| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Virus aus RusslandWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
15.09.2011, 17:54
| #31 |
| /// Malwareteam   |  Virus aus Russland Noch Probleme? |
|
15.09.2011, 18:41
| #32 |
 | Virus aus Russland Also ich kann nichts feststellen, aber das heist warsch. nicht viel^^
__________________was heist eig. bei der logfile unable to clean? zwischendrin mal danke für die zeit die du dir nimmst für mich  |
|
16.09.2011, 12:47
| #33 |
| /// Malwareteam | Virus aus Russland Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
__________________
|
|
17.09.2011, 20:26
| #34 |
| | Virus aus Russland OTL:OTL Logfile: Code:
ATTFilter OTL logfile created on: 17.09.2011 21:13:17 - Run 4 OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Michael\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 5,96 Gb Total Physical Memory | 4,32 Gb Available Physical Memory | 72,41% Memory free 12,12 Gb Paging File | 10,14 Gb Available in Paging File | 83,60% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 186,31 Gb Total Space | 12,41 Gb Free Space | 6,66% Space Free | Partition Type: NTFS Drive E: | 184,84 Gb Total Space | 171,18 Gb Free Space | 92,61% Space Free | Partition Type: NTFS Computer Name: LT | User Name: Michael | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Michael\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10v_ActiveX.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe (DT Soft Ltd) PRC - C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe (McAfee, Inc.) PRC - C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) PRC - c:\PROGRA~2\mcafee.com\agent\mcagent.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\McAfee\MSK\MskSrver.exe (McAfee, Inc.) PRC - c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee, Inc.) PRC - c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\Toshiba\TOSHIBA Web Camera Application\TWebCameraSrv.exe (TOSHIBA) PRC - C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe (TOSHIBA Corporation.) PRC - C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files (x86)\Toshiba\TRCMan\TRCMan.exe (TOSHIBA Corporation) PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\RTCOM\RTCOMDLL.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation) SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV:64bit: - (Thpsrv) -- C:\Windows\SysNative\ThpSrv.exe (TOSHIBA Corporation) SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation) SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (McAfee SiteAdvisor Service) -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (NIHardwareService) -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH) SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (MpfService) -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe (McAfee, Inc.) SRV - (mcmscsvc) -- C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SRV - (MSK80Service) -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe (McAfee, Inc.) SRV - (McShield) -- C:\Programme\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.) SRV - (McSysmon) -- C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe (McAfee, Inc.) SRV - (McProxy) -- c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee, Inc.) SRV - (McNASvc) -- c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe (McAfee, Inc.) SRV - (camsvc) -- C:\Program Files (x86)\Toshiba\TOSHIBA Web Camera Application\TWebCameraSrv.exe (TOSHIBA) SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation) SRV - (TNaviSrv) -- C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.) SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (ConfigFree Gadget Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION) SRV - (GameConsoleService) -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (BBDemon) -- C:\Program Files (x86)\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe (Dassault Systemes) ========== Driver Services (SafeList) ========== DRV:64bit: - (Lbd) -- C:\Windows\SysNative\DRIVERS\Lbd.sys (Lavasoft AB) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\DRIVERS\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltjx64.sys (Nokia) DRV:64bit: - (upperdev) -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64.sys (Nokia) DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia) DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys (Duplex Secure Ltd.) DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation) DRV:64bit: - (MPFP) -- C:\Windows\SysNative\Drivers\Mpfp.sys (McAfee, Inc.) DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.) DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.) DRV:64bit: - (mfesmfk) -- C:\Windows\SysNative\drivers\mfesmfk.sys (McAfee, Inc.) DRV:64bit: - (mferkdk) -- C:\Windows\SysNative\drivers\mferkdk.sys (McAfee, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek ) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\DRIVERS\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (JMCR) -- C:\Windows\SysNative\DRIVERS\jmcr.sys (JMicron Technology Corporation) DRV:64bit: - (Thpdrv) -- C:\Windows\SysNative\DRIVERS\thpdrv.sys (TOSHIBA Corporation) DRV:64bit: - (TosRfSnd) -- C:\Windows\SysNative\drivers\tosrfsnd.sys (TOSHIBA Corporation) DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\DRIVERS\TVALZFL.sys (TOSHIBA Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (Tosrfusb) -- C:\Windows\SysNative\DRIVERS\tosrfusb.sys (TOSHIBA CORPORATION) DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\DRIVERS\pgeffect.sys (TOSHIBA Corporation) DRV:64bit: - (tosrfnds) -- C:\Windows\SysNative\DRIVERS\tosrfnds.sys (TOSHIBA Corporation.) DRV:64bit: - (Tosrfhid) -- C:\Windows\SysNative\DRIVERS\Tosrfhid.sys (TOSHIBA Corporation.) DRV:64bit: - (tosrfbnp) -- C:\Windows\SysNative\Drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV:64bit: - (Tosrfcom) -- C:\Windows\SysNative\Drivers\tosrfcom.sys (TOSHIBA Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys (Intel Corporation) DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys (TOSHIBA Corporation) DRV:64bit: - (enecir) -- C:\Windows\SysNative\DRIVERS\enecir.sys (ENE TECHNOLOGY INC.) DRV:64bit: - (NETw5v64) Intel(R) -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys (Intel Corporation) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (arcvad_ds2dhw) -- C:\Windows\SysNative\drivers\ArcVad.sys (ArcSoft, Inc.) DRV:64bit: - (tosrfbd) -- C:\Windows\SysNative\DRIVERS\tosrfbd.sys (TOSHIBA CORPORATION) DRV:64bit: - (ENTECH64) -- C:\Windows\SysNative\DRIVERS\ENTECH64.sys (EnTech Taiwan) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys (Nokia) DRV:64bit: - (mod7700) -- C:\Windows\SysNative\Drivers\dvb7700all.sys (DiBcom) DRV:64bit: - (enecirhid) -- C:\Windows\SysNative\DRIVERS\enecirhid.sys (ENE TECHNOLOGY INC.) DRV:64bit: - (enecirhidma) -- C:\Windows\SysNative\DRIVERS\enecirhidma.sys (ENE TECHNOLOGY INC.) DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\DRIVERS\ArcSoftKsUFilter.sys (ArcSoft, Inc.) DRV:64bit: - (tosporte) -- C:\Windows\SysNative\DRIVERS\tosporte.sys (TOSHIBA Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation) DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys (TOSHIBA Corporation.) DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation) DRV:64bit: - (Thpevm) -- C:\Windows\SysNative\DRIVERS\Thpevm.SYS (TOSHIBA Corporation) DRV:64bit: - (tosrfec) -- C:\Windows\SysNative\DRIVERS\tosrfec.sys (TOSHIBA Corporation) DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys (Agere Systems) DRV - (LPCFilter) -- C:\Windows\system32\DRIVERS\LPCFilter.sys (COMPAL ELECTRONIC INC.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ig IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.4 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files (x86)\Picasa2\npPicasa2.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011.03.24 20:18:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011.09.12 08:26:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.09.12 23:25:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.12 23:25:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.03.24 20:18:33 | 000,000,000 | ---D | M] [2009.09.15 13:48:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\mozilla\Extensions [2011.09.16 08:48:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\3v3a52fx.default\extensions [2009.09.15 13:50:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\3v3a52fx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.07.20 15:48:39 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\3v3a52fx.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2009.09.15 13:48:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.08.14 21:32:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.08.14 21:32:08 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.08.14 21:32:09 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.08.14 21:32:09 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.08.14 21:32:09 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.09.05 12:03:10 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\MSKAPB~1.DLL () O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\mskapbho.dll () O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~2\mcafee\VIRUSS~1\scriptsn.dll (McAfee, Inc.) