the SystemLook
SystemLook 30.07.11 by jpshortstuff
Log created at 18:52 on 07/10/2012 by Media
Administrator - Elevation successful
========== filefind ==========
Searching for "*dra64.exe*"
No files found.
Searching for "audio.dll"
No files found.
Searching for "sysproc86.sys"
No files found.
Searching for "local.ds"
No files found.
Searching for "ntos.exe"
No files found.
Searching for "oembios.exe"
No files found.
Searching for "twext.exe"
No files found.
Searching for "sdra64.exe"
No files found.
Searching for "pdfupd.exe"
No files found.
Searching for "video.dll"
No files found.
Searching for "sysproc32.sys"
No files found.
Searching for "user.ds"
No files found.
Searching for "idx.exe"
No files found.
========== folderfind ==========
Searching for "*lowsec*"
No folders found.
========== Regfind ==========
Searching for "sdra64"
No data found.
-= EOF =-
the OLT logs:
OTL logfile created on: 07.10.2012 18:58:49 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Media\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,87 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 55,47% Memory free
5,94 Gb Paging File | 4,57 Gb Available in Paging File | 76,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 150,66 Gb Total Space | 75,46 Gb Free Space | 50,09% Space Free | Partition Type: NTFS
Drive E: | 145,97 Gb Total Space | 141,58 Gb Free Space | 97,00% Space Free | Partition Type: NTFS
Computer Name: MEDIA-PC | User Name: Media | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2012.10.07 18:57:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Media\Desktop\OTL.exe
PRC - [2012.10.03 08:02:55 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.10.03 08:02:26 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.10.03 08:02:25 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.10.03 08:02:19 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.10.03 08:02:18 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.10.02 15:02:10 | 004,463,864 | ---- | M] (Emsisoft GmbH) -- C:\Programme\Online Armor\oasrv.exe
PRC - [2012.10.02 15:02:10 | 002,415,104 | ---- | M] (Emsisoft GmbH) -- C:\Programme\Online Armor\oaui.exe
PRC - [2012.10.02 15:02:06 | 001,248,144 | ---- | M] (Emsisoft GmbH) -- C:\Programme\Online Armor\oahlp.exe
PRC - [2012.10.02 15:02:04 | 000,216,072 | ---- | M] (Emsisoft GmbH) -- C:\Programme\Online Armor\oacat.exe
PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.06.20 13:18:08 | 001,568,976 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2011.01.31 13:16:40 | 000,703,360 | ---- | M] (Nokia) -- C:\Programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
PRC - [2010.12.08 15:31:06 | 000,628,736 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe
PRC - [2010.11.23 18:49:24 | 001,540,096 | ---- | M] (Nokia) -- C:\Programme\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2010.11.16 15:48:32 | 000,152,576 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2010.11.15 14:41:18 | 000,367,496 | ---- | M] () -- C:\Programme\Common Files\Nokia\NoA\nokiaaserver.exe
PRC - [2009.10.27 10:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.07.18 21:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008.04.24 19:35:46 | 000,073,728 | ---- | M] (Toshiba) -- C:\Programme\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
PRC - [2008.04.24 13:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2008.04.24 10:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) -- C:\Programme\Toshiba TEMPRO\TempoSVC.exe
PRC - [2008.04.17 10:08:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\WLan\cvpnd.exe
PRC - [2008.04.17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2008.04.11 11:57:14 | 000,124,264 | ---- | M] (TOSHIBA CORPORATION) -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2008.01.22 19:35:52 | 000,103,808 | ---- | M] () -- C:\Programme\Canon\IJPLM\ijplmsvc.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.17 17:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2007.12.03 18:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\SMARTLogService\TosIPCSrv.exe
PRC - [2007.11.21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007.02.12 10:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Programme\O2Micro Flash Memory Card Driver\o2flash.exe
PRC - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
========== Modules (No Company Name) ========== MOD - [2011.01.31 13:17:32 | 000,129,408 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\Plugins\nps.dll
MOD - [2011.01.31 13:15:08 | 002,551,808 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QtXmlPatterns4.dll
MOD - [2011.01.31 13:15:08 | 002,277,888 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QtCore4.dll
MOD - [2011.01.31 13:15:08 | 000,912,384 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QtNetwork4.dll
