 Norton Internet Security Symantec Corporation 17.10.2012 20.3.1.22 NVIDIA 3D Vision Controller Driver 267.21 NVIDIA Corporation 04.04.2011 267.21 NVIDIA Graphics Driver 267.21 NVIDIA Corporation 04.04.2011 267.21 NVIDIA PhysX System Software 9.10.0514 NVIDIA Corporation 04.04.2011 9.10.0514 Pando Media Booster Pando Networks Inc. 14.03.2012 5,46MB 2.6.0.6 Photo Service - powered by myphotobook myphotobook GmbH 18.03.2011 1.2.0-545 Pinnacle Instant DVD Recorder 18.03.2013 2.00.088 Pinnacle Video Treiber Pinnacle Systems 20.03.2013 2,73MB 12.1.0.029 PixiePack Codec Pack None 08.08.2011 17,2MB 1.1.1200.0 PlayMemories Home Sony Corporation 14.12.2012 7.0.00.11271 PlayReady PC Runtime amd64 Microsoft Corporation 18.03.2011 2,05MB 1.3.0 PMB-Aktualisierungsprogramm Sony Corporation 29.06.2011 131MB 5.6.01.03300 Presto! PageManager 9.00.11 SE Newsoft Technology Corporation 14.03.2012 9.00.11 proDAD Heroglyph 2.5 18.03.2013 proDAD Vitascene 1.0 18.03.2013 QuickTime Apple Inc. 14.12.2012 73,1MB 7.73.80.64 Radio.fx Tobit.Software 08.03.2013 Radiotracker RapidSolution Software AG 08.08.2011 249MB 6.2.13700.0 RealPlayer RealNetworks 08.04.2013 91,7MB 16.0.0 Realtek Ethernet Controller Driver Realtek 04.04.2011 7.38.113.2011 Realtek High Definition Audio Driver Realtek Semiconductor Corp. 04.04.2011 6.0.1.6323 Renesas Electronics USB 3.0 Host Controller Driver Renesas Electronics Corporation 04.04.2011 276KB 2.0.34.0 Roxio Express Labeler 3 Roxio 18.03.2013 19,6MB 3.2.1 ScoreFitter Volume 1 Pinnacle Systems 18.03.2013 2,41MB 1.00.0000 ScoreFitter Volume 2 Pinnacle Systems 18.03.2013 2,72MB 1.00.0000 ShotOnline GamesCampus 15.03.2012 1.0 Skype Toolbars Skype Technologies S.A. 04.03.2012 5,84MB 5.3.7555 Skype™ 5.10 Skype Technologies S.A. 06.09.2012 19,4MB 5.10.116 Spotify Spotify AB 14.12.2012 0.8.5.1333.g822e0de8 StarMoney 7.0 Star Finanz GmbH 04.05.2011 7.0 Studio 11 Pinnacle Systems 18.03.2013 11.0 Studio 11 Bonus DVD Pinnacle Systems 18.03.2013 11.0.0.0 SUPER © v2011.build.48 (April 23, 2011) Version v2011.build.48 eRightSoft 12.06.2011 39,4MB v2011.build.48 Synaptics Pointing Device Driver Synaptics Incorporated 05.04.2011 46,4MB 15.2.11.1 TeamViewer 7 TeamViewer 27.04.2012 7.0.12979 TOSHIBA Assist TOSHIBA CORPORATION 18.03.2011 4.02.02 TOSHIBA Bulletin Board TOSHIBA Corporation 05.04.2011 2.0.16.64 TOSHIBA ConfigFree TOSHIBA CORPORATION 04.04.2011 90,7MB 8.0.37 TOSHIBA Disc Creator TOSHIBA Corporation 04.04.2011 19,1MB 2.1.0.6 for x64 TOSHIBA eco Utility TOSHIBA Corporation 04.04.2011 12,4MB 1.2.24.64 TOSHIBA Face Recognition TOSHIBA Corporation 05.04.2011 3.1.9.64 TOSHIBA Flash Cards Support Utility TOSHIBA CORPORATION 04.04.2011 52,0KB 1.63.0.12C TOSHIBA Hardware Setup TOSHIBA CORPORATION 04.04.2011 12,3MB 1.63.1.34C TOSHIBA HDD Protection TOSHIBA Corporation 04.04.2011 13,9MB 2.2.1.13 TOSHIBA HDD/SSD Alert TOSHIBA Corporation 04.04.2011 55,0MB 3.1.64.7 Toshiba Manuals TOSHIBA 04.04.2011 10.02 TOSHIBA Media Controller TOSHIBA CORPORATION 04.04.2011 1.0.86.2 TOSHIBA Media Controller Plug-in TOSHIBA CORPORATION 04.04.2011 4,89MB 1.0.6.1 TOSHIBA Online Product Information TOSHIBA 18.03.2011 4.00.0008 TOSHIBA PC Health Monitor TOSHIBA Corporation 04.04.2011 28,8MB 1.7.4.64 TOSHIBA Recovery Media Creator TOSHIBA CORPORATION 04.04.2011 2.1.3.5109 TOSHIBA Recovery Media Creator Reminder TOSHIBA 04.04.2011 460KB 1.00.0019 TOSHIBA ReelTime TOSHIBA Corporation 05.04.2011 1.7.17.64 TOSHIBA Remote Control Manager TOSHIBA CORPORATION 04.04.2011 3.0.6.1 TOSHIBA Resolution+ Plug-in for Windows Media Player TOSHIBA Corporation 04.04.2011 1.1.0 TOSHIBA Service Station TOSHIBA 20.10.2011 2.2.9 TOSHIBA Sleep Utility TOSHIBA Corporation 04.04.2011 1.4.2.7 TOSHIBA Supervisor Password TOSHIBA CORPORATION 04.04.2011 2,12MB 1.63.51.2C TOSHIBA TEMPRO Toshiba Europe GmbH 18.03.2011 11,3MB 3.35 TOSHIBA Value Added Package TOSHIBA Corporation 04.04.2011 182MB 1.5.4.64 TOSHIBA VIDEO PLAYER TOSHIBA Corporation 04.04.2011 4.00.6.08-A TOSHIBA Web Camera Application TOSHIBA Corporation 04.04.2011 64,9MB 2.0.0.19 TOSHIBA Wireless LAN Indicator TOSHIBA CORPORATION 04.04.2011 5,08MB 1.0.2 Update Manager for SweetPacks 1.1 SweetIM Technologies Ltd. 14.10.2012 2,76MB 1.1.0008 WildTangent Games WildTangent 18.03.2011 1.0.2.5 Winamp Nullsoft, Inc 16.12.2012 5.63 Winamp Erkennungs-Plug-in Nullsoft, Inc 16.12.2012 75,0KB 1.0.0.1 Windows Live Essentials Microsoft Corporation 15.04.2012 15.4.3555.0308 Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen Microsoft Corporation 18.03.2011 5,57MB 15.4.5722.2 Windows Live Mesh ActiveX Control for Remote Connections Microsoft Corporation 18.03.2011 5,57MB 15.4.5722.2 Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 18.03.2011 5,57MB 15.4.5722.2 WinPcap 4.1.2 CACE Technologies 03.04.2012 4.1.0.2001 WinRAR 4.11 (32-Bit) win.rar GmbH 16.05.2012 4.11.0 |
|
19.06.2013, 18:30
| #18 |
| /// Malware-holic | wssetup.exe immer wieder beim hochfahren wo sind die beschriftungen, bitte nach den genannten kategorieen
__________________
__________________ |
|
28.06.2013, 17:14
| #19 |
| | wssetup.exe immer wieder beim hochfahren Adobe AIR Adobe Systems Inc. 18.03.2011 2.0.3.13070 notwendig Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 13.06.2013 6,00MB 11.7.700.224 notwendig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 13.06.2013 6,00MB 11.7.700.224 notwendig Adobe Reader X (10.1.7) MUI Adobe Systems Incorporated 18.05.2013 479MB 10.1.7 notwendig Adobe Shockwave Player 11.6 Adobe Systems, Inc. 18.10.2012 11.6.7.637 notwendig AllShare Framework DMS Samsung 08.11.2012 32,9MB 1.3.06 notwendig AllShare Play 1.3.0.1211061557 Copyright 2012 SAMSUNG 08.11.2012 1.3.0.1211061557 notwendig Allway Sync version 12.0.12 Botkind Inc 24.03.2012 24,6MB unbekannt Amazon.de Amazon EU S.a.r.L. 03.05.2011 unbekannt Apple Application Support Apple Inc. 15.03.2013 62,7MB 2.3.3 notwendig Apple Mobile Device Support Apple Inc. 15.03.2013 25,2MB 6.1.0.13 notwendig Apple Software Update Apple Inc. 18.06.2011 2,25MB 2.1.3.127 notwendig Atheros Bluetooth Filter Driver Package Atheros Communications 04.04.2011 105KB 1.00.0004 unbekannt Atheros Driver Installation Program Atheros 04.04.2011 9.2 unbekannt AudibleManager Audible, Inc. 24.11.2012 2001550574.48.56.35788154 notwendig Bluetooth Stack for Windows by Toshiba TOSHIBA CORPORATION 04.04.2011 73,7MB v8.00.05(T) notwendig Bonjour Apple Inc. 18.10.2011 2,00MB 3.0.0.10 notwendig CCleaner Piriform 24.05.2013 4.02 notwendig Contrôle ActiveX Windows Live Mesh pour connexions à distance Microsoft Corporation 18.03.2011 5,57MB 15.4.5722.2 notwendig Corel Digital Studio SE Corel Corporation 05.04.2011 1,61GB 1.5.10.332 notwendig Corel WinDVD Corel Inc. 04.04.2011 294MB 10.0.5.822 notwendig cyberJack Base Components REINER SCT 04.05.2011 6.8.0 notwendig