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [HDMICtrlMan] C:\Programme\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.) O4:64bit: - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [ThpSrv] C:\Windows\SysNative\thpsrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [cfFncEnabler.exe] C:\Program Files (x86)\TOSHIBA\ConfigFree\cfFncEnabler.exe (Toshiba Corporation) O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NDSTray.exe] C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA) O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TRCMan] C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe (TOSHIBA Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.) O8 - Extra context menu item: Free YouTube Download - C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30CF765A-FD14-477F-B8CC-DCCE3264146C}: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75AA1371-8315-4730-955B-7135AE381425}: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F02BBD11-BCAB-4C99-A96B-03702D52DEB5}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Michael\Pictures\Autos\2008-Abt-Audi-R8-Section-1920x1440.jpg O24 - Desktop BackupWallPaper: C:\Users\Michael\Pictures\Autos\2008-Abt-Audi-R8-Section-1920x1440.jpg O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.09.12 23:05:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2011.09.05 12:07:41 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\temp [2011.09.05 12:03:15 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2011.09.05 11:06:08 | 004,194,092 | R--- | C] (Swearware) -- C:\Users\Michael\Desktop\ComboFix.exe [2011.09.03 17:10:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011.09.03 17:10:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011.09.03 17:10:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011.09.03 17:10:12 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.09.03 17:08:24 | 000,000,000 | ---D | C] -- C:\Qoobox [2011.09.02 11:41:07 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Malwarebytes [2011.09.02 11:40:59 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.09.02 11:40:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.09.02 11:40:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.09.02 11:40:54 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.09.02 11:40:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.09.02 11:31:36 | 000,000,000 | ---D | C] -- C:\_OTL [2011.09.02 09:43:50 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe [2011.09.02 09:31:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2011.09.02 07:25:55 | 000,000,000 | ---D | C] -- C:\ProcAlyzer Dumps [2011.09.01 09:07:32 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys [2011.09.01 09:03:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011.09.01 09:00:58 | 000,069,376 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys [2011.09.01 09:00:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft [2011.09.01 09:00:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft [2011.09.01 09:00:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2011.08.28 19:18:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Lufec [2011.08.28 11:30:47 | 000,000,000 | ---D | C] -- C:\Users\Michael\Documents\Native Instruments [2011.08.28 11:29:10 | 000,000,000 | -H-D | C] -- C:\ProgramData\{1D11E9B5-801D-4DE3-8A18-77AC160788F6} [2011.08.28 11:27:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Native Instruments [2011.08.28 11:27:42 | 000,000,000 | -H-D | C] -- C:\ProgramData\{DCC412E7-393B-4016-91FB-9307F059AFB6} [2011.08.28 11:27:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Native Instruments [2011.08.28 11:27:19 | 000,000,000 | -H-D | C] -- C:\ProgramData\{C78336EC-F2EB-4640-99A4-DFE96581B90B} [2011.08.28 11:27:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Native Instruments [2011.08.28 11:27:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments [2011.08.28 11:27:15 | 000,000,000 | ---D | C] -- C:\Program Files\Native Instruments [2011.08.23 14:07:42 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [1 C:\Users\Michael\AppData\Local\*.tmp files -> C:\Users\Michael\AppData\Local\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.09.17 21:13:44 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.09.17 21:13:44 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.09.17 17:28:53 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cc0f9c7af0cc20.job [2011.09.17 17:19:50 | 001,445,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.09.17 17:19:50 | 000,628,742 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.09.17 17:19:50 | 000,595,996 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.09.17 17:19:50 | 000,126,454 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.09.17 17:19:50 | 000,104,070 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.09.17 17:13:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.09.17 17:13:33 | 2110,648,319 | -HS- | M] () -- C:\hiberfil.sys [2011.09.17 09:57:21 | 000,042,335 | ---- | M] () -- C:\Windows\SysNative\Config.MPF [2011.09.15 15:08:36 | 000,208,571 | ---- | M] () -- C:\Users\Michael\Documents\ts3_clientui-win32-12815-2011-09-15 15_08_35.159355.dmp [2011.09.05 12:14:42 | 000,139,264 | ---- | M] () -- C:\Users\Michael\Desktop\SystemLook.exe [2011.09.05 12:03:10 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2011.09.05 11:06:20 | 004,194,092 | R--- | M] (Swearware) -- C:\Users\Michael\Desktop\ComboFix.exe [2011.09.02 17:39:26 | 000,302,592 | ---- | M] () -- C:\Users\Michael\Desktop\rkojfyxl.exe [2011.09.02 11:40:59 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.09.02 09:57:28 | 000,672,398 | ---- | M] () -- C:\Users\Michael\Neue Bitmap.bmp [2011.09.02 09:44:10 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe [2011.09.02 09:36:33 | 000,000,020 | ---- | M] () -- C:\Users\Michael\defogger_reenable [2011.09.02 09:36:16 | 000,050,477 | ---- | M] () -- C:\Users\Michael\Desktop\Defogger.exe [2011.09.02 09:31:42 | 000,001,773 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2011.09.01 09:07:31 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys [2011.09.01 09:07:28 | 000,016,432 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe [2011.09.01 09:01:00 | 000,000,972 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2011.08.28 11:29:06 | 000,000,914 | ---- | M] () -- C:\Users\Public\Desktop\Traktor 2.lnk [2011.08.28 11:27:41 | 000,001,006 | ---- | M] () -- C:\Users\Public\Desktop\Controller Editor.lnk [2011.08.28 11:27:18 | 000,000,971 | ---- | M] () -- C:\Users\Public\Desktop\Service Center.lnk [2011.08.23 14:07:42 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2011.08.20 19:05:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cc0f9c7bb5a2c0.job [1 C:\Users\Michael\AppData\Local\*.tmp files -> C:\Users\Michael\AppData\Local\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.09.15 15:08:35 | 000,208,571 | ---- | C] () -- C:\Users\Michael\Documents\ts3_clientui-win32-12815-2011-09-15 15_08_35.159355.dmp [2011.09.05 12:14:42 | 000,139,264 | ---- | C] () -- C:\Users\Michael\Desktop\SystemLook.exe [2011.09.03 17:10:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2011.09.03 17:10:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2011.09.03 17:10:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.09.03 17:10:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.09.03 17:10:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.09.02 17:39:24 | 000,302,592 | ---- | C] () -- C:\Users\Michael\Desktop\rkojfyxl.exe [2011.09.02 11:40:59 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.09.02 09:54:33 | 000,672,398 | ---- | C] () -- C:\Users\Michael\Neue Bitmap.bmp [2011.09.02 09:36:33 | 000,000,020 | ---- | C] () -- C:\Users\Michael\defogger_reenable [2011.09.02 09:36:11 | 000,050,477 | ---- | C] () -- C:\Users\Michael\Desktop\Defogger.exe [2011.09.02 09:30:36 | 000,001,773 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2011.09.01 10:00:11 | 000,016,432 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe [2011.09.01 09:01:00 | 000,000,972 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2011.08.28 11:29:06 | 000,000,914 | ---- | C] () -- C:\Users\Public\Desktop\Traktor 2.lnk [2011.08.28 11:27:41 | 000,001,006 | ---- | C] () -- C:\Users\Public\Desktop\Controller Editor.lnk [2011.08.28 11:27:18 | 000,000,971 | ---- | C] () -- C:\Users\Public\Desktop\Service Center.lnk [2010.09.20 20:17:14 | 000,000,680 | ---- | C] () -- C:\Users\Michael\AppData\Local\d3d9caps.dat [2010.06.10 10:58:26 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE [2010.04.29 00:10:41 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe [2010.04.12 18:10:48 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.04.07 15:58:09 | 000,088,872 | ---- | C] () -- C:\Windows\War3Unin.dat [2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2009.09.22 21:12:53 | 000,024,226 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\UserTile.png [2009.09.17 08:27:20 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll [2009.09.15 14:06:01 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009.09.15 14:05:30 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2009.09.15 14:04:53 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.09.15 13:48:25 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009.09.15 13:35:41 | 000,113,664 | ---- | C] () -- C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.09.05 11:33:25 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2009.09.05 11:09:15 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.06.05 09:12:14 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2008.09.02 02:32:38 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\SPCtl.dll [2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2006.11.02 17:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin < End of report > Xtras im nächsten |
|
17.09.2011, 20:29
| #35 |
| | Virus aus RusslandCode:
ATTFilter OTL Extras logfile created on: 17.09.2011 21:13:17 - Run 4
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Michael\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
5,96 Gb Total Physical Memory | 4,32 Gb Available Physical Memory | 72,41% Memory free
12,12 Gb Paging File | 10,14 Gb Available in Paging File | 83,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186,31 Gb Total Space | 12,41 Gb Free Space | 6,66% Space Free | Partition Type: NTFS
Drive E: | 184,84 Gb Total Space | 171,18 Gb Free Space | 92,61% Space Free | Partition Type: NTFS
Computer Name: LT | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = EF 26 75 6F 67 37 CA 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Disabled:Spybot-S&D 2 Scanner Service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Disabled:Spybot-S&D 2 Scanner Service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{30AB2E34-91D0-41DF-8D1E-8CF5E87EE8DB}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{33A76FF0-14E4-4322-BA14-370E441D3D96}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3AAAE572-7FE0-420E-8B3E-58659E775226}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3C49EAD0-4C6E-407F-B069-6A58E26F7A4E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{4458F6DF-0FF1-44E4-8713-0F38EAE0ACEB}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{6057A745-F9CA-49D2-8625-2CD580F6A29E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{62668B26-4373-40B5-A79E-A48EC5ED539C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{62AD9F53-FDF4-40A4-9159-F3CD1AD036D7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{651B1658-6C53-4CBE-A376-DF1133BE7717}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6566AC7D-6143-441B-913A-2E7EA646292D}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{7FCD7646-8E09-4FC1-8FFF-D895194C394E}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{82BB9AC6-CE18-4571-BF9C-5A4251334139}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{864D05E7-F827-4621-99C8-FA09676157E4}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{93100A1F-7064-4F01-B368-42B423EB2BF8}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{97723914-3108-4E8A-8CA7-50DAC84A322D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{98576A26-CE6D-4E38-B43B-25568EAECCCF}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A05CC2C1-B5E1-409D-8721-36E7793F4BD8}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A69DBB22-8F7D-4210-8AEC-957429844F27}