MOD - [2011.01.31 13:15:08 | 000,196,608 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\Imageformats\qjpeg4.dll
MOD - [2011.01.31 13:15:08 | 000,026,624 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\Imageformats\qgif4.dll
MOD - [2011.01.31 13:15:06 | 010,837,504 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QtWebKit4.dll
MOD - [2011.01.31 13:15:06 | 008,151,040 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QtGui4.dll
MOD - [2011.01.31 13:15:06 | 002,186,752 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QtDeclarative4.dll
MOD - [2011.01.31 13:15:06 | 001,283,584 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QtScript4.dll
MOD - [2011.01.31 13:15:06 | 000,675,840 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QtOpenGL4.dll
MOD - [2011.01.31 13:15:06 | 000,339,456 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QtXml4.dll
MOD - [2011.01.31 13:15:06 | 000,266,752 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\phonon4.dll
MOD - [2011.01.31 13:15:06 | 000,190,464 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QtSql4.dll
MOD - [2011.01.31 12:54:42 | 000,790,016 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\Maps Service API.dll
MOD - [2011.01.31 12:52:56 | 000,345,088 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\OviShareLib.dll
MOD - [2011.01.31 12:52:56 | 000,180,104 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\noaipcclient.dll
MOD - [2011.01.31 12:52:56 | 000,028,040 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\wrtserviceipcclient.dll
MOD - [2011.01.31 12:52:00 | 000,680,448 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\CommonUpdateChecker.dll
MOD - [2010.11.15 14:41:18 | 000,367,496 | ---- | M] () -- C:\Programme\Common Files\Nokia\NoA\nokiaaserver.exe
MOD - [2010.11.15 14:41:18 | 000,034,184 | ---- | M] () -- C:\Programme\Common Files\Nokia\NoA\wrtserviceipcserver.dll
MOD - [2010.11.15 10:13:00 | 000,016,384 | ---- | M] () -- C:\Programme\Common Files\Nokia\NoA\qtsecurestorage.dll
MOD - [2010.11.15 10:12:46 | 000,015,360 | ---- | M] () -- C:\Programme\Common Files\Nokia\NoA\cryptodll.dll
MOD - [2010.11.15 10:12:46 | 000,013,824 | ---- | M] () -- C:\Programme\Common Files\Nokia\NoA\qtsecurestorageserver.dll
MOD - [2010.09.23 18:34:40 | 008,151,040 | ---- | M] () -- C:\Programme\Common Files\Nokia\NoA\QtGui4.dll
MOD - [2010.09.23 18:25:08 | 000,912,384 | ---- | M] () -- C:\Programme\Common Files\Nokia\NoA\QtNetwork4.dll
MOD - [2010.09.23 18:24:02 | 000,339,456 | ---- | M] () -- C:\Programme\Common Files\Nokia\NoA\QtXml4.dll
MOD - [2010.09.23 18:23:50 | 002,277,888 | ---- | M] () -- C:\Programme\Common Files\Nokia\NoA\QtCore4.dll
MOD - [2005.07.20 11:48:10 | 000,059,904 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\zlib1.dll
========== Services (SafeList) ========== SRV - [2012.10.03 08:02:55 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.10.03 08:02:26 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.10.03 08:02:19 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.10.02 15:02:10 | 004,463,864 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Programme\Online Armor\oasrv.exe -- (SvcOnlineArmor)
SRV - [2012.10.02 15:02:04 | 000,216,072 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Programme\Online Armor\oacat.exe -- (OAcat)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2010.12.08 15:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.07.18 21:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008.04.24 19:35:46 | 000,073,728 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Programme\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008.04.24 10:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Programme\Toshiba TEMPRO\TempoSVC.exe -- (TempoMonitoringService)
SRV - [2008.04.17 10:08:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\WLan\cvpnd.exe -- (CVPND)
SRV - [2008.04.17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008.04.11 11:57:14 | 000,124,264 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2008.01.22 19:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Programme\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.17 17:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007.12.03 18:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\Toshiba\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007.11.21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007.02.12 10:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Programme\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)