Dropbox Dropbox, Inc. 06.06.2013 2.0.22 notwendig Druckerdeinstallation für EPSON SX525WD Series SEIKO EPSON Corporation 19.02.2012 notwendig eBay eBay Inc. 03.05.2011 168KB 1.1.9 notwendig ENE CIR Receiver Driver ENE 05.04.2011 2.7.4.1 unbekannt EPSON BX525WD Series Handbuch 14.03.2012 nicht nötig EPSON BX525WD Series Netzwerk-Handbuch 14.03.2012 nicht nötig EPSON BX525WD Series Printer Uninstall SEIKO EPSON Corporation 14.03.2012 benötigt Epson Easy Photo Print 2 SEIKO EPSON CORPORATION 13.03.2012 2.2.3.0 benötigt Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) SEIKO EPSON CORPORATION 13.03.2012 1.00.0000 benötigt Epson Event Manager SEIKO EPSON CORPORATION 13.03.2012 38,7MB 2.40.0001 benötigt EPSON Scan Seiko Epson Corporation 12.08.2011 benötigt EpsonNet Print SEIKO EPSON CORPORATION 13.03.2012 2.4j benötigt EpsonNet Setup 3.3 SEIKO EPSON CORPORATION 14.03.2012 3.3a benötigt FormatFactory 2.95 Free Time 14.05.2012 2.95 benötigt Foxit Reader 5.1 Foxit Corporation 07.03.2012 30,8MB 5.1.4.104 benötigt Freemake Music Box Ellora Assets Corporation 30.01.2013 44,7MB 0.9.7 benötigt FRITZ!Box USB-Fernanschluss AVM Berlin 20.12.2012 2.3.0.2 benötigt Google Chrome Google Inc. 18.08.2011 27.0.1453.110 benötigt Google Earth Google 26.03.2013 173MB 7.0.3.8542 benötigt iCloud Apple Inc. 12.04.2013 81,9MB 2.1.2.8 benötigt Intel(R) Management Engine Components Intel Corporation 7.0.0.1144 unbekannt Intel(R) Processor Graphics Intel Corporation 8.15.10.2291 unbekannt Intel(R) Rapid Storage Technology Intel Corporation 10.1.2.1004 unbekannt Intelligent IP Installer ABUS Security-Center 06.06.2011 1.1.16.11 benötigt iTunes Apple Inc. 15.03.2013 187MB 11.0.2.26 benötigt Java 7 Update 21 Oracle 18.03.2013 129MB 7.0.210 benötigt JDownloader 0.9 AppWork GmbH 14.10.2012 0.9 benötigt JMicron Flash Media Controller Driver JMicron Technology Corp. 05.04.2011 1.0.57.2 unbekannt K-Lite Codec Pack 8.4.0 (Basic) 18.08.2012 26,0MB 8.4.0 benötigt Malwarebytes Anti-Malware Version 1.75.0.1300 Malwarebytes Corporation 15.06.2013 19,2MB 1.75.0.1300 nicht benötigt maxdome Download Manager 4.1.300.78 Prosieben 05.05.2011 10,5MB 4.1.30078 benötigt Mediaport 06.08.2011 benötigt Microsoft .NET Framework 4 Client Profile Microsoft Corporation 18.03.2011 38,8MB 4.0.30319 benötigt Microsoft Office 2010 Microsoft Corporation 18.03.2011 6,40MB 14.0.4763.1000 benötigt Microsoft Office Klick-und-Los 2010 Microsoft Corporation 04.05.2011 14.0.4763.1000 benötigt Microsoft Office Starter 2010 - Deutsch Microsoft Corporation 28.03.2012 14.0.5128.5002 benötigt Microsoft Primary Interoperability Assemblies 2005 Microsoft Corporation 18.03.2011 7,75MB 9.0.21022 unbekannt Microsoft Silverlight Microsoft Corporation 13.03.2013 100MB 5.1.20125.0 unbekannt Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 18.03.2011 1,69MB 3.1.0000 benötigt Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 12.08.2011 2,62MB 8.0.59193 benötigt Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 17.06.2011 572KB 8.0.61000 benötigt Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Corporation 04.05.2011 212KB 9.0.30729.4148 benötigt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 18.03.2011 788KB 9.0.30729 benötigt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 17.06.2011 788KB 9.0.30729.6161 benötigt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 18.03.2011 596KB 9.0.30729 benötigt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 18.03.2011 596KB 9.0.30729.4148 benötigt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 17.06.2011 600KB 9.0.30729.6161 benötigt Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Corporation 30.06.2011 11,0MB 10.0.30319 benötigt... ich schätze mal das ich alle Visual c++ brauche oder? MobileMe Control Panel Apple Inc. 28.10.2011 12,9MB 3.1.8.0 benötigt Mozilla Firefox 5.0.1 (x86 de) Mozilla 06.08.2011 31,1MB 5.0.1 benötigt MSXML 4.0 SP2 (KB954430) Microsoft Corporation 15.03.2012 1,27MB 4.20.9870.0 unbekannt MSXML 4.0 SP2 (KB973688) Microsoft Corporation 15.03.2012 1,33MB 4.20.9876.0 unbekannt MSXML 4.0 SP3 Parser Microsoft Corporation 29.06.2011 1,47MB 4.30.2100.0 unbekannt MSXML 4.0 SP3 Parser (KB973685) Microsoft Corporation 14.07.2011 1,53MB 4.30.2107.0 unbekannt NAVIGON Fresh 3.4.1 NAVIGON 15.05.2012 3.4.1 benötigt Nero BackItUp 10 Nero AG 18.03.2011 109MB 5.6.11500.16.100 benötigt Nero BurnRights 10 Nero AG 18.03.2011 6,14MB 4.2.10500.1.102 benötigt Nero Express 10 Nero AG 18.03.2011 165MB 10.2.12000.21.100 benötigt Nero InfoTool 10 Nero AG 18.03.2011 8,06MB 7.2.10400.5.100 benötigt Nero MediaHub 10 Nero AG 18.03.2011 179MB 1.2.13300.36.100 benötigt Nero Multimedia Suite 10 Essentials Nero AG 18.03.2011 767MB 10.5.14800 benötigt Nero RescueAgent 10 Nero AG 18.03.2011 6,53MB 3.2.10800.9.100 benötigt Nero StartSmart 10 Nero AG 18.03.2011 143MB 10.2.11600.14.100 benötigt Nero Update Nero AG 18.03.2011 1,42MB 1.0.10300.25.0 benötigt Norton Internet Security Symantec Corporation 17.10.2012 20.3.1.22 benötigt NVIDIA 3D Vision Controller Driver 267.21 NVIDIA Corporation 04.04.2011 267.21 benötigt NVIDIA Graphics Driver 267.21 NVIDIA Corporation 04.04.2011 267.21 benötigt NVIDIA PhysX System Software 9.10.0514 NVIDIA Corporation 04.04.2011 9.10.0514 benötigt Pando Media Booster Pando Networks Inc. 14.03.2012 5,46MB 2.6.0.6 unbekannt Photo Service - powered by myphotobook myphotobook GmbH 18.03.2011 1.2.0-545 nicht benötig Pinnacle Instant DVD Recorder 18.03.2013 2.00.088 benötigt Pinnacle Video Treiber Pinnacle Systems 20.03.2013 2,73MB 12.1.0.029 benötigt PixiePack Codec Pack None 08.08.2011 17,2MB 1.1.1200.0 benötigt PlayMemories Home Sony Corporation 14.12.2012 7.0.00.11271 benötigt PlayReady PC Runtime amd64 Microsoft Corporation 18.03.2011 2,05MB 1.3.0 benötigt PMB-Aktualisierungsprogramm Sony Corporation 29.06.2011 131MB 5.6.01.03300 benötigt Presto! PageManager 9.00.11 SE Newsoft Technology Corporation 14.03.2012 9.00.11 benötigt proDAD Heroglyph 2.5 18.03.2013 unbekannt proDAD Vitascene 1.0 18.03.2013 unbekannt QuickTime Apple Inc. 14.12.2012 73,1MB 7.73.80.64 benötigt Radio.fx Tobit.Software 08.03.2013 benötigt Radiotracker RapidSolution Software AG 08.08.2011 249MB 6.2.13700.0 benötigt RealPlayer RealNetworks 08.04.2013 91,7MB 16.0.0 benötigt Realtek Ethernet Controller Driver Realtek 04.04.2011 7.38.113.2011benötigt Realtek High Definition Audio Driver Realtek Semiconductor Corp. 04.04.2011 6.0.1.6323 benötigt Renesas Electronics USB 3.0 Host Controller Driver Renesas Electronics Corporation 04.04.2011 276KB 2.0.34.0 unbekannt Roxio Express Labeler 3 Roxio 18.03.2013 19,6MB 3.2.1 benötigt ScoreFitter Volume 1 Pinnacle Systems 18.03.2013 2,41MB 1.00.0000 benötigt ScoreFitter Volume 2 Pinnacle Systems 18.03.2013 2,72MB 1.00.0000 benötigt ShotOnline GamesCampus 