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A76ABA2C-BD05-485F-8583-33CF30984C07}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{AB9287E3-18D9-4BB3-B609-915FBE9637CB}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{ABF403C1-7EA5-4736-A9A7-24A844854F04}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AE995937-20BA-4FA6-8232-700927921ABC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BDE3E1C1-2BAB-4FDB-9B5B-55F9B4789399}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D33EEB3C-7477-4608-9003-152D951835D7}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E2583D51-45ED-48F9-BC37-3D7AD68929CC}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{E430FFA2-B511-4CAE-875A-5D16D51287D5}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{EA91585D-28B9-4257-B320-200594C2DED1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EF1D5A6F-F2E8-4BDE-B702-AD3AD92AA8ED}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EF2FEE36-7756-4D7B-B8D2-C59AAF02622A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0451EA40-7B4F-4DB5-A530-24DB6EF0B8CE}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{04B96519-78DC-438E-B08D-4AE8297C4651}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{08930114-AF35-4F4C-8C28-75E8140AA840}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0AF90451-54AF-45C2-AB2C-C96F5D5935C3}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0C86433F-84AF-423B-8146-F04110321BE5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0EFAF15D-AFCB-4599-8AF2-80BFE1F8793A}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{11B49E0E-D522-4041-9792-01C0ED187693}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{157404BE-4ED6-4DB3-9FCA-2544CE7D4A8E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{17E5D8A6-1760-4779-9C9F-70C65CD30310}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1AA4408F-B31E-4203-80BE-60A15FFB7052}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{21CBF99B-3071-4B94-98D6-017FF63FE93C}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{2215B97D-E1F6-4791-A112-9F33E9C1E3BF}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2DEF13EA-959D-486A-80EE-5085B25044CA}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2DF73C05-8CC1-4BCD-8B93-DA8C69144C03}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2FBFBEE0-3383-49D7-A73C-F3B1E7D66D26}" = protocol=6 | dir=in | app=c:\program files\wolfram research\mathematica\7.0\mathematica.exe |
"{36B23B28-46B4-4228-8ABD-F2F9336BC5C2}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steam.exe |
"{4017ED81-B8C5-4678-9228-52D9EDED6B54}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\the_schnupfer\counter-strike source\hl2.exe |
"{42FA24EC-F4CC-45E5-AA81-8B1136525696}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{435BEB7F-8A45-4B73-8F53-A671338BD966}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{455046CF-7C11-4AAE-8547-45C4F6108E00}" = protocol=17 | dir=in | app=c:\program files\wolfram research\mathematica\7.0\math.exe |
"{48FCB578-CB89-40C3-92F0-8FE40CD1AC57}" = protocol=6 | dir=out | app=system |
"{4B311864-13C5-477B-804A-8D5D5DA1F07E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4C349FD0-6DEB-419D-9B9C-858C2456D775}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{50661327-74C8-4E3A-AFF4-C56CC3E6AA1D}" = protocol=6 | dir=in | app=c:\program files\wolfram research\mathematica\7.0\mathkernel.exe |
"{508E5D4B-E813-4C3B-B1FF-E451BB7497F1}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5355C14A-5EA6-4D8A-85DB-6E050F8185EB}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{559CB2A7-39D7-492B-9E5F-0E11345559CA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5C0C649D-9D55-4229-8255-7914AB75E540}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5F5C2138-4759-48A0-A877-2917C4A47097}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\the_schnupfer\counter-strike source\hl2.exe |
"{61DC6730-E595-422F-AE86-F4AB587BEF05}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6A99FB8E-63B0-47C9-B483-E642934EADCD}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6C665F3E-C5DA-430B-BFE5-1F314FBA177B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6FBD32BC-9555-44AB-81F9-7449F3EB2DCA}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{74F9C140-F18F-43FF-9F03-7F0F017D382F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7D631655-93BF-4A83-82DE-279B606BDA94}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7FC2ECF8-2EC4-4EE6-89B4-71903B16FBDA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{874F73F7-C41C-4C4C-ACDB-1CFDF5A25701}" = protocol=6 | dir=in | app=c:\program files\wolfram research\mathematica\7.0\math.exe |
"{9338697A-5D42-4957-B6F0-E274FF679DCC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9AF8BB94-381A-4703-A831-FCC4573F7010}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9C79126E-FFBA-4F25-BA87-93A799B78AF2}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9DC762DA-7550-4867-AB99-5220CF0BA2BA}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9E96BAD9-A0C5-4C66-A28F-4D527C61553C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A74F8D9C-0F97-446F-87CF-12ECD281E8E5}" = protocol=17 | dir=in | app=c:\program files\wolfram research\mathematica\7.0\mathematica.exe |
"{AF06F909-7C7C-47DC-9EB4-35C6799D84BB}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\the_schnupfer\counter-strike source\hl2.exe |
"{B4E17444-3CE5-49C3-A506-7E74EFD7B386}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B4F9AF19-9BDF-4637-8072-D3BAC7D47C40}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C40696AD-B2A1-4C27-A1A9-EEE290D83BF9}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C8E76A81-623C-4F48-905C-A1CEE83D5E62}" = protocol=17 | dir=in | app=c:\program files (x86)\ea\bulletstorm\binaries\win32\shippingpc-stormgame.exe |
"{CA317A38-1E89-4C74-A30B-7B20D13DF85C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{CB42EAA0-ECD0-4B8A-B621-AB72939323D8}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{CDDE8B17-B5AD-4797-9FA9-B45CA4AF3A01}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D2D1C873-5E12-41B6-9A23-9025766791E4}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D5D55C6B-FBD3-415A-B475-6DBEE0300CD3}" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\frozen throne.exe |
"{D6182BCD-96C2-48FF-9E4D-EF33648F744E}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\the_schnupfer\counter-strike source\hl2.exe |
"{DB021ABE-5DB7-49FE-B3AF-0220E60697F4}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{DD29AAE3-98F6-4B65-A720-D8BF1F40186D}" = protocol=6 | dir=in | app=c:\program files (x86)\ea\bulletstorm\binaries\win32\shippingpc-stormgame.exe |
"{DFB83343-386C-4C9B-AAC8-D7882F1FD4DF}" = protocol=17 | dir=in | app=c:\program files\wolfram research\mathematica\7.0\mathkernel.exe |
"{E1D1942C-B868-43DA-AAEE-98F8A45C8EAA}" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\frozen throne.exe |
"{E23D9257-73FB-4A05-A926-8E8BBEFD23C4}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E41E3A72-5F2C-48FF-86EE-E1312CC1F644}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E5C1D788-B5F7-4499-B030-F9E586963A2B}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steam.exe |
"{E61CC3FF-7584-4B12-ABC3-711B2F9145F6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E67B5E6C-1A41-437D-AA5F-7C2B318C8886}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F4AE1C9E-F5AE-48D7-8AC3-A3EBCA2F87B1}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F65FFE92-7198-44A6-9282-1ADDAA6B8C76}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FB3B3BA4-7035-442F-A325-44D7288947F3}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{FD420FB2-EF9A-41EA-A1DE-6F7B0BBC8271}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{FFD0A82D-C0E0-4FB8-8F39-54FC89318367}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"TCP Query User{0ACE4EEB-3F06-4224-B17B-BDB216570CD7}C:\program files (x86)\dassault systemes\b18\intel_a\code\bin\orbixd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dassault systemes\b18\intel_a\code\bin\orbixd.exe |
"TCP Query User{378A8F27-29DB-4F4E-92E3-F833093A436A}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{588AFC31-D340-435E-9B45-9A748B5D9D49}C:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe |
"TCP Query User{73A89CAC-B94D-446C-8E68-D14F124BB814}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{73BA56A8-C969-452F-88E5-E54D11441384}C:\program files (x86)\activision\modern warfare 2\iw4mp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\modern warfare 2\iw4mp.exe |
"TCP Query User{7C9A2285-D3D4-47B3-B9E1-940C5128C7BA}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{B5679D85-D148-4D4E-9586-6E342D5A82AD}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"TCP Query User{CDB094BB-3956-44D8-BAED-52E5CC9A2816}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe |
"TCP Query User{D05B6420-8F76-4988-AD56-5B807211B071}C:\program files (x86)\toshiba\bluetooth toshiba stack\tosbtpcs.exe" = protocol=6 | dir=in | app=c:\program files (x86)\toshiba\bluetooth toshiba stack\tosbtpcs.exe |
"TCP Query User{D1105088-B2AA-412E-BDDE-C04B9105B6C7}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe |
"TCP Query User{EA936FB9-CB44-46A9-B5F4-933AE58DBBDC}C:\program files (x86)\dassault systemes\b18\intel_a\code\bin\cnext.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dassault systemes\b18\intel_a\code\bin\cnext.exe |
"TCP Query User{FA0C1EE8-6E22-4E1A-B714-4625AD24F16C}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{075931E8-8856-4DCE-86A5-CBCE0BBF51F3}C:\program files (x86)\activision\modern warfare 2\iw4mp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\modern warfare 2\iw4mp.exe |
"UDP Query User{10BC8D8B-7572-4426-958D-953FD4B593E1}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe |
"UDP Query User{2DA0CCD8-8EDB-4688-B8A2-5DBD4A558FFF}C:\program files (x86)\toshiba\bluetooth toshiba stack\tosbtpcs.exe" = protocol=17 | dir=in | app=c:\program files (x86)\toshiba\bluetooth toshiba stack\tosbtpcs.exe |
"UDP Query User{5C341CB3-B6D6-4F14-BBD8-D79B7001B046}C:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe |
"UDP Query User{6AE41B36-0A9A-4837-9CCB-3D76780402ED}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{84EF3A31-E653-400F-8D05-291A3F11FE17}C:\program files (x86)\dassault systemes\b18\intel_a\code\bin\orbixd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dassault systemes\b18\intel_a\code\bin\orbixd.exe |
"UDP Query User{9EF21E5A-C644-4658-A18C-44A2A542C9A6}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe |
"UDP Query User{A4F22C69-7F97-4CB3-9E46-D9F9921C1AD8}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{A6074FD2-4F7C-4D7F-AF83-1BE8943FC6B4}C:\program files (x86)\dassault systemes\b18\intel_a\code\bin\cnext.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dassault systemes\b18\intel_a\code\bin\cnext.exe |