SRV - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.10.03 08:03:16 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.10.03 08:03:16 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012.10.03 08:03:15 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.10.03 08:03:14 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.10.02 15:03:04 | 000,044,992 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\oahlp32.sys -- (oahlpXX)
DRV - [2012.10.02 15:02:34 | 000,031,768 | ---- | M] (Emsisoft) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OAnet.sys -- (OAnet)
DRV - [2012.10.02 15:02:34 | 000,027,648 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\Windows\System32\drivers\OAmon.sys -- (OAmon)
DRV - [2012.10.02 15:02:32 | 000,208,320 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\OADriver.sys -- (OADevice)
DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010.07.30 15:16:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010.07.30 15:16:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010.07.30 15:16:42 | 000,023,040 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010.07.30 15:16:38 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010.07.26 13:24:46 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2010.07.26 13:24:42 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.07.18 19:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008.06.20 06:37:06 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008.04.28 00:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008.04.17 10:07:52 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008.04.15 04:13:14 | 000,051,160 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2008.03.29 18:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008.03.04 19:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007.12.17 12:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007.11.09 15:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2007.10.17 01:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007.04.09 17:13:00 | 000,008,192 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\QIOMem.sys -- (QIOMem)
DRV - [2007.01.18 18:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.10.23 16:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006.10.18 11:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.google.com/ig/redirectdomain ... &bmod=TSEAIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com/ig/redirectdomain ... &bmod=TSEAIE - HKLM\..\SearchScopes,DefaultScope = {7D22A858-91B5-42B3-B7FF-CC25972FBA67}
IE - HKLM\..\SearchScopes\{7D22A858-91B5-42B3-B7FF-CC25972FBA67}: "URL" =
http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA;
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.google.com/ig/redirectdomain ... &bmod=TSEAIE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://search.avira.com/?l=dis&o=APN103 ... cale=de_DEIE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.google.com/ig/redirectdomain ... &bmod=TSEAIE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://search.avira.com/?l=dis&o=APN103 ... cale=de_DEIE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1691493883-1623390215-534660852-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.google.com/ig/redirectdomain ... bmod=TSEA;IE - HKU\S-1-5-21-1691493883-1623390215-534660852-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.de/webhp?rls=igIE - HKU\S-1-5-21-1691493883-1623390215-534660852-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1691493883-1623390215-534660852-1000\..\SearchScopes,DefaultScope = {7D22A858-91B5-42B3-B7FF-CC25972FBA67}
IE - HKU\S-1-5-21-1691493883-1623390215-534660852-1000\..\SearchScopes\{3D503B17-8D68-4366-8CD3-6029C956910F}: "URL" =
http://websearch.ask.com/custom/java/re ... src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000
IE - HKU\S-1-5-21-1691493883-1623390215-534660852-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" =
http://127.0.0.1:4664/search&s=U2Zzl1bF ... uma-wfc?q={searchTerms}
IE - HKU\S-1-5-21-1691493883-1623390215-534660852-1000\..\SearchScopes\{7D22A858-91B5-42B3-B7FF-CC25972FBA67}: "URL" =
http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA_deDE340
IE - HKU\S-1-5-21-1691493883-1623390215-534660852-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011.03.20 18:48:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.03.20 18:48:55 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-1691493883-1623390215-534660852-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Online Armor\oaui.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1691493883-1623390215-534660852-1000..\Run: [] File not found
O4 - HKU\S-1-5-21-1691493883-1623390215-534660852-1000..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
O4 - HKU\S-1-5-21-1691493883-1623390215-534660852-1000..\Run: [TOSCDSPD] C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\S-1-5-21-1691493883-1623390215-534660852-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} -