15.03.2012 1.0 benötigt Skype Toolbars Skype Technologies S.A. 04.03.2012 5,84MB 5.3.7555 nicht nötig Skype™ 5.10 Skype Technologies S.A. 06.09.2012 19,4MB 5.10.116 benötigt Spotify Spotify AB 14.12.2012 0.8.5.1333.g822e0de8 benötigt StarMoney 7.0 Star Finanz GmbH 04.05.2011 7.0 benötigt Studio 11 Pinnacle Systems 18.03.2013 11.0 benötigt Studio 11 Bonus DVD Pinnacle Systems 18.03.2013 11.0.0.0 benötigt SUPER © v2011.build.48 (April 23, 2011) Version v2011.build.48 eRightSoft 12.06.2011 39,4MB v2011.build.48 benötigt Synaptics Pointing Device Driver Synaptics Incorporated 05.04.2011 46,4MB 15.2.11.1 unbekannt TeamViewer 7 TeamViewer 27.04.2012 7.0.12979 benötigt TOSHIBA Assist TOSHIBA CORPORATION 18.03.2011 4.02.02 benötigt TOSHIBA Bulletin Board TOSHIBA Corporation 05.04.2011 2.0.16.64 benötigt TOSHIBA ConfigFree TOSHIBA CORPORATION 04.04.2011 90,7MB 8.0.37 benötigt TOSHIBA Disc Creator TOSHIBA Corporation 04.04.2011 19,1MB 2.1.0.6 for x64 benötigt TOSHIBA eco Utility TOSHIBA Corporation 04.04.2011 12,4MB 1.2.24.64 benötigt TOSHIBA Face Recognition TOSHIBA Corporation 05.04.2011 3.1.9.64 benötigt TOSHIBA Flash Cards Support Utility TOSHIBA CORPORATION 04.04.2011 52,0KB 1.63.0.12C benötigt TOSHIBA Hardware Setup TOSHIBA CORPORATION 04.04.2011 12,3MB 1.63.1.34C benötigt TOSHIBA HDD Protection TOSHIBA Corporation 04.04.2011 13,9MB 2.2.1.13 benötigt TOSHIBA HDD/SSD Alert TOSHIBA Corporation 04.04.2011 55,0MB 3.1.64.7 benötigt Toshiba Manuals TOSHIBA 04.04.2011 10.02 benötigt TOSHIBA Media Controller TOSHIBA CORPORATION 04.04.2011 1.0.86.2 benötigt TOSHIBA Media Controller Plug-in TOSHIBA CORPORATION 04.04.2011 4,89MB 1.0.6.1 benötigt TOSHIBA Online Product Information TOSHIBA 18.03.2011 4.00.0008 benötigt TOSHIBA PC Health Monitor TOSHIBA Corporation 04.04.2011 28,8MB 1.7.4.64 benötigt TOSHIBA Recovery Media Creator TOSHIBA CORPORATION 04.04.2011 2.1.3.5109 benötigt TOSHIBA Recovery Media Creator Reminder TOSHIBA 04.04.2011 460KB 1.00.0019 benötigt TOSHIBA ReelTime TOSHIBA Corporation 05.04.2011 1.7.17.64 benötigt TOSHIBA Remote Control Manager TOSHIBA CORPORATION 04.04.2011 3.0.6.1 benötigt TOSHIBA Resolution+ Plug-in for Windows Media Player TOSHIBA Corporation 04.04.2011 1.1.0 benötigt TOSHIBA Service Station TOSHIBA 20.10.2011 2.2.9 benötigt TOSHIBA Sleep Utility TOSHIBA Corporation 04.04.2011 1.4.2.7 benötigt TOSHIBA Supervisor Password TOSHIBA CORPORATION 04.04.2011 2,12MB 1.63.51.2C benötigt TOSHIBA TEMPRO Toshiba Europe GmbH 18.03.2011 11,3MB 3.35 benötigt TOSHIBA Value Added Package TOSHIBA Corporation 04.04.2011 182MB 1.5.4.64 benötigt TOSHIBA VIDEO PLAYER TOSHIBA Corporation 04.04.2011 4.00.6.08-A benötigt TOSHIBA Web Camera Application TOSHIBA Corporation 04.04.2011 64,9MB 2.0.0.19 benötigt TOSHIBA Wireless LAN Indicator TOSHIBA CORPORATION 04.04.2011 5,08MB 1.0.2 benötigt ... ich glaube das ich alle TOSHIBA Programme brauche? da Sie auf meinem Laptop vorinstalliert waren Update Manager for SweetPacks 1.1 SweetIM Technologies Ltd. 14.10.2012 2,76MB 1.1.0008 unnötig WildTangent Games WildTangent 18.03.2011 1.0.2.5 unbekannt Winamp Nullsoft, Inc 16.12.2012 5.63 benötigt Winamp Erkennungs-Plug-in Nullsoft, Inc 16.12.2012 75,0KB 1.0.0.1 benötigt Windows Live Essentials Microsoft Corporation 15.04.2012 15.4.3555.0308 benötigt Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen Microsoft Corporation 18.03.2011 5,57MB 15.4.5722.2 unbekannt Windows Live Mesh ActiveX Control for Remote Connections Microsoft Corporation 18.03.2011 5,57MB 15.4.5722.2 unbekannt Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 18.03.2011 5,57MB 15.4.5722.2 unbekannt WinPcap 4.1.2 CACE Technologies 03.04.2012 4.1.0.2001 unbekannt WinRAR 4.11 (32-Bit) win.rar GmbH 16.05.2012 4.11.0 benötigt |
|
04.07.2013, 14:20
| #20 |
| /// Malware-holic | wssetup.exe immer wieder beim hochfahren bdeinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. Sicherheit (erweitert) Erweiterte Sicherheit anhaken und alle Dateien auswählen. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Amazon Mozilla Webbrowser Firefox auf Deutsch | Schneller, sicherer und anpassbar upgrade instalieren. deinstaliere: Photo Skype Toolbars Öffne CCleaner, analysieren, starten, PC neustarten. Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.07.2013, 18:35
| #21 |
| | wssetup.exe immer wieder beim hochfahren AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.304 - Datei am 04/07/2013 um 19:29:38 erstellt
# Aktualisiert am 03/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Karin - KARIN-TOSH
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Karin\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\SweetIM
Ordner Gelöscht : C:\Program Files (x86)\Wondershare
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\SweetIM
Ordner Gelöscht : C:\Users\Karin\AppData\Local\APN
Ordner Gelöscht : C:\Users\Karin\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Ordner Gelöscht : C:\Users\Karin\AppData\LocalLow\Conduit
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Software
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16490
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v22.0 (de)
Datei : C:\Users\Karin\AppData\Roaming\Mozilla\Firefox\Profiles\dewwd9ls.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v27.0.1453.116
Datei : C:\Users\Karin\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [4125 octets] - [04/07/2013 19:29:38]
########## EOF - C:\AdwCleaner[S1].txt - [4185 octets] ##########
|
|
04.07.2013, 18:37
| #22 |
| /// Malware-holic | wssetup.exe immer wieder beim hochfahren Hi, HitmanPro - Download - Filepony Hitmanpro laden, doppelklicken, Scan klicken. Nichts löschen. Weiter klicken, Log speichern und posten, bzw als XML exportieren, packen und anhängen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.07.2013, 18:58
| #23 |
| | wssetup.exe immer wieder beim hochfahrenCode:
ATTFilter HitmanPro 3.7.6.201
www.hitmanpro.com
Computer name . . . . : KARIN-TOSH
Windows . . . . . . . : 6.1.1.7601.X64/8
User name . . . . . . : Karin-TOSH\Karin
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free
Scan date . . . . . . : 2013-07-04 19:42:54
Scan mode . . . . . . : Normal
Scan duration . . . . : 4m 23s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 0
Traces . . . . . . . : 54
Objects scanned . . . : 1.820.950
Files scanned . . . . : 47.480
Remnants scanned . . : 609.881 files / 1.163.589 keys
Suspicious files ____________________________________________________________
C:\windows\SysWOW64\GameMon.des
Size . . . . . . . : 3.993.576 bytes
Age . . . . . . . : 477.1 days (2012-03-14 16:40:58)
Entropy . . . . . : 7.9
SHA-256 . . . . . : D4CB77C01EFAF89E10349876210B82E3C8B9AAD162B79E97834C69461A0CAC4A
Product . . . . . : nProtect Game Monitor
Publisher . . . . : INCA Internet Co., Ltd.