"UDP Query User{A879F445-1E00-4072-A7BC-D9C79DFE38D8}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{A9325182-3299-4467-BF60-A98749735DC6}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"UDP Query User{B38CF8A4-011E-4CDC-85ED-182D40153CDC}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX310_series" = Canon MX310 series
"{190A60F1-2FEE-0A11-7D37-D8607809CC39}" = ATI Catalyst Install Manager
"{23B45E10-0CA5-43E9-BD6D-C2BD6CBE11AC}" = iTunes
"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5B7A62FB-E8EA-974A-DB49-4000AA3AE422}" = ccc-utility64
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{63DA1F6A-2E65-4367-99B9-9E39FADEC446}" = HDMI Control Manager
"{704ABF63-B0B1-446B-9D92-C5D06AFCE7B6}" = PlayReady PC runtime
"{82B2394D-F5CC-42F0-8DC1-48B3CAA382CC}" = Dassault Systemes Software Prerequisites x86-x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile Device Center Driver Update
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A8EC0CC0-AD8D-4244-B080-424EDF7A7634}" = Native Instruments Traktor 2
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{EB31619C-00FF-4840-82A1-83332C27072E}" = TOSHIBA TV Tuner
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"0E3DD979C5E85A66B9E84D16EFD334748B3B5DA4" = Windows-Treiberpaket - TOSHIBA (mod7700) Media (08/12/2008 2.3.3.24)
"703AB19C282B6ED3F1D3CE92F8DAA864B68A7C91" = ENE CIR Receiver Driver
"CanonMyPrinter" = Canon My Printer
"Dassault Systemes B18_0" = Dassault Systemes Software B18
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"M-WIN-G 7.0.1 1213989_is1" = Wolfram Mathematica 7 for Students (M-WIN-G 7.0.1 1213989)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{06223EA1-8977-4A44-B2AB-30FD78B7DCC1}" = CCC Help Thai
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{08600005-5228-4BF6-845E-E9A957AFDCB4}" = OviMPlatform
"{0CF37D58-38A8-E03F-8DD8-B01B55C09615}" = CCC Help English
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist
"{1C971EE3-B4C4-4367-9676-57549919C6CE}" = TOSHIBA Benutzerhandbücher
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{27349465-3521-8214-5311-286D806C86C3}" = CCC Help Dutch
"{28191B83-1D60-44B6-9B08-E854EF6632D5}" = Ovi Desktop Sync Engine
"{32762866-8C6E-437E-1E79-4506FEB7323A}" = Catalyst Control Center Graphics Full Existing
"{3553E875-F00E-4031-BDEC-75FB1DFEB093}" = Nokia Ovi Suite Software Updater
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3CAF2B2D-0DA3-7BD6-6701-E3D71992DB78}" = Catalyst Control Center Localization All
"{3D0DC563-4C99-4AB1-8C22-514940666938}" = Catalyst Control Center - Branding
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3FC42713-B6E7-49AA-A553-A224FE9828A8}" = Nokia Ovi Suite
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"{45410935-B52C-468A-A836-0D1000018201}" = BulletStorm
"{45633D5F-76CE-B1D7-325B-A3F329AA99DB}" = Catalyst Control Center InstallProxy
"{4786E500-4FA0-C30F-D4E8-0E3D70D86227}" = CCC Help Swedish
"{4F147AEF-790D-DBE2-5830-94D90C02AC24}" = Catalyst Control Center Graphics Full New
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{5985DD7D-67F4-DD15-8589-B3F43C4A111D}" = CCC Help Chinese Traditional
"{5D264375-3E92-7D10-F219-3536F5BAE7BA}" = CCC Help Japanese
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F98C4EE-879F-232C-3F44-0BBFAB6A29D4}" = CCC Help Polish
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{61F8A9EC-5CB4-0001-FF88-C469156BA14C}" = CCC Help German
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{63DA1F6A-2E65-4367-99B9-9E39FADEC446}" = HDMI Control Manager
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67830C2E-0345-7CE7-3829-8AB3D34E3AEB}" = CCC Help Turkish
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A9B4C2D-E651-6DD7-EC1D-AF331F250AB8}" = ccc-core-static
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DEEDB89-D449-B985-4E0E-91D45AF66DFF}" = CCC Help Spanish
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7513A376-16F0-7E53-5CA1-7DA10A6216BC}" = CCC Help Danish
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Disk Creator Reminder
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{811EF3A7-0861-0B8F-5432-3052E8230DC0}" = Catalyst Control Center Graphics Light
"{8259E348-50E8-A3C8-52B8-699DFDD31BA8}" = CCC Help Finnish
"{85E4952C-8C85-A58D-B9D9-783D1FADB775}" = Skins
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8866BCB3-3818-4C66-83BC-92006B5EFE50}" = ArcSoft Magic-i Visual Effects 2
"{8921F4ED-A696-D629-45E6-45A43A0F4FF0}" = CCC Help Czech
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{98C70B57-4930-7088-22F4-93FC196938D0}" = CCC Help Chinese Standard
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6137721-B2D0-1DAF-0B19-12AB0D065C45}" = Catalyst Control Center Core Implementation
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AC1A4255-0EC8-585B-2D1A-8306C07F2B91}" = CCC Help Hungarian
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AEE65D6C-EDF4-B3E1-00CD-B17A6FC6BC6A}" = CCC Help Italian
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B9F119C0-6886-A250-BF18-3ABEAA26F6A5}" = CCC Help Korean
"{BD8A0C60-1AEB-11D6-B8E1-00025521AE60}" = VBA (3821b)
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{DB64C016-1705-36E9-1AEA-C2D4738BDE9A}" = CCC Help Norwegian
"{DB7AE42C-695D-4D36-A8FA-31A1C6454436}" = Nokia PC-Internetzugang
"{DE2E45A2-31B1-7D26-2701-B1244763DE10}" = CCC Help Portuguese
"{E16087F4-3CE3-B644-A5F5-503F55F34CC0}" = CCC Help Russian
"{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}" = TOSHIBA USB Sleep and Charge Utility
"{E4FD13E2-1638-A5B8-E28A-54D39F13D747}" = Catalyst Control Center Graphics Previews Vista
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{F0A386D2-6E15-4A8F-A04E-87CE9BED0D48}" = TOSHIBA ConfigFree
"{F0E4A500-34B5-E8B7-FC2C-3726A0577AAD}" = CCC Help French
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F34009E9-6EA5-F0D2-4D7D-A9CE421908B6}" = CCC Help Greek
"{F6C0D92C-7EBC-4CEE-A0DD-BCE6ADB50E22}" = PARTcommunity 3D Web Viewer
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FB32F52B-0D1C-4214-91A6-5B2DA15A5238}" = Ad-Aware
"{FB9607C0-17B8-42B8-BB99-A1C9F7038363}" = Wolfram Notebook Indexer 2.0
"{FEB650EB-7639-444E-9FC2-C33EE6ED1A37}" = TOSHIBA Remote Control Manager
"AC3Filter_is1" = AC3Filter 1.63b
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"Canon MX310 series Benutzerregistrierung" = Canon MX310 series Benutzerregistrierung
"CanonSolutionMenu" = Canon Utilities Solution Menu
"DAEMON Tools Pro" = DAEMON Tools Pro
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ESET Online Scanner" = ESET Online Scanner v3
"FLV Player" = FLV Player 2.0 (build 25)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free Studio_is1" = Free Studio version 5.1.2
"GFWL_{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"hon" = Heroes of Newerth
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{63DA1F6A-2E65-4367-99B9-9E39FADEC446}" = HDMI Control Manager
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Disk Creator Reminder
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox (3.6.22)" = Mozilla Firefox (3.6.22)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MSC" = McAfee SecurityCenter
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Traktor 2" = Native Instruments Traktor 2
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Internet Access" = Nokia PC-Internetzugang
"OpenAL" = OpenAL
"PDF Editor 3" = PDF Editor 3
"Picasa2" = Picasa 2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Uninstall_is1" = Uninstall 1.0.0.1
"Warcraft III" = Warcraft III
"WildTangent toshiba Master Uninstall" = WildTangent-Spiele
"Windows Mobile Device Handbook" = Windows Mobile®-Gerätehandbuch
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 12.05.2011 05:20:06 | Computer Name = LT | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 14e8 Anfangszeit: 01cc107ceb624f59 Zeitpunkt
der Beendigung: 47
Error - 12.05.2011 13:38:37 | Computer Name = LT | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: fd0 Anfangszeit: 01cc10cb1b375b80 Zeitpunkt
der Beendigung: 14
Error - 12.05.2011 13:39:59 | Computer Name = LT | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 19f0 Anfangszeit: 01cc10cb5abaf870 Zeitpunkt
der Beendigung: 27
Error - 12.05.2011 13:42:34 | Computer Name = LT | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: a84 Anfangszeit: 01cc10c4d2c23880 Zeitpunkt
der Beendigung: 0
Error - 13.05.2011 05:32:53 | Computer Name = LT | Source = WinMgmt | ID = 10
Description =
Error - 13.05.2011 06:47:45 | Computer Name = LT | Source = WinMgmt | ID = 10
Description =
Error - 15.05.2011 13:40:58 | Computer Name = LT | Source = WinMgmt | ID = 10
Description =
Error - 15.05.2011 15:38:55 | Computer Name = LT | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Michael\Downloads\SoftonicDownloader_for_web-page-maker.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die
widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Error - 15.05.2011 16:32:26 | Computer Name = LT | Source = RasClient | ID = 20227
Description =
Error - 15.05.2011 16:56:45 | Computer Name = LT | Source = RasClient | ID = 20227
Description =
[ Media Center Events ]
Error - 22.02.2011 15:14:47 | Computer Name = LT | Source = MCUpdate | ID = 0
Description = Fehler beim Herstellen der Internetverbindung. (6124.1128)
Error - 22.02.2011 15:14:47 | Computer Name = LT | Source = MCUpdate | ID = 0
Description = Serververbindung konnte nicht hergestellt werden.. (6124.1129)
Error - 10.03.2011 07:10:05 | Computer Name = LT | Source = MCUpdate | ID = 0
Description = Fehler beim Herstellen der Internetverbindung. (4744.1128)
Error - 10.03.2011 07:10:05 | Computer Name = LT | Source = MCUpdate | ID = 0
Description = Serververbindung konnte nicht hergestellt werden.. (4744.1129)
Error - 04.04.2011 07:57:17 | Computer Name = LT | Source = MCUpdate | ID = 0
Description = Fehler beim Herstellen der Internetverbindung. (5616.1128)
Error - 04.04.2011 07:57:17 | Computer Name = LT | Source = MCUpdate | ID = 0
Description = Serververbindung konnte nicht hergestellt werden.. (5616.1129)
Error - 04.04.2011 09:21:26 | Computer Name = LT | Source = MCUpdate | ID = 0
Description = Fehler beim Herstellen der Internetverbindung. (5776.1128)
Error - 04.04.2011 09:21:26 | Computer Name = LT | Source = MCUpdate | ID = 0
Description = Serververbindung konnte nicht hergestellt werden.. (5776.1129)
Error - 04.04.2011 10:52:46 | Computer Name = LT | Source = MCUpdate | ID = 0
Description = Fehler beim Herstellen der Internetverbindung. (2204.1128)
Error - 04.04.2011 10:52:46 | Computer Name = LT | Source = MCUpdate | ID = 0
Description = Serververbindung konnte nicht hergestellt werden.. (2204.1129)
[ OSession Events ]
Error - 20.09.2010 08:14:41 | Computer Name = LT | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 16422
seconds with 0 seconds of active time. This session ended with a crash.