http://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} -
http://www.amazon.de/exec/obidos/redire ... &site=home File not found
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1691493883-1623390215-534660852-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1691493883-1623390215-534660852-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848}
http://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C6D8DDC-9E94-44D5-9CAF-F6A0A5B02728}: NameServer = 192.168.0.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Media\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Media\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Programme\Online Armor\oaevent.dll (Emsisoft GmbH)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{c49f0a52-8689-11de-b896-0022fa13efe6}\Shell\AutoRun\command - "" = D:\winlog.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ========== [2012.10.07 18:57:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Media\Desktop\OTL.exe
[2012.10.07 18:47:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
[2012.10.07 18:46:41 | 000,477,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012.10.07 18:46:41 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.10.07 18:46:41 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.10.07 18:46:41 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.10.07 09:22:04 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Roaming\OnlineArmor
[2012.10.07 09:22:04 | 000,000,000 | ---D | C] -- C:\ProgramData\OnlineArmor
[2012.10.07 09:20:32 | 000,031,768 | ---- | C] (Emsisoft) -- C:\Windows\System32\drivers\OAnet.sys
[2012.10.07 09:20:32 | 000,027,648 | ---- | C] (Emsisoft) -- C:\Windows\System32\drivers\OAmon.sys
[2012.10.07 09:20:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Armor
[2012.10.07 09:20:25 | 000,000,000 | ---D | C] -- C:\Program Files\Online Armor
[2012.10.07 09:15:20 | 030,185,256 | ---- | C] (Emsisoft GmbH ) -- C:\Users\Media\Desktop\OnlineArmorSetup_6.0.exe
[2012.10.07 09:07:23 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Media\Desktop\dds.scr
[2012.10.06 16:23:07 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Roaming\Malwarebytes
[2012.10.06 16:22:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.06 16:22:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.06 16:22:54 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.10.06 16:22:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.10.06 15:56:50 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Media\Desktop\mbam-setup-1.65.0.1400.exe
[2012.10.04 09:20:03 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Roaming\dvdcss
[2012.10.03 08:17:59 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Roaming\Avira
[2012.10.03 08:13:27 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\AskToolbar
[2012.10.03 08:12:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.10.03 08:11:48 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2012.10.03 08:11:06 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.10.03 08:11:01 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.10.03 08:11:01 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.10.03 08:10:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.10.03 08:10:48 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.10.01 16:26:38 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Media\Desktop\*.tmp files -> C:\Users\Media\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2012.10.07 19:00:04 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.07 18:57:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Media\Desktop\OTL.exe
[2012.10.07 18:51:23 | 000,139,264 | ---- | M] () -- C:\Users\Media\Desktop\SystemLook.exe
[2012.10.07 18:46:18 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.10.07 18:46:17 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012.10.07 18:46:17 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012.10.07 18:46:17 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.10.07 18:46:17 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.10.07 18:41:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.07 18:13:50 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.07 18:13:50 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.07 18:13:50 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.07 18:13:50 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.07 18:09:59 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.07 18:07:50 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.07 18:07:49 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.07 18:07:36 | 3079,528,448 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.07 09:15:20 | 030,185,256 | ---- | M] (Emsisoft GmbH ) -- C:\Users\Media\Desktop\OnlineArmorSetup_6.0.exe