Description . . . : nProtect Game Monitor Rev 1798
Version . . . . . : 2011.10.18.1
Copyright . . . . : Copyright ⓒ 2000-2007 INCA Internet
RSA Key Size . . . : 2048
Service . . . . . : npggsvc
Authenticode . . . : Valid
Fuzzy . . . . . . : 25.0
The file name extension of this program is not common.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Starts automatically as a service during system bootup.
Program is code signed with a valid Authenticode certificate.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\npggsvc\
Cookies _____________________________________________________________________
C:\Users\Karin\AppData\Roaming\Microsoft\Windows\Cookies\LFZTTLWN.txt
C:\Users\Karin\AppData\Roaming\Microsoft\Windows\Cookies\NK0ZHQ9X.txt
|
|
04.07.2013, 19:00
| #24 |
| /// Malware-holic | wssetup.exe immer wieder beim hochfahren ok, da mal ein frisches otl log.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.07.2013, 08:08
| #25 |
| | wssetup.exe immer wieder beim hochfahren OTL Logfile: Code:
ATTFilter OTL logfile created on: 7/5/2013 8:48:14 AM - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Karin\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.91 Gb Total Physical Memory | 1.68 Gb Available Physical Memory | 42.93% Memory free 7.82 Gb Paging File | 5.29 Gb Available in Paging File | 67.71% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 449.09 Gb Total Space | 297.12 Gb Free Space | 66.16% Space Free | Partition Type: NTFS Drive D: | 465.76 Gb Total Space | 405.58 Gb Free Space | 87.08% Space Free | Partition Type: NTFS Drive Y: | 1863.51 Gb Total Space | 1688.09 Gb Free Space | 90.59% Space Free | Partition Type: NTFS Computer Name: KARIN-TOSH | User Name: Karin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Users\Karin\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe () PRC - C:\Users\Karin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) PRC - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics) PRC - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe () PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) PRC - C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe (Tobit.Software) PRC - C:\Users\Karin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) PRC - C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Sony Corporation) PRC - C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation) PRC - C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\AllShareFrameworkDMS.exe (Samsung) PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) PRC - C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe () PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - c:\Program Files (x86)\Common Files\Ulead Systems\UDSS\UDSS.exe () PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe (TOSHIBA Corporation) PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMSpeed.exe (NewSoft Technology Corporation) PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\maxdome\DCBin\DCService.exe (Entriq, Inc.) PRC - C:\Windows\SysWOW64\cjpcsc.exe (REINER SCT) PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe (SEIKO EPSON CORPORATION) ========== Modules (No Company Name) ========== MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1f0bb5336d1706c9b8ad2330f3642760\PresentationFramework.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9b2940478ec555990b37af5448b8f509\PresentationCore.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\93a17ba6cb6753328f25466bc0bf1cb1\System.Core.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a1949f57d2ec260e09768e98fecb0559\WindowsBase.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ddc3e8c2774eaec614d6775983652980\System.Configuration.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Tobit Radio.fx\Client\TOBITCLT.dll () MOD - C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-client$.ger () MOD - C:\Users\Karin\AppData\Roaming\Dropbox\bin\libcef.dll () MOD - C:\Users\Karin\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll () MOD - C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\wincfi39.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMSave.dll () MOD - C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMINSO.dll () MOD - C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\ScanModule.dll () MOD - C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMScnSet.dll () MOD - C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMTree.dll () MOD - C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMView.dll () MOD - C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMISM.dll () MOD - C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMAnoSet.dll () MOD - C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMSet.dll () MOD - C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMAppBar.dll () MOD - C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\NetFun2k.dll () MOD - C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMCommon.dll () MOD - C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\SlideBarDLL.dll () MOD - C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMPageVW.dll () MOD - C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMDocVW.dll () MOD - C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMImgVW.dll () MOD - C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMStatus.dll () MOD - C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMDB_N.dll () MOD - C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMANO.dll () MOD - C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\FT.dll () MOD - C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMPDFView.dll () MOD - C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PerformOcr.dll () MOD - C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMApSet.dll () MOD - C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\OutlookVBA.dll () MOD - C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMProp.dll () MOD - C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\nsSign.dll () MOD - C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PHooKDlg.dll () MOD - C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMIEVW.dll () MOD - C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMImageSplitter.dll () MOD - C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMVoice.dll () MOD - C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\Qem.dll () MOD - C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\NsOEMKey.dll () MOD - C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\Import.dll () MOD - C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\ComClass.dll () ========== Services (SafeList) ========== SRV:64bit: - (AllShare Framework DMS) -- C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\AllShareFrameworkManagerDMS.exe (Samsung) SRV:64bit: - (Thpsrv) -- C:\Windows\SysNative\ThpSrv.exe (TOSHIBA Corporation) SRV:64bit: - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation) SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation) SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) SRV:64bit: - (IISADMIN) -- C:\Windows\SysNative\inetsrv\inetinfo.exe (Microsoft Corporation) SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation) SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (EPSON_EB_RPCV4_04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (SEIKO EPSON CORPORATION) SRV:64bit: - (EPSON_PM_RPCV4_04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (SEIKO EPSON CORPORATION) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Radio.fx) -- C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe () SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe (Symantec Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe () SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Sony Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (BotkindSyncService) -- C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe () SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.) SRV - (StarMoney 7.0 OnlineUpdate) -- C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (UDSS) -- c:\Program Files (x86)\Common Files\Ulead Systems\UDSS\UDSS.exe () SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation) SRV - (TemproMonitoringService) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation) SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.) SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.) SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (Prosieben) -- C:\Program Files (x86)\maxdome\DCBin\DCService.exe (Entriq, Inc.) SRV - (cjpcsc) -- C:\Windows\SysWOW64\cjpcsc.exe (REINER SCT) SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (EpsonBidirectionalService) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe (SEIKO EPSON CORPORATION) SRV - (PCLEPCI) -- C:\Windows\SysWOW64\drivers\Pclepci.sys (Pinnacle Systems GmbH) ========== Driver Services (SafeList) ========== DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(DEVGURU :: DEVGURU? ????? ?????.)) DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(DEVGURU :: DEVGURU? ????? ?????.)) DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symefa64.sys (Symantec Corporation) DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symds64.sys (Symantec Corporation) DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtsp64.sys (Symantec Corporation) DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symnets.sys (Symantec Corporation) DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1404000.028\ccsetx64.sys (Symantec Corporation) DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1404000.028\ironx64.sys (Symantec