Error - 08.07.2011 04:40:19 | Computer Name = LT | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 24
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 17.09.2011 03:25:36 | Computer Name = LT | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X SD/MMC Host Controller" (PCI\VEN_197B&DEV_2382&SUBSYS_FF021179&REV_00\4&2bcebcdb&0&00E5)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 17.09.2011 03:25:36 | Computer Name = LT | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X SD Host Controller" (PCI\VEN_197B&DEV_2381&SUBSYS_FF021179&REV_00\4&2bcebcdb&0&02E5)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 17.09.2011 03:25:36 | Computer Name = LT | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X MS Host Controller" (PCI\VEN_197B&DEV_2383&SUBSYS_FF021179&REV_00\4&2bcebcdb&0&03E5)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 17.09.2011 03:25:37 | Computer Name = LT | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X xD Host Controller" (PCI\VEN_197B&DEV_2384&SUBSYS_FF021179&REV_00\4&2bcebcdb&0&04E5)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 17.09.2011 11:13:44 | Computer Name = LT | Source = Microsoft-Windows-TaskScheduler | ID = 412
Description =
Error - 17.09.2011 11:15:19 | Computer Name = LT | Source = Service Control Manager | ID = 7026
Description =
Error - 17.09.2011 11:18:31 | Computer Name = LT | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X SD/MMC Host Controller" (PCI\VEN_197B&DEV_2382&SUBSYS_FF021179&REV_00\4&2bcebcdb&0&00E5)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 17.09.2011 11:18:31 | Computer Name = LT | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X SD Host Controller" (PCI\VEN_197B&DEV_2381&SUBSYS_FF021179&REV_00\4&2bcebcdb&0&02E5)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 17.09.2011 11:18:32 | Computer Name = LT | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X MS Host Controller" (PCI\VEN_197B&DEV_2383&SUBSYS_FF021179&REV_00\4&2bcebcdb&0&03E5)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 17.09.2011 11:18:32 | Computer Name = LT | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X xD Host Controller" (PCI\VEN_197B&DEV_2384&SUBSYS_FF021179&REV_00\4&2bcebcdb&0&04E5)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
< End of report >
|
|
15.10.2011, 12:28
| #36 |
| | Virus aus Russland ich wollte mal fragen ob jetzt noch etwas ist, da jetzt mal ne zeit lang nichts gekommen ist. |
|
18.10.2011, 20:24
| #37 |
| /// Malwareteam | Virus aus Russland Sorry, Dein Thread ist unter gegangen  Hattest Du wieder Probleme? |
|
06.11.2011, 22:10
| #38 |
| | Virus aus Russland Ok also nach langem Warten muss ich feststellen, dass immer noch etwas nicht stimmt. Bekomme jetzt öfter von Windows Aufforderungen zum zulassen einer gestarteten Anwendung bzw. Installation. Also muss leider noch etwas da sein, im übrigen sind im systemstart schon wieder 2 komische Prozesse |
|
07.11.2011, 13:34
| #39 |
| /// Malwareteam | Virus aus RusslandCombofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!Lade ComboFix von einem dieser Download-Spiegel herunter: BleepingComputer - ForoSpyware * Wichtig !! Speichere ComboFix auf dem Desktop
 Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:  Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren. Wenn ComboFix fertig ist, wird es ein Log erstellen. Bitte füge die C:\ComboFix.txt Deiner nächsten Antwort bei. |
|
07.11.2011, 17:44
| #40 |
| | Virus aus Russland Angehängt als zip. |
|
08.11.2011, 11:11
| #41 |
| | Virus aus Russland Hab heute eine Mail von gmx bekommen: Ihr Account: "geändert" Unsere Referenz: [Ticket AB34039078] Hinweis: Ihr Name in der Anrede zeigt Ihnen, dass diese Nachricht tatsächlich von GMX verschickt wurde. Sehr geehrte/r Herr Michael Heider, Sie erhalten heute eine dringende Nachricht zu Ihrem GMX Account michael-heider@gmx.at und der Sicherheit Ihrer persönlichen Daten. Unser Team von Sicherheitsexperten hat zwei wichtige Informationen für Sie: - Ein Virus hat das Passwort zu Ihrem GMX Account ausgespäht. - Dieser Virus heißt "Zeus" und befindet sich wahrscheinlich auf Ihrem Computer. In dieser E-Mail finden Sie alle notwendigen Informationen, um die Sicherheit Ihres Postfaches und Ihres Computers wiederherzustellen. *************************************************************************** WICHTIG: Von dem Virus "Zeus" geht eine erhebliche Gefahr aus. Er spioniert Passwörter und Bank-Daten aus und leitet sie an seine Urheber weiter. Nach und nach plündern die Angreifer anschließend mithilfe der Bank-Daten die Konten ihrer Opfer aus. Sie möchten mehr über diesen Virus erfahren? Einen Bericht zu diesem Virus finden Sie im 1&1 Blog unter: hxxp://blog.1und1.de/2010/02/11/11-schuetzt-internetnutzer-vor-trojaner-zeus/ *************************************************************************** Und so gewinnen Sie den Kampf gegen Zeus: *************************************************************************** 1. Ändern Sie das Passwort zu Ihrem GMX Account: *************************************************************************** Loggen Sie sich von einem sicheren Computer in Ihren GMX Account ein und ändern Sie Ihr Passwort. Weitere Hinweise finden Sie hier: GMX - FAQ - Wie ndere ich mein Passwort? *************************************************************************** 2. Erkennen Sie, welcher Computer mit dem Virus Zeus infiziert ist: *************************************************************************** Haben Sie in den letzten Tagen über unterschiedliche Computer auf Ihr Postfach zugegriffen? Dann hilft Ihnen die folgende Angabe dabei den betroffenen Computer zu finden: Sie haben den Computer zum folgenden Zeitpunkt benutzt: 05.11.2011 11:59:04 Uhr *************************************************************************** 3. Löschen Sie den Virus: *************************************************************************** Der Virus Zeus nimmt tiefgreifende Veränderungen im Betriebssystem des Computers vor. Da eine Anti-Viren-Software auf dem Betriebssystem läuft, ist es sehr schwierig diesen Virus mit einer Software zu entfernen. Wir empfehlen Ihnen daher, den betroffenen Computer neu zu installieren. TIPP: Allgemeine Unterstützung bei Virus-Infektionen erhalten vom Anti-Botnet-Beratungszentrum der deutschen Initiative botfrei.de. Sie erreichen die Experten des Anti-Botnet-Beratungszentrums unter der folgenden Rufnummer: 0209 - 605 060 Wichtig: Geben Sie bei Ihrem Anruf bitte die folgende Voucher-Nummer an: 01-34039078 *************************************************************************** 4. Ändern Sie anschließend alle Ihre Passwörter: *************************************************************************** Nachdem Sie den Virus erfolgreich entfernt haben, ändern Sie zur Sicherheit das Passwort zu Ihrem GMX Account erneut. Ändern Sie auch alle Ihre anderen Passwörter. Denken Sie an Ihre Passwörter zu: - Ihrem Online-Banking-Zugang - Ihren Konten bei eBay und Paypal - Ihren anderen E-Mail-Konten *************************************************************************** 5. Sichern Sie Ihren Computer für die Zukunft: *************************************************************************** Um Ihren Computer zukünftig optimal zu schützen, empfehlen wir Ihnen die Installation einer professionellen Anti-Viren-Software, wie dem GMX SicherheitsPaket. Weitere Informationen finden Sie unter: GMX - SicherheitsPaket *************************************************************************** Haben Sie noch Fragen an uns? Dann antworten Sie einfach auf diese E-Mail und belassen bitte unsere Referenz [Ticket AB34039078] in Ihrer Nachricht. Wir freuen uns, mit Ihnen gemeinsam für die Sicherheit Ihres Accounts zu sorgen - vielen Dank für Ihre Mitarbeit! Mit freundlichen Grüßen Ihr Abuse-Team -- Abuse-Abteilung GMX Ist das was ernstes? oder stimmt es gar nicht? |
|
08.11.2011, 22:28
| #42 |
| /// Malwareteam | Virus aus Russland Schritt 1 Dowloade Dir bitte TDSSKiller.exe und speichere die Datei am Desktop.