[2012.10.07 08:53:52 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Media\Desktop\dds.scr
[2012.10.06 16:22:56 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.10.06 15:57:36 | 000,001,895 | ---- | M] () -- C:\Users\Media\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2012.10.06 15:57:36 | 000,001,824 | ---- | M] () -- C:\Users\Media\Desktop\Avira DE-Cleaner.lnk
[2012.10.06 15:56:50 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Media\Desktop\mbam-setup-1.65.0.1400.exe
[2012.10.06 15:55:34 | 000,883,840 | ---- | M] () -- C:\Users\Media\Desktop\Avira-DE-Cleaner.exe
[2012.10.03 08:12:26 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.10.03 08:03:16 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.10.03 08:03:16 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.10.03 08:03:15 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.10.03 08:03:14 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.10.02 15:03:04 | 000,044,992 | ---- | M] () -- C:\Windows\System32\drivers\oahlp32.sys
[2012.10.02 15:02:34 | 000,031,768 | ---- | M] (Emsisoft) -- C:\Windows\System32\drivers\OAnet.sys
[2012.10.02 15:02:34 | 000,027,648 | ---- | M] (Emsisoft) -- C:\Windows\System32\drivers\OAmon.sys
[2012.10.02 15:02:32 | 000,208,320 | ---- | M] () -- C:\Windows\System32\drivers\OADriver.sys
[2012.10.02 10:04:50 | 000,351,227 | ---- | M] () -- C:\Users\Media\Desktop\Fides et Ratio, - Johannes Paul II_ - Enzyklika, 14_ September 1998.mht
[2012.10.02 09:59:38 | 000,002,637 | ---- | M] () -- C:\Users\Media\Desktop\Microsoft Office Word 2003.lnk
[2012.10.01 18:59:33 | 000,224,529 | ---- | M] () -- C:\Users\Media\Desktop\klausurthemen relipäd..pdf
[2012.10.01 17:01:25 | 000,463,231 | ---- | M] () -- C:\Users\Media\Desktop\Bayerische Kirchengeschichte lang.pdf
[2012.10.01 17:00:39 | 000,471,423 | ---- | M] () -- C:\Users\Media\Desktop\Relipäd zsfg. 2.pdf
[2012.10.01 17:00:20 | 000,340,208 | ---- | M] () -- C:\Users\Media\Desktop\Relipäd Zsfg..pdf
[2012.10.01 16:33:24 | 000,002,665 | ---- | M] () -- C:\Users\Media\Desktop\Microsoft Office Excel 2003.lnk
[2012.09.27 20:17:11 | 000,142,135 | ---- | M] () -- C:\Users\Media\Desktop\1348746783.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Media\Desktop\*.tmp files -> C:\Users\Media\Desktop\*.tmp -> ]
========== Files Created - No Company Name ========== [2012.10.07 18:51:22 | 000,139,264 | ---- | C] () -- C:\Users\Media\Desktop\SystemLook.exe
[2012.10.07 09:20:32 | 000,208,320 | ---- | C] () -- C:\Windows\System32\drivers\OADriver.sys
[2012.10.07 09:20:32 | 000,044,992 | ---- | C] () -- C:\Windows\System32\drivers\oahlp32.sys
[2012.10.06 16:22:56 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.10.06 15:57:36 | 000,001,895 | ---- | C] () -- C:\Users\Media\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2012.10.06 15:57:36 | 000,001,824 | ---- | C] () -- C:\Users\Media\Desktop\Avira DE-Cleaner.lnk
[2012.10.06 15:54:49 | 000,883,840 | ---- | C] () -- C:\Users\Media\Desktop\Avira-DE-Cleaner.exe
[2012.10.05 07:38:32 | 007,811,698 | ---- | C] () -- C:\Users\Media\Desktop\Stefan Dettl_Summer Of Love_001_Stefan Dettl_Summer Of Love - Album .mp3
[2012.10.03 08:12:26 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.10.02 10:04:49 | 000,351,227 | ---- | C] () -- C:\Users\Media\Desktop\Fides et Ratio, - Johannes Paul II_ - Enzyklika, 14_ September 1998.mht
[2012.10.01 18:59:33 | 000,224,529 | ---- | C] () -- C:\Users\Media\Desktop\klausurthemen relipäd..pdf
[2012.10.01 17:01:25 | 000,463,231 | ---- | C] () -- C:\Users\Media\Desktop\Bayerische Kirchengeschichte lang.pdf
[2012.10.01 17:00:38 | 000,471,423 | ---- | C] () -- C:\Users\Media\Desktop\Relipäd zsfg. 2.pdf
[2012.10.01 17:00:19 | 000,340,208 | ---- | C] () -- C:\Users\Media\Desktop\Relipäd Zsfg..pdf
[2012.09.27 20:17:57 | 000,142,135 | ---- | C] () -- C:\Users\Media\Desktop\1348746783.jpg
[2012.07.12 19:04:30 | 000,000,000 | -H-- | C] () -- C:\Users\Media\AppData\Local\mxfilerelatedcache.mxc2
[2012.07.12 19:04:28 | 000,000,000 | -H-- | C] () -- C:\Users\Media\mxfilerelatedcache.mxc2
[2012.01.15 22:01:45 | 000,000,721 | ---- | C] () -- C:\Users\Media\test.mp4
[2011.03.27 19:27:33 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.12.02 21:13:58 | 000,004,096 | -H-- | C] () -- C:\Users\Media\AppData\Local\keyfile3.drm
[2009.08.10 10:28:17 | 000,026,624 | ---- | C] () -- C:\Users\Media\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 17:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 06:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.21 04:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ========== [2009.05.06 16:07:15 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\myphotobook