Corporation) DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtspx64.sys (Symantec Corporation) DRV:64bit: - (avmaudio) -- C:\Windows\SysNative\drivers\avmaudio.sys (AVM Berlin) DRV:64bit: - (avmaura) -- C:\Windows\SysNative\drivers\avmaura.sys (AVM Berlin) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (HssDrv) -- C:\Windows\SysNative\drivers\HssDrv.sys (AnchorFree Inc.) DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (CeKbFilter) -- C:\Windows\SysNative\drivers\CeKbFilter.sys (Compal Electronics, INC.) DRV:64bit: - (teamviewervpn) -- C:\Windows\SysNative\drivers\teamviewervpn.sys (TeamViewer GmbH) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\drivers\tos_sps64.sys (TOSHIBA Corporation) DRV:64bit: - (tosrfbd) -- C:\Windows\SysNative\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation) DRV:64bit: - (Tosrfusb) -- C:\Windows\SysNative\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (Tosrfcom) -- C:\Windows\SysNative\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (tosrfbnp) -- C:\Windows\SysNative\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (Tosrfhid) -- C:\Windows\SysNative\drivers\Tosrfhid.sys (TOSHIBA Corporation.) DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.) DRV:64bit: - (tosrfec) -- C:\Windows\SysNative\drivers\tosrfec.sys (TOSHIBA Corporation) DRV:64bit: - (TosRfSnd) -- C:\Windows\SysNative\drivers\TosRfSnd.sys (TOSHIBA Corporation) DRV:64bit: - (LPCFilter) -- C:\Windows\SysNative\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.) DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.) DRV:64bit: - (tosrfnds) -- C:\Windows\SysNative\drivers\tosrfnds.sys (TOSHIBA Corporation.) DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (Thpevm) -- C:\Windows\SysNative\drivers\Thpevm.sys (TOSHIBA Corporation) DRV:64bit: - (Thpdrv) -- C:\Windows\SysNative\drivers\thpdrv.sys (TOSHIBA Corporation) DRV:64bit: - (enecir) -- C:\Windows\SysNative\drivers\enecir.sys (ENE TECHNOLOGY INC.) DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation) DRV:64bit: - (tosporte) -- C:\Windows\SysNative\drivers\tosporte.sys (TOSHIBA Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (enecirhid) -- C:\Windows\SysNative\drivers\enecirhid.sys (ENE TECHNOLOGY INC.) DRV:64bit: - (enecirhidma) -- C:\Windows\SysNative\drivers\enecirhidma.sys (ENE TECHNOLOGY INC.) DRV:64bit: - (emAudio) -- C:\Windows\SysNative\drivers\emAudio64.sys (eMPIA Technology, Inc.) DRV:64bit: - (DCamUSBEMPIA) -- C:\Windows\SysNative\drivers\emDevice64.sys (eMPIA Technology, Inc.) DRV:64bit: - (FiltUSBEMPIA) -- C:\Windows\SysNative\drivers\emFilter64.sys (eMPIA Technology, Inc.) DRV:64bit: - (ScanUSBEMPIA) -- C:\Windows\SysNative\drivers\emScan64.sys (eMPIA Technology, Inc.) DRV:64bit: - (cjusb) -- C:\Windows\SysNative\drivers\cjusb.sys (REINER SCT) DRV:64bit: - (regi) -- C:\Windows\SysNative\drivers\regi.sys (InterVideo) DRV:64bit: - (MarvinBus) -- C:\Windows\SysNative\drivers\MarvinBus64.sys (Pinnacle Systems GmbH) DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130702.001\BHDrvx64.sys (Symantec Corporation) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130704.002\ex64.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130704.002\eng64.sys (Symantec Corporation) DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130703.001\IDSviA64.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{4AD0580B-9754-4E57-A7A5-10D6034B6780}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{9A0FFD8F-1C8F-4DD2-B965-1490DC266F09}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://my.ebay.de/ws/eBayISAPI.dll?MyEbayBeta&&CurrentPage=MyeBayNextSelling&ssPageName=STRK%3AME%3ALNLK%3AMESEX&guest=1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BC EF E5 FD E2 F3 CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {26AEE131-A4F6-4D1B-AA7F-9F4761C78219} IE - HKCU\..\SearchScopes\{21AEC0A0-5FE1-489B-8BC3-B0F6173DEF5E}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms} IE - HKCU\..\SearchScopes\{26AEE131-A4F6-4D1B-AA7F-9F4761C78219}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz= IE - HKCU\..\SearchScopes\{65BA338C-C6AA-4B72-84A6-39E2CEF79936}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=FF&o=14594&src=kw&q={searchTerms}&locale=&apn_ptnrs=FV&apn_dtid=YYYYYYYYDE&apn_uid=5ECA3DD9-87F9-48BA-B59E-43552F099FAE&apn_sauid=450765A7-1853-43C3-B72B-9CDBF327C5C2 IE - HKCU\..\SearchScopes\{71AE751D-A42F-4865-B9C1-A262F753CD5B}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2 IE - HKCU\..\SearchScopes\{EAC515AF-4689-4EF2-B51A-23E680ADAB96}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\ [2013/07/05 08:43:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/06/20 10:50:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\ [2012/10/17 16:00:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/06/20 10:50:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/07/04 18:38:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/07/04 18:27:42 | 000,000,000 | ---D | M] [2013/07/04 18:44:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karin\AppData\Roaming\mozilla\Extensions [2013/07/04 18:42:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012/08/25 11:28:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2012/09/01 09:53:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012/10/24 10:43:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013/07/04 18:42:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013/07/04 18:42:34 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013/06/20 10:49:33 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2012/06/28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: Google CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: RealDownloader = C:\Users\Karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_0\ CHR - Extension: Norton Identity Protection = C:\Users\Karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.3.3.19_0\ CHR - Extension: RealDownloader = C:\Users\Karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_0\ CHR - Extension: Norton Identity Protection = C:\Users\Karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.3.3.19_0\ O1 HOSTS File: ([2013/06/15 11:13:26 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (no name) - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - No CLSID value found. O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe (NewSoft Technology Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.) O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKLM..\Run: [PMSpeed] C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMSpeed.EXE (NewSoft Technology Corporation) O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA) O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TRCMan] C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKCU..\Run: [EPSON BX525WD Series] C:\windows\system32\spool\DRIVERS\x64\3\E_IATIGAU.EXE /FU "C:\Users\Karin\AppData\Local\Temp\E_SE2C4.tmp" /EF "HKCU" File not found O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics) O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O4 - HKCU..\Run: [rfxsrvtray] C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe (Tobit.Software) O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Karin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKCU..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA) O4 - Startup: C:\Users\Karin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Karin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O8:64bit: - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>) O8 - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>) O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>) O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>) O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.repeater ([]* in Local intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.) O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA) O16 - DPF: {45830FF9-D9E6-4F41-86ED-B266933D8E90} hxxp://nordost.mine.nu:8080/RtspVaPgDec.cab (RtspVaPgCtrlNew Class) O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (Reg Error: Key error.) O16 - DPF: {85C86CCC-2158-4123-9C7D-785190CED875} https://lernboerse.arbeitsagentur.de/exklusiv/ilias/data/balihob/lm_data/httppath/dpLaunchPlugin.cab (dp Launcher Plugin) O16 - DPF: {B4CB8358-ABDB-47EE-BC2D-437B5DEBABCB} hxxp://nordost.mine.nu:1024/AxViewer/AxMediaControl.cab (AxMediaControl Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6E4EC60-AD22-44DD-BF97-5EB0FC2D85A9}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013/03/18 16:13:04 | 000,000,107 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\windows\system32\ieudinit.exe ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{193E3B0D-2BA7-44D7-BEF1-DC8545885B0F} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\windows\System32\rundll32.exe" "C:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - C:\Program Files (x86)\PixiePack Codec Pack\InstallerHelper.exe ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\windows\SysWOW64\rundll32.exe" "C:\windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^maxdome Download Manager.lnk - C:\PROGRA~2\maxdome\DCBin\DCTRAY~1.EXE - () MsConfig:64bit - StartUpReg: AllShare Play - hkey= - key= - C:\Program Files\Samsung\AllShare Play\utils\AllShare Play Launcher.exe (Samsung Electronics) MsConfig:64bit - StartUpReg: ApplePhotoStreams - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) MsConfig:64bit - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) MsConfig:64bit - StartUpReg: AVMUSBFernanschluss - hkey= - key= - C:\Users\Karin\AppData\Local\Apps\2.0\O7QMQOJB.OJ4\HW7P25BT.Q5Y\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe (AVM Berlin) MsConfig:64bit - StartUpReg: com.apple.dav.bookmarks.daemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.) MsConfig:64bit - StartUpReg: EPSON BX525WD Series - hkey= - key= - C:\windows\SysNative\spool\DRIVERS\x64\3\E_IATIGAU.EXE (SEIKO EPSON CORPORATION) MsConfig:64bit - StartUpReg: Epson Stylus Office BX525WD(Netzwerk) - hkey= - key= - C:\windows\SysNative\spool\DRIVERS\x64\3\E_IATIGAU.EXE (SEIKO EPSON CORPORATION) MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig:64bit - StartUpReg: Launcher - hkey= - key= - File not found MsConfig:64bit - StartUpReg: MobileDocuments - hkey= - key= - File not found MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: NBAgent - hkey= - key= - C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG) MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) MsConfig:64bit - StartUpReg: Scan Buttons - hkey= - key= - C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMSB.EXE (NewSoft Technology Corporation) MsConfig:64bit - StartUpReg: SweetIM - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Sweetpacks Communicator - hkey= - key= - File not found MsConfig:64bit - State: "startup" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013/07/05 08:44:32 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Local\{75CD63B5-73D1-4918-911D-A87403BBC82E} [2013/07/04 20:01:25 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2013/07/04 19:42:25 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2013/07/04 18:44:42 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Roaming\Mozilla [2013/07/04 18:42:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013/07/04 18:42:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2013/07/04 18:27:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2013/07/04 18:24:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Google [2013/07/04 08:40:38 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Local\{5C6E1F06-71CC-4CB2-925E-FA2CD34EB142} [2013/07/03 08:47:44 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Local\{941B14D7-C609-4585-A914-AD23992A9ED9} [2013/07/02 09:14:27 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Local\{0F95850B-1407-4BEE-9993-50305E7B941D} [2013/07/01 10:11:15 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Local\{CE53E804-E080-4419-A056-1E028924F2F3} [2013/06/30 11:05:17 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Local\{05859069-139F-4EC8-A2E8-2CC262128071} [2013/06/29 09:48:52 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Local\{C532EAE3-F32D-4284-87D3-0B5E9C02E293} [2013/06/28 09:53:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013/06/28 09:52:48 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013/06/28 09:52:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013/06/28 09:52:48 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013/06/28 09:52:48 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013/06/28 09:48:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2013/06/28 09:47:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2013/06/28 09:23:19 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Local\{23937DA5-D63C-4434-8D52-FB66C2DDA421} [2013/06/27 18:38:50 | 000,000,000 | ---D | C] -- C:\hausalarm [2013/06/27 10:35:51 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Local\{3AF17AEA-D586-4198-A5C5-03EC8880B12A} [2013/06/26 10:04:36 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Local\{177E0375-4641-4A38-94ED-F61316D85159} [2013/06/26 10:03:24 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump [2013/06/25 16:04:19 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log [2013/06/25 16:04:15 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Local\Samsung [2013/06/25 16:04:12 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Roaming\Samsung [2013/06/25 16:04:01 | 000,000,000 | ---D | C] -- C:\Users\Karin\Documents\samsung [2013/06/25 16:02:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec [2013/06/25 16:02:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyFree Codec [2013/06/25 16:00:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung [2013/06/25 16:00:11 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\windows\SysWow64\Redemption.dll [2013/06/25 15:59:56 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\windows\SysWow64\dgderapi.dll [2013/06/25 15:59:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung [2013/06/25 15:59:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung [2013/06/25 15:55:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013/06/25 15:23:30 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Local\{2B7A3672-13E6-4CDD-96AB-AD5D0F857E8D} [2013/06/22 11:05:45 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Local\{1FB8176E-2F99-467A-AC76-4F577931009C} [2013/06/21 12:14:10 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Local\{DA6AFF3B-6D05-426B-A1E4-9E69CFDF5E6A} [2013/06/20 18:56:56 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\ghsw.info Inventarverwaltung [2013/06/20 18:54:09 | 000,665,600 | ---- | C] (Developer Express Inc.) -- C:\windows\SysWow64\dXDBGrid.dll [2013/06/20 18:54:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ghsw.info Inventarverwaltung [2013/06/20 18:54:08 | 000,315,392 | ---- | C] (Developer Express Inc.) -- C:\windows\SysWow64\dXDBInsp.dll [2013/06/20 18:54:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ghsw.info [2013/06/20 10:54:06 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Local\{67963758-68CC-4C88-9043-E1A6569F8C69} [2013/06/20 10:51:01 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Roaming\RealNetworks [2013/06/20 10:50:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealNetworks [2013/06/20 10:50:15 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks [2013/06/19 09:42:49 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Local\{6C4F43BA-2217-475A-94F6-8DA4D3B15EEA} [2013/06/18 10:33:39 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Local\{BDEAA8B6-AED6-4A97-AB2F-3B3718A5D929} [2013/06/18 10:31:58 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/06/17 17:31:11 | 000,000,000 | --SD | C] -- C:\ComboFix [2013/06/17 10:20:53 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Local\{9D1E3AE6-9153-47F2-848B-E0CBAEA7F01C} [2013/06/16 11:32:09 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Local\{12043B84-A0B7-4222-8BBE-6D31109047E1} [2013/06/15 14:43:11 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Roaming\Malwarebytes [2013/06/15 14:42:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/06/15 14:42:40 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Local\Programs [2013/06/15 11:53:30 | 000,000,000 | ---D | C] -- C:\windows\temp [2013/06/15 10:52:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe [2013/06/15 10:52:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe [2013/06/15 10:52:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe [2013/06/15 10:49:42 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/06/15 10:49:18 | 000,000,000 | ---D | C] -- C:\windows\erdnt [2013/06/15 10:48:07 | 005,080,197 | R--- | C] (Swearware) -- C:\Users\Karin\Desktop\ComboFix.exe [2013/06/15 10:10:36 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Local\{91A3759C-5342-4666-ABDD-BF04B5EFAA39} [2013/06/14 15:46:26 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Karin\Desktop\tdsskiller.exe [2013/06/14 10:54:24 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Local\{5440AB24-257B-4FF5-9517-DDFADBCDFAAF} [2013/06/13 11:03:43 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Local\{17FEF04E-DD6E-4928-A8D1-EBD59C7B1379} [2013/06/12 09:25:11 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Local\{DB86F1F6-3A2E-4057-AF30-1DB78599636A} [2013/06/11 09:38:30 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Local\{42498916-61E7-470B-A39B-A7B8CF6FD13B} [2013/06/10 09:22:24 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Local\{9F3FB80B-5BB6-494E-A18C-792DA81B0CF6} [2013/06/09 09:29:36 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Local\{4AF8A8B4-0F49-4082-986F-C191623BE1F8} [2013/06/08 10:03:56 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Local\{055EC857-4E0A-494E-A99E-789BF7A1EFE2} [2013/06/07 10:14:55 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Local\{B082FE97-9295-49B8-8476-7FE9F05E5E09} [2013/06/06 10:24:51 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Local\{91179D9D-3C66-4F5B-9474-B448C9AA99A4} [2013/06/05 10:03:07 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Local\{0DA0D880-0586-4AC4-B1C6-DCB97CB669CD} [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/07/05 08:49:44 | 000,024,912 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/07/05 08:49:44 | 000,024,912 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/07/05 08:41:55 | 000,001,104 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2013/07/05 08:40:44 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013/07/05 08:40:31 | 3147,841,536 | -HS- | M] () -- C:\hiberfil.sys [2013/07/04 20:04:41 | 000,001,108 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2013/07/04 19:57:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013/07/04 18:53:59 | 000,033,608 | ---- | M] () -- C:\Users\Karin\Documents\cc_20130704_185344.reg [2013/07/04 18:49:57 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013/07/04 18:42:36 | 000,001,197 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013/07/04 18:27:43 | 000,002,065 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013/07/04 15:48:45 | 001,789,270 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013/07/04 15:48:45 | 000,767,236 