Schritt 2 Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit. |
|
09.11.2011, 18:02
| #43 |
| | Virus aus Russland TDSSKiller hat nichts gefunden aber hier die log: 17:33:46.0905 3596 TDSS rootkit removing tool 2.6.16.0 Nov 7 2011 16:26:51 17:33:46.0928 3596 ============================================================ 17:33:46.0928 3596 Current date / time: 2011/11/09 17:33:46.0928 17:33:46.0928 3596 SystemInfo: 17:33:46.0928 3596 17:33:46.0928 3596 OS Version: 6.0.6002 ServicePack: 2.0 17:33:46.0928 3596 Product type: Workstation 17:33:46.0929 3596 ComputerName: LT 17:33:46.0929 3596 UserName: Michael 17:33:46.0929 3596 Windows directory: C:\Windows 17:33:46.0929 3596 System windows directory: C:\Windows 17:33:46.0929 3596 Running under WOW64 17:33:46.0929 3596 Processor architecture: Intel x64 17:33:46.0929 3596 Number of processors: 2 17:33:46.0929 3596 Page size: 0x1000 17:33:46.0929 3596 Boot type: Normal boot 17:33:46.0929 3596 ============================================================ 17:33:47.0274 3596 Initialize success 17:34:05.0818 5716 ============================================================ 17:34:05.0818 5716 Scan started 17:34:05.0818 5716 Mode: Manual; 17:34:05.0818 5716 ============================================================ 17:34:06.0507 5716 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys 17:34:06.0510 5716 ACPI - ok 17:34:06.0659 5716 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys 17:34:06.0669 5716 adp94xx - ok 17:34:06.0805 5716 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys 17:34:06.0813 5716 adpahci - ok 17:34:06.0940 5716 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys 17:34:06.0944 5716 adpu160m - ok 17:34:07.0068 5716 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys 17:34:07.0074 5716 adpu320 - ok 17:34:07.0251 5716 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys 17:34:07.0262 5716 AFD - ok 17:34:07.0452 5716 AgereSoftModem (e59bc94c0fc336f2f6a07a7e16441c48) C:\Windows\system32\DRIVERS\agrsm64.sys 17:34:07.0477 5716 AgereSoftModem - ok 17:34:07.0609 5716 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys 17:34:07.0611 5716 agp440 - ok 17:34:07.0734 5716 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys 17:34:07.0738 5716 aic78xx - ok 17:34:07.0872 5716 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys 17:34:07.0874 5716 aliide - ok 17:34:08.0008 5716 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys 17:34:08.0010 5716 amdide - ok 17:34:08.0157 5716 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys 17:34:08.0159 5716 AmdK8 - ok 17:34:08.0353 5716 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys 17:34:08.0357 5716 arc - ok 17:34:08.0492 5716 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys 17:34:08.0495 5716 arcsas - ok 17:34:08.0531 5716 ArcSoftKsUFilter (1ce3822b05a5e229286a15ea39369870) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys 17:34:08.0532 5716 ArcSoftKsUFilter - ok 17:34:08.0631 5716 arcvad_ds2dhw (a1ce3ed832ef7c903ada43a64356b76d) C:\Windows\system32\drivers\ArcVad.sys 17:34:08.0634 5716 arcvad_ds2dhw - ok 17:34:08.0763 5716 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys 17:34:08.0765 5716 AsyncMac - ok 17:34:08.0885 5716 atapi (b388797caab36d523840347cc6a39b96) C:\Windows\system32\drivers\atapi.sys 17:34:08.0886 5716 atapi - ok 17:34:09.0171 5716 atikmdag (c28928becd9d35248c2a6cb18032cacc) C:\Windows\system32\DRIVERS\atikmdag.sys 17:34:09.0201 5716 atikmdag - ok 17:34:09.0303 5716 Beep - ok 17:34:09.0415 5716 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys 17:34:09.0416 5716 blbdrive - ok 17:34:09.0520 5716 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys 17:34:09.0521 5716 bowser - ok 17:34:09.0629 5716 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys 17:34:09.0630 5716 BrFiltLo - ok 17:34:09.0736 5716 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys 17:34:09.0737 5716 BrFiltUp - ok 17:34:09.0882 5716 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys 17:34:09.0884 5716 Brserid - ok 17:34:10.0000 5716 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys 17:34:10.0003 5716 BrSerWdm - ok 17:34:10.0104 5716 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys 17:34:10.0106 5716 BrUsbMdm - ok 17:34:10.0201 5716 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys 17:34:10.0203 5716 BrUsbSer - ok 17:34:10.0355 5716 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys 17:34:10.0357 5716 BTHMODEM - ok 17:34:10.0398 5716 catchme - ok 17:34:10.0501 5716 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys 17:34:10.0504 5716 cdfs - ok 17:34:10.0610 5716 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys 17:34:10.0612 5716 cdrom - ok 17:34:10.0734 5716 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys 17:34:10.0737 5716 circlass - ok 17:34:10.0859 5716 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys 17:34:10.0867 5716 CLFS - ok 17:34:11.0027 5716 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys 17:34:11.0028 5716 CmBatt - ok 17:34:11.0130 5716 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys 17:34:11.0134 5716 cmdide - ok 17:34:11.0275 5716 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys 17:34:11.0276 5716 Compbatt - ok 17:34:11.0356 5716 cpuz130 - ok 17:34:11.0445 5716 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys 17:34:11.0446 5716 crcdisk - ok 17:34:11.0577 5716 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys 17:34:11.0578 5716 DfsC - ok 17:34:11.0714 5716 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys 17:34:11.0716 5716 disk - ok 17:34:11.0834 5716 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys 17:34:11.0835 5716 drmkaud - ok 17:34:11.0975 5716 dtsoftbus01 (1cecd1252261153c7873b5d9eb259d65) C:\Windows\system32\DRIVERS\dtsoftbus01.sys 17:34:11.0977 5716 dtsoftbus01 - ok 17:34:12.0105 5716 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys 17:34:12.0118 5716 DXGKrnl - ok 17:34:12.0262 5716 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys 17:34:12.0266 5716 E1G60 - ok 17:34:12.0368 5716 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys 17:34:12.0371 5716 Ecache - ok 17:34:12.0504 5716 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys 17:34:12.0514 5716 elxstor - ok 17:34:12.0638 5716 enecir (cd0c80e5e9a9bf8dd145f43713d77993) C:\Windows\system32\DRIVERS\enecir.sys 17:34:12.0640 5716 enecir - ok 17:34:12.0729 5716 enecirhid (b0b0c493609e40bd9e1b8f2aa9ccbedc) C:\Windows\system32\DRIVERS\enecirhid.sys 17:34:12.0730 5716 enecirhid - ok 17:34:12.0798 5716 enecirhidma (8492d808c79bd6fe439f77be84956cdf) C:\Windows\system32\DRIVERS\enecirhidma.sys 17:34:12.0799 5716 enecirhidma - ok 17:34:12.0942 5716 ENTECH64 (12c061d9f9621be916d58191872ec281) C:\Windows\system32\DRIVERS\ENTECH64.sys 17:34:12.0944 5716 ENTECH64 - ok 17:34:13.0052 5716 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys 17:34:13.0053 5716 ErrDev - ok 17:34:13.0180 5716 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys 17:34:13.0185 5716 exfat - ok 17:34:13.0326 5716 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys 17:34:13.0331 5716 fastfat - ok 17:34:13.0455 5716 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys 17:34:13.0457 5716 fdc - ok 17:34:13.0565 5716 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys 17:34:13.0567 5716 FileInfo - ok 17:34:13.0671 5716 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys 17:34:13.0672 5716 Filetrace - ok 17:34:13.0781 5716 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 17:34:13.0782 5716 flpydisk - ok 17:34:13.0847 5716 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys 17:34:13.0851 5716 FltMgr - ok 17:34:13.0992 5716 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys 17:34:13.0993 5716 Fs_Rec - ok 17:34:14.0068 5716 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys 17:34:14.0070 5716 gagp30kx - ok 17:34:14.0172 5716 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 17:34:14.0173 5716 GEARAspiWDM - ok 17:34:14.0351 5716 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys 17:34:14.0356 5716 HdAudAddService - ok 17:34:14.0423 5716 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys 17:34:14.0429 5716 HDAudBus - ok 17:34:14.0556 5716 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys 17:34:14.0558 5716 HidBth - ok 17:34:14.0656 5716 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys 17:34:14.0657 5716 HidIr - ok 17:34:14.0801 5716 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys 17:34:14.0802 5716 HidUsb - ok 17:34:14.0900 5716 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys 17:34:14.0901 5716 HpCISSs - ok 17:34:15.0019 5716 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys 17:34:15.0026 5716 HTTP - ok 17:34:15.0118 5716 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys 17:34:15.0119 5716 i2omp - ok 17:34:15.0217 5716 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys 17:34:15.0219 5716 i8042prt - ok 17:34:15.0286 5716 iaStor (1adaa4f16073fd0c7270f451fd024e97) C:\Windows\system32\DRIVERS\iaStor.sys 17:34:15.0289 5716 iaStor - ok 17:34:15.0391 5716 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys 17:34:15.0396 5716 iaStorV - ok 17:34:15.0504 5716 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys 17:34:15.0505 5716 iirsp - ok 17:34:15.0645 5716 IntcAzAudAddService (627c6b352718e59df08f02c536e2e0ed) C:\Windows\system32\drivers\RTKVHD64.sys 17:34:15.0658 5716 IntcAzAudAddService - ok 17:34:15.0754 5716 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys 17:34:15.0756 5716 intelide - ok 17:34:15.0837 5716 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys 17:34:15.0837 5716 intelppm - ok 17:34:15.0916 5716 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys 17:34:15.0919 5716 IpFilterDriver - ok 17:34:16.0005 5716 IpInIp - ok 17:34:16.0054 5716 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys 17:34:16.0057 5716 IPMIDRV - ok 17:34:16.0148 5716 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys 17:34:16.0151 5716 IPNAT - ok 17:34:16.0191 5716 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys 17:34:16.0193 