[2009.02.28 15:47:18 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\TOSHIBA
[2009.03.14 17:24:47 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Ulead Systems
[2011.03.28 22:09:51 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Canon
[2012.10.03 18:42:46 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Eqegob
[2009.09.01 19:04:26 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\FreeLanguageTranslator
[2009.10.12 12:39:02 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\myphotobook
[2011.03.20 20:40:48 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Nokia
[2011.03.20 20:40:49 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Nokia Ovi Suite
[2012.10.07 09:22:16 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\OnlineArmor
[2011.03.20 19:55:03 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\PC Suite
[2009.08.10 21:03:16 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Toshiba
========== Purity Check ========== < End of report >
OTL Extras logfile created on: 07.10.2012 18:58:49 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Media\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,87 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 55,47% Memory free
5,94 Gb Paging File | 4,57 Gb Available in Paging File | 76,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 150,66 Gb Total Space | 75,46 Gb Free Space | 50,09% Space Free | Partition Type: NTFS
Drive E: | 145,97 Gb Total Space | 141,58 Gb Free Space | 97,00% Space Free | Partition Type: NTFS
Computer Name: MEDIA-PC | User Name: Media | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2A926382-5134-4114-874D-A93C54CD5C81}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2DABD9AB-AC1B-4BDD-8F80-5EBB04BCD0E9}" = rport=445 | protocol=6 | dir=out | app=system |
"{38280E72-BE36-49FD-91D5-C4EED2CABE92}" = rport=138 | protocol=17 | dir=out | app=system |
"{465626C3-9A08-48B3-B2F1-E9ECAEA5C90A}" = lport=137 | protocol=17 | dir=in | app=system |
"{92C6F00D-22A3-47DD-8651-329833A1F0DE}" = lport=445 | protocol=6 | dir=in | app=system |
"{A6E4D229-8754-4C66-8ED9-71AE814E70DA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B01F8C66-B3BA-4A1A-A6FC-9ABC681005A2}" = lport=139 | protocol=6 | dir=in | app=system |
"{BC607708-C56B-42A0-A9A5-9B6691EEF632}" = rport=137 | protocol=17 | dir=out | app=system |
"{D920001F-DB95-4F13-AD52-0377FA8BE78C}" = lport=138 | protocol=17 | dir=in | app=system |
"{E17DAF16-26B5-408E-B2A8-3538271D1181}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5DEAD84A-E41D-4D30-AE9A-7BAEA981D6F3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A6A729E9-F04F-4461-9CA1-5664CE2C9C8F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BC93768B-9F61-441A-B422-16B6438DAE8C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{FBEE115B-63E9-4517-BD3D-CDEFA25FDF49}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"TCP Query User{65530A34-0F0C-406F-B4A0-2DF43C0FC338}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"TCP Query User{7D958800-1781-4211-A945-1E53DF9B062A}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{9C67E032-51C5-47BC-86D1-FCDBBFF8A691}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{C9AC3B6A-DF49-4F99-9FD4-4F4B02628E1B}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{CF2B7EC1-D0EE-431A-91BF-7F69DFBCCAF6}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{E35D34CD-C964-4A8E-AB66-08570301D31D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{246E00EC-11A5-4691-A78E-E858BAF826ED}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{4B09AA55-1917-4FCB-BBC1-9745574BD5E4}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{598A5BB3-CB56-438B-B91C-533F532AA1EA}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{5E3E96A9-444C-4888-AB33-FAB0075EFD5A}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"UDP Query User{7DF50E1A-0BC1-421E-9A20-30211DD1147B}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{7FFA1642-AD10-47EA-A3D9-0307156FFFAE}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}" = Toshiba TEMPRO
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08600005-5228-4BF6-845E-E9A957AFDCB4}" = OviMPlatform
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2413" = CanoScan LiDE 100 Scanner Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{156E98D0-1AEC-4013-A41A-94A1A01BFD68}" = O2Micro Flash Memory Card Reader Driver (x86)
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C971EE3-B4C4-4367-9676-57549919C6CE}" = TOSHIBA Benutzerhandbücher
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
"{28191B83-1D60-44B6-9B08-E854EF6632D5}" = Ovi Desktop Sync Engine
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{32A3A4F4-B792-11D6-A78A-00B0D0160230}" = Java(TM) SE Development Kit 6 Update 23