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2013/07/04 15:48:45 | 000,710,390 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013/07/04 15:48:45 | 000,173,108 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2013/07/04 15:48:45 | 000,141,062 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013/07/04 13:37:50 | 000,003,024 | ---- | M] () -- C:\{86557DC6-6171-4E88-8979-9E5BBBC510B5} [2013/07/04 12:31:30 | 000,407,736 | ---- | M] () -- C:\Users\Karin\Documents\Erbschein Hilde.pdf [2013/06/28 09:53:24 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013/06/28 09:48:01 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2013/06/26 09:22:05 | 001,977,796 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\Cat.DB [2013/06/25 16:03:50 | 000,002,042 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk [2013/06/20 18:54:09 | 000,001,328 | ---- | M] () -- C:\Users\Public\Desktop\ghsw.info Inventarverwaltung.lnk [2013/06/20 16:06:18 | 000,002,229 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013/06/20 10:50:20 | 000,001,046 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk [2013/06/20 10:49:29 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\windows\SysWow64\pncrt.dll [2013/06/20 09:58:56 | 000,014,818 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\VT20130115.021 [2013/06/19 10:02:54 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS [2013/06/19 10:02:54 | 000,007,631 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT [2013/06/19 10:02:54 | 000,000,854 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF [2013/06/18 10:53:36 | 000,002,168 | ---- | M] () -- C:\{14BB334E-F1B0-4FCA-911E-786B352C7247} [2013/06/16 18:42:49 | 000,005,660 | ---- | M] () -- C:\Users\Karin\Documents\cc_20130616_184245.reg [2013/06/16 16:08:05 | 000,581,952 | ---- | M] () -- C:\Users\Karin\Documents\Brückenfahrt 23062013.asp.PDF [2013/06/15 11:13:26 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts [2013/06/15 10:48:18 | 005,080,197 | R--- | M] (Swearware) -- C:\Users\Karin\Desktop\ComboFix.exe [2013/06/14 15:46:27 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Karin\Desktop\tdsskiller.exe [2013/06/14 14:01:12 | 000,047,170 | ---- | M] () -- C:\Users\Karin\Documents\cc_20130614_140104.reg [2013/06/06 16:15:50 | 000,001,063 | ---- | M] () -- C:\Users\Karin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013/06/06 16:15:42 | 000,001,031 | ---- | M] () -- C:\Users\Karin\Desktop\Dropbox.lnk [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/07/04 18:53:46 | 000,033,608 | ---- | C] () -- C:\Users\Karin\Documents\cc_20130704_185344.reg [2013/07/04 18:42:36 | 000,001,209 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013/07/04 18:42:36 | 000,001,197 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013/07/04 18:27:43 | 000,002,065 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013/07/04 18:27:42 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013/07/04 18:24:30 | 000,000,884 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013/07/04 13:37:50 | 000,003,024 | ---- | C] () -- C:\{86557DC6-6171-4E88-8979-9E5BBBC510B5} [2013/07/04 12:31:30 | 000,407,736 | ---- | C] () -- C:\Users\Karin\Documents\Erbschein Hilde.pdf [2013/06/28 09:53:24 | 000,001,829 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013/06/28 09:48:01 | 000,001,891 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2013/06/25 16:03:50 | 000,002,042 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk [2013/06/20 18:54:09 | 000,001,328 | ---- | C] () -- C:\Users\Public\Desktop\ghsw.info Inventarverwaltung.lnk [2013/06/20 10:50:20 | 000,001,046 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk [2013/06/18 10:53:35 | 000,002,168 | ---- | C] () -- C:\{14BB334E-F1B0-4FCA-911E-786B352C7247} [2013/06/16 18:42:47 | 000,005,660 | ---- | C] () -- C:\Users\Karin\Documents\cc_20130616_184245.reg [2013/06/16 16:08:05 | 000,581,952 | ---- | C] () -- C:\Users\Karin\Documents\Brückenfahrt 23062013.asp.PDF [2013/06/16 12:13:08 | 000,001,467 | ---- | C] () -- C:\Users\Karin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2013/06/15 10:52:38 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe [2013/06/15 10:52:38 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe [2013/06/15 10:52:38 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe [2013/06/15 10:52:38 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe [2013/06/15 10:52:38 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe [2013/06/14 14:01:06 | 000,047,170 | ---- | C] () -- C:\Users\Karin\Documents\cc_20130614_140104.reg [2013/05/22 20:43:52 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe [2013/05/22 20:43:48 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll [2013/05/22 20:43:48 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll [2013/05/22 20:43:48 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll [2013/05/22 20:43:48 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll [2013/03/18 17:01:55 | 000,000,017 | ---- | C] () -- C:\windows\MovingPicture.ini [2013/03/18 16:13:04 | 000,196,096 | ---- | C] () -- C:\windows\SysWow64\macd32.dll [2013/03/18 16:13:04 | 000,138,752 | ---- | C] () -- C:\windows\SysWow64\mase32.dll [2013/03/18 16:13:04 | 000,136,192 | ---- | C] () -- C:\windows\SysWow64\mamc32.dll [2013/03/18 16:13:04 | 000,057,856 | ---- | C] () -- C:\windows\SysWow64\masd32.dll [2013/03/18 16:13:04 | 000,027,648 | ---- | C] () -- C:\windows\SysWow64\ma32.dll [2012/10/05 18:27:16 | 000,704,000 | ---- | C] () -- C:\windows\SysWow64\ContentDirectoryPresenter.dll [2012/08/21 12:26:16 | 000,046,592 | ---- | C] () -- C:\windows\SysWow64\boost_thread-vc90-mt-1_47.dll [2012/08/21 12:26:04 | 000,038,912 | ---- | C] () -- C:\windows\SysWow64\boost_date_time-vc90-mt-1_47.dll [2012/08/21 12:25:52 | 000,704,000 | ---- | C] () -- C:\windows\SysWow64\boost_regex-vc90-mt-1_47.dll [2012/08/21 12:25:52 | 000,227,840 | ---- | C] () -- C:\windows\SysWow64\boost_serialization-vc90-mt-1_47.dll [2012/08/21 12:25:50 | 000,012,800 | ---- | C] () -- C:\windows\SysWow64\boost_system-vc90-mt-1_47.dll [2012/08/21 12:25:48 | 000,130,048 | ---- | C] () -- C:\windows\SysWow64\boost_filesystem-vc90-mt-1_47.dll [2012/08/18 10:48:04 | 000,175,616 | ---- | C] () -- C:\windows\SysWow64\unrar.dll [2012/08/14 12:42:22 | 000,025,600 | ---- | C] () -- C:\windows\SysWow64\MediaDB.dll [2012/04/03 13:07:21 | 000,000,046 | ---- | C] () -- C:\windows\SysWow64\DonationCoder_urlsnooper_InstallInfo.dat [2011/10/19 18:20:08 | 000,001,890 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2011/10/14 10:43:02 | 000,006,148 | -H-- | C] () -- C:\Users\Karin\.DS_Store [2011/07/17 12:20:00 | 002,681,344 | ---- | C] () -- C:\windows\SysWow64\dvmsg.dll [2011/05/05 11:40:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013/07/05 08:43:06 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\.oit [2012/12/06 14:48:52 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\ABUS Security-Center GmbH & Co. KG [2011/06/09 13:10:25 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\ATT Connect [2012/05/23 13:33:31 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Awesomium [2012/04/03 13:07:21 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\DonationCoder [2013/07/05 08:43:59 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Dropbox [2012/12/09 14:23:02 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Epson [2012/03/16 10:48:41 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Foxit Software [2011/06/20 10:56:21 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\FRITZ! [2011/06/20 18:12:52 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\FRITZ!fax für FRITZ!Box [2012/09/13 11:39:21 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\ImgBurn [2012/05/04 19:29:00 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\NewSoft [2013/03/18 17:01:32 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\proDAD [2013/06/25 16:04:12 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Samsung [2013/06/20 19:48:59 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\SoftGrid Client [2013/01/30 13:35:45 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Spotify [2012/03/24 16:20:39 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Sync App Settings [2012/04/27 18:28:55 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\TeamViewer [2013/03/08 16:59:52 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Tobit [2012/03/21 17:56:51 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Toshiba [2011/05/03 21:16:39 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\TOSHIBA Online Product Information [2012/03/28 16:35:02 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\TP [2012/08/07 17:44:20 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Ulead Systems [2011/05/03 20:23:51 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\WinBatch [2011/05/05 10:52:40 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Windows Live Writer [2012/07/29 16:16:10 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\{90140011-0066-0407-0000-0000000FF1CE} ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2013/06/18 10:31:58 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2012/11/30 10:50:57 | 000,000,000 | ---D | M] -- C:\AllShare Play [2011/03/19 06:37:38 | 000,000,000 | ---D | M] -- C:\Boot [2013/06/17 17:31:15 | 000,000,000 | --SD | M] -- C:\ComboFix [2013/07/04 18:59:21 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2009/07/14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2012/10/14 11:17:09 | 000,000,000 | ---D | M] -- C:\GalaxyF [2011/08/23 12:28:44 | 000,000,000 | ---D | M] -- C:\Hauppauge [2013/06/27 18:38:50 | 000,000,000 | ---D | M] -- C:\hausalarm [2011/10/20 10:43:05 | 000,000,000 | ---D | M] -- C:\inetpub [2012/10/15 12:29:08 | 000,000,000 | ---D | M] -- C:\KarinNavigon [2012/05/15 12:47:46 | 000,000,000 | ---D | M] -- C:\MAGIX [2011/06/10 09:17:33 | 000,000,000 | RH-D | M] -- C:\MSOCache [2012/02/19 18:04:26 | 000,000,000 | ---D | M] -- C:\Norton Identity Safe-Daten [2013/07/04 18:37:48 | 000,000,000 | R--D | M] -- C:\Program Files [2013/07/04 19:29:50 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2013/07/04 20:01:25 | 000,000,000 | ---D | M] -- C:\ProgramData [2012/06/09 14:52:18 | 000,000,000 | ---D | M] -- C:\Programme [2013/06/17 17:31:12 | 000,000,000 | ---D | M] -- C:\Qoobox [2013/07/05 08:51:30 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012/04/16 17:10:29 | 000,000,000 | ---D | M] -- C:\Toshiba [2012/08/18 10:47:05 | 000,000,000 | ---D | M] -- C:\Upload [2012/08/27 15:09:34 | 000,000,000 | R--D | M] -- C:\Users [2013/07/04 18:59:41 | 000,000,000 | ---D | M] -- C:\Windows [2011/08/23 12:49:25 | 000,000,000 | ---D | M] -- C:\WinTV7 < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009/07/14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009/07/14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009/07/14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009/07/14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010/11/21 05:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009/07/14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\windows\Tasks\SA.DAT [2009/07/14 07:08:49 | 000,032,632 | ---- | C] () -- C:\windows\Tasks\SCHEDLGU.TXT [2011/08/18 13:04:36 | 000,001,104 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineCore.job [2011/08/18 13:04:36 | 000,001,108 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineUA.job [2013/07/04 18:24:30 | 000,000,884 | ---- | C] () -- C:\windows\Tasks\Adobe Flash Player Updater.job < MD5 for: AGP440.SYS > [2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\drivers\AGP440.sys [2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys [2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys [2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\erdnt\cache86\cngaudit.dll [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\erdnt\cache64\cngaudit.dll [2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\windows\SysNative\cngaudit.dll [2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe [2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011/02/26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010/11/21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010/11/21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe < MD5 for: IASTOR.SYS > [2011/01/13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\windows\SysNative\drivers\iaStor.sys [2011/01/13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_a36325196df56f7d\iaStor.sys < MD5 for: IASTORV.SYS > [2010/11/21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010/11/21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011/03/11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\drivers\iaStorV.sys [2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010/11/21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\erdnt\cache64\netlogon.dll [2010/11/21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\windows\SysNative\netlogon.dll [2010/11/21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010/11/21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\erdnt\cache86\netlogon.dll [2010/11/21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010/11/21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011/03/11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\drivers\nvstor.sys [2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010/11/21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010/11/21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010/11/21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\erdnt\cache86\scecli.dll [2010/11/21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010/11/21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010/11/21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\erdnt\cache64\scecli.dll [2010/11/21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\windows\SysNative\scecli.dll [2010/11/21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010/11/21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\erdnt\cache86\user32.dll [2010/11/21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010/11/21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010/11/21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\erdnt\cache64\user32.dll [2010/11/21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\windows\SysNative\user32.dll [2010/11/21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe [2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe [2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe [2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe [2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe [2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\windows\SysNative\drivers\ws2ifsl.sys [2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > [2009/07/14 03:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\windows\system32\FirewallAPI.dll < %USERPROFILE%\*.* > [2011/12/23 12:04:10 | 000,006,148 | -H-- | M] () -- C:\Users\Karin\.DS_Store [2013/07/05 08:51:31 | 007,864,320 | -HS- | M] () -- C:\Users\Karin\NTUSER.DAT [2013/07/05 08:51:31 | 000,262,144 | -HS- | M] () -- C:\Users\Karin\ntuser.dat.LOG1 [2011/05/03 20:15:59 | 000,000,000 | -HS- | M] () -- C:\Users\Karin\ntuser.dat.LOG2 [2011/05/03 20:26:11 | 000,065,536 | -HS- | M] () -- C:\Users\Karin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2011/05/03 20:26:11 | 000,524,288 | -HS- | M] () -- C:\Users\Karin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2011/05/03 20:26:11 | 000,524,288 | -HS- | M] () -- C:\Users\Karin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2011/05/03 20:15:59 | 000,000,020 | -HS- | M] () -- C:\Users\Karin\ntuser.ini [2012/03/19 11:09:38 | 000,000,000 | ---- | M] () -- C:\Users\Karin\Sti_Trace.log < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > ========== Alternate Data Streams ========== @Alternate Data Stream - 60 bytes -> C:\Users\Karin\.DS_Store:AFP_AfpInfo < End of report > |
|
05.07.2013, 14:29
| #26 |
| /// Malware-holic | wssetup.exe immer wieder beim hochfahren Hi, otl fix Fixen mit OTL
Code:
ATTFilter :OTL
IE - HKCU\..\SearchScopes\{65BA338C-C6AA-4B72-84A6-39E2CEF79936}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=FF&o=14594&src=kw&q={searchTerms}&locale=&apn_ptnrs=FV&apn_dtid=YYYYYYYYDE&apn_uid=5ECA3DD9-87F9-48BA-B59E-43552F099FAE&apn_sauid=450765A7-1853-43C3-B72B-9CDBF327C5C2
O2:64bit: - BHO: (no name) - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKCU..\Run: [EPSON BX525WD Series] C:\windows\system32\spool\DRIVERS\x64\3\E_IATIGAU.EXE /FU "C:\Users\Karin\AppData\Local\Temp\E_SE2C4.tmp" /EF "HKCU"
File not found
:files
:Commands
[emptytemp]
bitte teste, ob es im Firefox, internet explorer, und sonstigen evtl. instalierte Browser, irgendwelche ungewollten toolbars, umleitungen oder sonstigen Probleme gibt. Teste wie pc und programme allgemein laufen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.07.2013, 17:08
| #27 |
| | wssetup.exe immer wieder beim hochfahren All processes killed ========== OTL ========== Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{65BA338C-C6AA-4B72-84A6-39E2CEF79936}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65BA338C-C6AA-4B72-84A6-39E2CEF79936}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\EPSON BX525WD Series deleted successfully. File C:\windows\system32\spool\DRIVERS\x64\3\E_IATIGAU.EXE /FU "C:\Users\Karin\AppData\Local\Temp\E_SE2C4.tmp" /EF "HKCU" not found. ========== FILES ========== ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Classic .NET AppPool ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56504 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: DefaultAppPool ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56504 bytes User: Karin ->Temp folder emptied: 24858853 bytes ->Temporary Internet Files folder emptied: 103915771 bytes ->Java cache emptied: 15291379 bytes ->FireFox cache emptied: 872309 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 832 bytes User: Public ->Temp folder emptied: 0 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56504 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 26909 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42304945 bytes RecycleBin emptied: 22305592 bytes Total Files Cleaned = 200.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 07052013_174818 Files\Folders moved on Reboot... C:\Users\Karin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... |
|
05.07.2013, 17:12
| #28 |
| /// Malware-holic | wssetup.exe immer wieder beim hochfahren ok dann noch mal testen, wie unter dem Script angegeben
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.07.2013, 18:16
| #29 |
| | wssetup.exe immer wieder beim hochfahren Sorry, wie meinst du das "testen, wie unter dem Script angegeben " mit Otl? |
|
05.07.2013, 18:20
| #30 |
| /// Malware-holic | wssetup.exe immer wieder beim hochfahren hi, lies mal meine letzte Anleitung bit zum ende, unter dem OTL fix steht ja noch was
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu wssetup.exe immer wieder beim hochfahren |
| fenster, hochfahren, hoffe, immer wieder, network, perion network, perion network ltd., wssetup.exe, wssetup.exe perion network ltd. |
Textbox. 
Linear-Darstellung