5716 IRENUM - ok 17:34:16.0297 5716 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys 17:34:16.0299 5716 isapnp - ok 17:34:16.0405 5716 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys 17:34:16.0408 5716 iScsiPrt - ok 17:34:16.0503 5716 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys 17:34:16.0505 5716 iteatapi - ok 17:34:16.0617 5716 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys 17:34:16.0619 5716 iteraid - ok 17:34:16.0712 5716 JMCR (c241b97aa60ac47fa8c628b3ad489b34) C:\Windows\system32\DRIVERS\jmcr.sys 17:34:16.0714 5716 JMCR - ok 17:34:16.0734 5716 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys 17:34:16.0735 5716 kbdclass - ok 17:34:16.0839 5716 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys 17:34:16.0841 5716 kbdhid - ok 17:34:16.0967 5716 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys 17:34:16.0979 5716 KSecDD - ok 17:34:17.0071 5716 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys 17:34:17.0073 5716 ksthunk - ok 17:34:17.0212 5716 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys 17:34:17.0214 5716 Lbd - ok 17:34:17.0327 5716 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys 17:34:17.0329 5716 lltdio - ok 17:34:17.0451 5716 LPCFilter (9c551a9121639a9779862cb8a6cabf03) C:\Windows\system32\DRIVERS\LPCFilter.sys 17:34:17.0453 5716 LPCFilter - ok 17:34:17.0562 5716 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys 17:34:17.0566 5716 LSI_FC - ok 17:34:17.0645 5716 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys 17:34:17.0649 5716 LSI_SAS - ok 17:34:17.0719 5716 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys 17:34:17.0723 5716 LSI_SCSI - ok 17:34:17.0800 5716 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys 17:34:17.0802 5716 luafv - ok 17:34:17.0865 5716 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys 17:34:17.0866 5716 MBAMProtector - ok 17:34:18.0012 5716 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys 17:34:18.0014 5716 megasas - ok 17:34:18.0118 5716 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys 17:34:18.0125 5716 MegaSR - ok 17:34:18.0254 5716 mfeavfk (088620da20b98578bfc4b97043f24042) C:\Windows\system32\drivers\mfeavfk.sys 17:34:18.0255 5716 mfeavfk - ok 17:34:18.0366 5716 mfehidk (239e677e3e9047550c18b30c26c3ba3e) C:\Windows\system32\drivers\mfehidk.sys 17:34:18.0371 5716 mfehidk - ok 17:34:18.0472 5716 mferkdk (bb6bdc9029ca71d652eadc40ff78f7cb) C:\Windows\system32\drivers\mferkdk.sys 17:34:18.0474 5716 mferkdk - ok 17:34:18.0575 5716 mfesmfk (1f56e31db436287581cbe9a5c4c70e0e) C:\Windows\system32\drivers\mfesmfk.sys 17:34:18.0577 5716 mfesmfk - ok 17:34:18.0701 5716 mod7700 (942394d485e9a1e1c3201af16e1be9d7) C:\Windows\system32\Drivers\dvb7700all.sys 17:34:18.0711 5716 mod7700 - ok 17:34:18.0832 5716 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys 17:34:18.0835 5716 Modem - ok 17:34:18.0928 5716 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys 17:34:18.0930 5716 monitor - ok 17:34:19.0010 5716 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys 17:34:19.0012 5716 mouclass - ok 17:34:19.0111 5716 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys 17:34:19.0113 5716 mouhid - ok 17:34:19.0201 5716 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys 17:34:19.0203 5716 MountMgr - ok 17:34:19.0264 5716 MPFP (ae2e68527013eb4f761eccc630f7f1a3) C:\Windows\system32\Drivers\Mpfp.sys 17:34:19.0267 5716 MPFP - ok 17:34:19.0373 5716 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys 17:34:19.0377 5716 mpio - ok 17:34:19.0470 5716 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys 17:34:19.0473 5716 mpsdrv - ok 17:34:19.0578 5716 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys 17:34:19.0580 5716 Mraid35x - ok 17:34:19.0681 5716 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys 17:34:19.0685 5716 MRxDAV - ok 17:34:19.0814 5716 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys 17:34:19.0818 5716 mrxsmb - ok 17:34:19.0931 5716 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys 17:34:19.0937 5716 mrxsmb10 - ok 17:34:20.0041 5716 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys 17:34:20.0044 5716 mrxsmb20 - ok 17:34:20.0136 5716 msahci (e7e3e515d1d33a2a372d7fce2bbef5d9) C:\Windows\system32\drivers\msahci.sys 17:34:20.0138 5716 msahci - ok 17:34:20.0219 5716 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys 17:34:20.0222 5716 msdsm - ok 17:34:20.0341 5716 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys 17:34:20.0343 5716 Msfs - ok 17:34:20.0444 5716 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys 17:34:20.0445 5716 msisadrv - ok 17:34:20.0553 5716 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys 17:34:20.0555 5716 MSKSSRV - ok 17:34:20.0582 5716 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys 17:34:20.0584 5716 MSPCLOCK - ok 17:34:20.0677 5716 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys 17:34:20.0678 5716 MSPQM - ok 17:34:20.0751 5716 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys 17:34:20.0759 5716 MsRPC - ok 17:34:20.0853 5716 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys 17:34:20.0854 5716 mssmbios - ok 17:34:20.0957 5716 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys 17:34:20.0959 5716 MSTEE - ok 17:34:21.0070 5716 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys 17:34:21.0072 5716 Mup - ok 17:34:21.0196 5716 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys 17:34:21.0201 5716 NativeWifiP - ok 17:34:21.0345 5716 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys 17:34:21.0356 5716 NDIS - ok 17:34:21.0445 5716 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys 17:34:21.0447 5716 NdisTapi - ok 17:34:21.0533 5716 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys 17:34:21.0534 5716 Ndisuio - ok 17:34:21.0639 5716 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys 17:34:21.0643 5716 NdisWan - ok 17:34:21.0736 5716 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys 17:34:21.0738 5716 NDProxy - ok 17:34:21.0857 5716 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys 17:34:21.0859 5716 NetBIOS - ok 17:34:21.0962 5716 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys 17:34:21.0968 5716 netbt - ok 17:34:22.0222 5716 NETw5v64 (2bdcb7b7917380794c9d87ac2153ce33) C:\Windows\system32\DRIVERS\NETw5v64.sys 17:34:22.0367 5716 NETw5v64 - ok 17:34:22.0457 5716 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys 17:34:22.0459 5716 nfrd960 - ok 17:34:22.0578 5716 nmwcd (985a3f046dfcd58e26d3a95283bb8f1d) C:\Windows\system32\drivers\ccdcmbx64.sys 17:34:22.0580 5716 nmwcd - ok 17:34:22.0711 5716 nmwcdc (5eb41a9656388dc21119ccc33f0ee22a) C:\Windows\system32\drivers\ccdcmbox64.sys 17:34:22.0713 5716 nmwcdc - ok 17:34:22.0805 5716 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys 17:34:22.0807 5716 Npfs - ok 17:34:22.0876 5716 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys 17:34:22.0878 5716 nsiproxy - ok 17:34:23.0019 5716 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys 17:34:23.0052 5716 Ntfs - ok 17:34:23.0144 5716 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys 17:34:23.0145 5716 Null - ok 17:34:23.0232 5716 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys 17:34:23.0234 5716 nvraid - ok 17:34:23.0292 5716 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys 17:34:23.0294 5716 nvstor - ok 17:34:23.0385 5716 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys 17:34:23.0387 5716 nv_agp - ok 17:34:23.0412 5716 NwlnkFlt - ok 17:34:23.0421 5716 NwlnkFwd - ok 17:34:23.0511 5716 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys 17:34:23.0513 5716 ohci1394 - ok 17:34:23.0629 5716 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys 17:34:23.0632 5716 Parport - ok 17:34:23.0729 5716 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys 17:34:23.0731 5716 partmgr - ok 17:34:23.0870 5716 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys 17:34:23.0872 5716 pccsmcfd - ok 17:34:23.0932 5716 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys 17:34:23.0935 5716 pci - ok 17:34:24.0054 5716 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\DRIVERS\pciide.sys 17:34:24.0055 5716 pciide - ok 17:34:24.0150 5716 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys 17:34:24.0153 5716 pcmcia - ok 17:34:24.0291 5716 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys 17:34:24.0302 5716 PEAUTH - ok 17:34:24.0414 5716 PGEffect (2c3ba65f8ca712730050c29104e093f9) C:\Windows\system32\DRIVERS\pgeffect.sys 17:34:24.0416 5716 PGEffect - ok 17:34:24.0570 5716 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys 17:34:24.0573 5716 PptpMiniport - ok 17:34:24.0667 5716 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys 17:34:24.0669 5716 Processor - ok 17:34:24.0829 5716 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys 17:34:24.0831 5716 PSched - ok 17:34:24.0974 5716 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys 17:34:25.0001 5716 ql2300 - ok 17:34:25.0103 5716 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys 17:34:25.0107 5716 ql40xx - ok 17:34:25.0245 5716 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys 17:34:25.0247 5716 QWAVEdrv - ok 17:34:25.0360 5716 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys 17:34:25.0362 5716 RasAcd - ok 17:34:25.0492 5716 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys 17:34:25.0495 5716 Rasl2tp - ok 17:34:25.0613 5716 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys 17:34:25.0615 5716 RasPppoe - ok 17:34:25.0747 5716 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys 17:34:25.0750 5716 RasSstp - ok 17:34:25.0886 5716 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys 17:34:25.0893 5716 rdbss - ok 17:34:25.0937 5716 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys 17:34:25.0938 5716 RDPCDD - ok 17:34:26.0052 5716 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys 17:34:26.0060 5716 rdpdr - ok 17:34:26.0157 5716 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys 17:34:26.0159 5716 RDPENCDD - ok 17:34:26.0212 5716 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys 17:34:26.0218 