"{3553E875-F00E-4031-BDEC-75FB1DFEB093}" = Nokia Ovi Suite Software Updater
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FC42713-B6E7-49AA-A553-A224FE9828A8}" = Nokia Ovi Suite
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{4422D20B-F530-4E65-8504-31396C9BC066}" = Google SketchUp 8
"{491DD193-1B57-4D1C-8B14-18B96992A89F}" = TOSHIBA Supervisor Password
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C271126-C295-4828-A901-5910AE0C258B}" = Cisco Systems VPN Client 5.0.03.0530
"{502F4580-8E1C-4A13-9F3E-C6F3F35563AF}" = FreeLanguageTranslator
"{52573F8D-F099-4CB5-9EDE-5C27ECB4A02B}" = TOSHIBA Hardware Setup
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A68575CE-050E-4E1F-A053-58BE8D9DE7AB}" = ArcSoft MediaImpression 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F81AB80B-5BB7-4E36-8BA5-E07541CE1BFC}" = HDMI Control Manager
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5051&SUBSYS_1179" = HDAUDIO Soft Data Fax Modem with SmartCP
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Google Desktop" = Google Desktop
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{491DD193-1B57-4D1C-8B14-18B96992A89F}" = TOSHIBA Supervisor Password
"InstallShield_{52573F8D-F099-4CB5-9EDE-5C27ECB4A02B}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"MAGIX Digital Foto Maker SE D" = MAGIX Digital Foto Maker SE 4.1.0.835 (D)
"MAGIX Foto Suite D" = MAGIX Foto Suite 1.12.0.89 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"myphotobook" = myphotobook 3.5
"Network Print Monitor" = Network Print Monitor for Windows 2000/XP/2003/Vista
"Nokia Ovi Suite" = Nokia Ovi Suite
"OnlineArmor_is1" = Online Armor 6.0
"Picasa2" = Picasa 2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.1.11
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1691493883-1623390215-534660852-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"GeoGebra WebStart" = GeoGebra WebStart
========== Last 20 Event Log Errors ========== [ Application Events ]
Error - 03.10.2012 12:46:12 | Computer Name = Media-PC | Source = WinMgmt | ID = 10
Description =
Error - 03.10.2012 12:47:00 | Computer Name = Media-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 03.10.2012 14:21:43 | Computer Name = Media-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.19088, Zeitstempel
0x4de07b1b, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x0075006f, Prozess-ID 0x15fc, Anwendungsstartzeit
01cda187e20891de.
Error - 03.10.2012 14:45:42 | Computer Name = Media-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 04.10.2012 02:11:31 | Computer Name = Media-PC | Source = WinMgmt | ID = 10
Description =
Error - 04.10.2012 02:12:08 | Computer Name = Media-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 04.10.2012 12:53:30 | Computer Name = Media-PC | Source = WinMgmt | ID = 10
Description =
Error - 04.10.2012 12:54:00 | Computer Name = Media-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 05.10.2012 01:18:16 | Computer Name = Media-PC | Source = WinMgmt | ID = 10
Description =
Error - 05.10.2012 01:18:52 | Computer Name = Media-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ System Events ]
Error - 28.04.2009 02:15:36 | Computer Name = Media-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.5 für die Netzwerkkarte mit der Netzwerkadresse
0022FA13EFE6 wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 29.04.2009 02:11:48 | Computer Name = Media-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 28.04.2009 um 17:24:33 unerwartet heruntergefahren.
Error - 29.04.2009 02:11:49 | Computer Name = Media-PC | Source = HTTP | ID = 15016
Description =
Error - 29.04.2009 02:11:52 | Computer Name = Media-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.5 für die Netzwerkkarte mit der Netzwerkadresse
0022FA13EFE6 wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 30.04.2009 02:35:36 | Computer Name = Media-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 29.04.2009 um 20:49:19 unerwartet heruntergefahren.
Error - 30.04.2009 02:35:37 | Computer Name = Media-PC | Source = HTTP | ID = 15016
Description =
Error - 30.04.2009 02:35:40 | Computer Name = Media-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.5 für die Netzwerkkarte mit der Netzwerkadresse
0022FA13EFE6 wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 02.05.2009 01:58:15 | Computer Name = Media-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 30.04.2009 um 18:26:33 unerwartet heruntergefahren.
Error - 02.05.2009 01:58:17 | Computer Name = Media-PC | Source = HTTP | ID = 15016
Description =
Error - 02.05.2009 01:58:19 | Computer Name = Media-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.5 für die Netzwerkkarte mit der Netzwerkadresse
0022FA13EFE6 wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
< End of report >