5716 RDPWD - ok 17:34:26.0353 5716 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys 17:34:26.0356 5716 rspndr - ok 17:34:26.0474 5716 RTHDMIAzAudService (ee328f24ffc3ac211f48266864c65fa6) C:\Windows\system32\drivers\RtHDMIVX.sys 17:34:26.0477 5716 RTHDMIAzAudService - ok 17:34:26.0585 5716 RTL8169 (3e800d0dd24c5cfe61a1d71a3f6feab9) C:\Windows\system32\DRIVERS\Rtlh64.sys 17:34:26.0591 5716 RTL8169 - ok 17:34:26.0713 5716 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys 17:34:26.0717 5716 sbp2port - ok 17:34:26.0774 5716 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys 17:34:26.0778 5716 sdbus - ok 17:34:26.0890 5716 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 17:34:26.0892 5716 secdrv - ok 17:34:26.0942 5716 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys 17:34:26.0944 5716 Serenum - ok 17:34:27.0045 5716 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys 17:34:27.0048 5716 Serial - ok 17:34:27.0147 5716 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys 17:34:27.0149 5716 sermouse - ok 17:34:27.0271 5716 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys 17:34:27.0273 5716 sffdisk - ok 17:34:27.0303 5716 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys 17:34:27.0305 5716 sffp_mmc - ok 17:34:27.0411 5716 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys 17:34:27.0413 5716 sffp_sd - ok 17:34:27.0513 5716 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys 17:34:27.0515 5716 sfloppy - ok 17:34:27.0625 5716 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys 17:34:27.0628 5716 SiSRaid2 - ok 17:34:27.0780 5716 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys 17:34:27.0784 5716 SiSRaid4 - ok 17:34:27.0903 5716 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys 17:34:27.0906 5716 Smb - ok 17:34:28.0014 5716 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys 17:34:28.0016 5716 spldr - ok 17:34:28.0164 5716 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys 17:34:28.0183 5716 sptd - ok 17:34:28.0295 5716 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys 17:34:28.0306 5716 srv - ok 17:34:28.0405 5716 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys 17:34:28.0410 5716 srv2 - ok 17:34:28.0517 5716 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys 17:34:28.0522 5716 srvnet - ok 17:34:28.0655 5716 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys 17:34:28.0657 5716 swenum - ok 17:34:28.0711 5716 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys 17:34:28.0713 5716 Symc8xx - ok 17:34:28.0842 5716 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys 17:34:28.0845 5716 Sym_hi - ok 17:34:28.0883 5716 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys 17:34:28.0886 5716 Sym_u3 - ok 17:34:28.0978 5716 SynTP (ea7043973d9305235e7b68ac0c6ec889) C:\Windows\system32\DRIVERS\SynTP.sys 17:34:28.0982 5716 SynTP - ok 17:34:29.0138 5716 Tcpip (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\drivers\tcpip.sys 17:34:29.0159 5716 Tcpip - ok 17:34:29.0297 5716 Tcpip6 (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\DRIVERS\tcpip.sys 17:34:29.0308 5716 Tcpip6 - ok 17:34:29.0410 5716 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys 17:34:29.0411 5716 tcpipreg - ok 17:34:29.0509 5716 tdcmdpst (d45586a9facb2c9708b10e491ef748a6) C:\Windows\system32\DRIVERS\tdcmdpst.sys 17:34:29.0510 5716 tdcmdpst - ok 17:34:29.0615 5716 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys 17:34:29.0617 5716 TDPIPE - ok 17:34:29.0766 5716 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys 17:34:29.0768 5716 TDTCP - ok 17:34:29.0808 5716 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys 17:34:29.0811 5716 tdx - ok 17:34:29.0911 5716 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys 17:34:29.0913 5716 TermDD - ok 17:34:30.0032 5716 Thpdrv (e29a0c5c97615bffab138abe308733b4) C:\Windows\system32\DRIVERS\thpdrv.sys 17:34:30.0034 5716 Thpdrv - ok 17:34:30.0079 5716 Thpevm (d6704940a79831b4fa271d7a73d291d8) C:\Windows\system32\DRIVERS\Thpevm.SYS 17:34:30.0080 5716 Thpevm - ok 17:34:30.0288 5716 tosporte (0e8a784713a08b39e39565c91ece48ba) C:\Windows\system32\DRIVERS\tosporte.sys 17:34:30.0289 5716 tosporte - ok 17:34:30.0410 5716 tosrfbd (f75a48d6d236898caa9e3805b33b0162) C:\Windows\system32\DRIVERS\tosrfbd.sys 17:34:30.0413 5716 tosrfbd - ok 17:34:30.0523 5716 tosrfbnp (77f25d185aa83cf6057606a145c6e732) C:\Windows\system32\Drivers\tosrfbnp.sys 17:34:30.0525 5716 tosrfbnp - ok 17:34:30.0628 5716 Tosrfcom (d554c3411b6c99e970e84e218579a60e) C:\Windows\system32\Drivers\tosrfcom.sys 17:34:30.0635 5716 Tosrfcom - ok 17:34:30.0692 5716 tosrfec (9fb4aa68d4e833c795994513bc9e3aca) C:\Windows\system32\DRIVERS\tosrfec.sys 17:34:30.0694 5716 tosrfec - ok 17:34:30.0819 5716 Tosrfhid (20c3200bc4f4d0df9a2207544e36eef3) C:\Windows\system32\DRIVERS\Tosrfhid.sys 17:34:30.0823 5716 Tosrfhid - ok 17:34:30.0924 5716 tosrfnds (bfa9abdd9cc0b7f2c7bac5ba2f6f4243) C:\Windows\system32\DRIVERS\tosrfnds.sys 17:34:30.0926 5716 tosrfnds - ok 17:34:30.0986 5716 TosRfSnd (eaed2835c62591cf0bebd201e8203a69) C:\Windows\system32\drivers\tosrfsnd.sys 17:34:30.0989 5716 TosRfSnd - ok 17:34:31.0089 5716 Tosrfusb (f88e56d49fe83002bb994872b30c5c3c) C:\Windows\system32\DRIVERS\tosrfusb.sys 17:34:31.0091 5716 Tosrfusb - ok 17:34:31.0244 5716 tos_sps64 (dd50a5df5f7b29fdb6b5fea728c43dc3) C:\Windows\system32\DRIVERS\tos_sps64.sys 17:34:31.0258 5716 tos_sps64 - ok 17:34:31.0389 5716 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys 17:34:31.0391 5716 tssecsrv - ok 17:34:31.0489 5716 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys 17:34:31.0491 5716 tunmp - ok 17:34:31.0541 5716 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys 17:34:31.0543 5716 tunnel - ok 17:34:31.0670 5716 TVALZ (9a744cc3d804ec38a6c2c65bc3c6fcd8) C:\Windows\system32\DRIVERS\TVALZ_O.SYS 17:34:31.0672 5716 TVALZ - ok 17:34:31.0717 5716 TVALZFL (be32a8658a0b56474ad4d0bb8afa8e55) C:\Windows\system32\DRIVERS\TVALZFL.sys 17:34:31.0718 5716 TVALZFL - ok 17:34:31.0841 5716 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys 17:34:31.0844 5716 uagp35 - ok 17:34:31.0971 5716 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys 17:34:31.0979 5716 udfs - ok 17:34:32.0098 5716 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys 17:34:32.0101 5716 uliagpkx - ok 17:34:32.0218 5716 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys 17:34:32.0226 5716 uliahci - ok 17:34:32.0330 5716 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys 17:34:32.0335 5716 UlSata - ok 17:34:32.0433 5716 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys 17:34:32.0438 5716 ulsata2 - ok 17:34:32.0543 5716 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys 17:34:32.0545 5716 umbus - ok 17:34:32.0664 5716 upperdev (afa3a0937b7044a8322d8bc91722c53b) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys 17:34:32.0666 5716 upperdev - ok 17:34:32.0814 5716 USBAAPL64 (cd03479f2da26500b203ed075c146a7a) C:\Windows\system32\Drivers\usbaapl64.sys 17:34:32.0817 5716 USBAAPL64 - ok 17:34:32.0964 5716 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys 17:34:32.0967 5716 usbccgp - ok 17:34:33.0066 5716 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys 17:34:33.0069 5716 usbcir - ok 17:34:33.0203 5716 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys 17:34:33.0206 5716 usbehci - ok 17:34:33.0312 5716 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys 17:34:33.0319 5716 usbhub - ok 17:34:33.0425 5716 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys 17:34:33.0428 5716 usbohci - ok 17:34:33.0535 5716 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys 17:34:33.0537 5716 usbprint - ok 17:34:33.0650 5716 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys 17:34:33.0653 5716 usbscan - ok 17:34:33.0797 5716 usbser (f7386007fb19e7685fc7b298560aa81f) C:\Windows\system32\drivers\usbser.sys 17:34:33.0800 5716 usbser - ok 17:34:33.0944 5716 UsbserFilt (b826f3ff5a1975cc9096b4caadde77b6) C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys 17:34:33.0947 5716 UsbserFilt - ok 17:34:34.0049 5716 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS 17:34:34.0052 5716 USBSTOR - ok 17:34:34.0133 5716 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys 17:34:34.0135 5716 usbuhci - ok 17:34:34.0275 5716 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys 17:34:34.0280 5716 usbvideo - ok 17:34:34.0382 5716 usb_rndisx (1e36bb1a3c5aaf2aa9fa9a126df8c16c) C:\Windows\system32\DRIVERS\usb8023x.sys 17:34:34.0384 5716 usb_rndisx - ok 17:34:34.0499 5716 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys 17:34:34.0502 5716 vga - ok 17:34:34.0535 5716 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys 17:34:34.0537 5716 VgaSave - ok 17:34:34.0636 5716 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys 17:34:34.0638 5716 viaide - ok 17:34:34.0747 5716 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys 17:34:34.0749 5716 volmgr - ok 17:34:34.0872 5716 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys 17:34:34.0882 5716 volmgrx - ok 17:34:34.0984 5716 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys 17:34:34.0991 5716 volsnap - ok 17:34:35.0097 5716 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys 17:34:35.0102 5716 vsmraid - ok 17:34:35.0251 5716 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys 17:34:35.0253 5716 WacomPen - ok 17:34:35.0375 5716 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys 17:34:35.0379 5716 Wanarp - ok 17:34:35.0387 5716 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys 17:34:35.0390 5716 Wanarpv6 - ok 17:34:35.0515 5716 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys 17:34:35.0517 5716 Wd - ok 17:34:35.0649 5716 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 17:34:35.0659 5716 Wdf01000 - ok 17:34:35.0839 5716 WINUSB (7f2f9e48566b2087f2aaad258cb2a8d4) C:\Windows\system32\DRIVERS\WinUSB.SYS 17:34:35.0841 5716 WINUSB - ok 17:34:35.0943 5716 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys 17:34:35.0945 5716 WmiAcpi - ok 17:34:36.0085 5716 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys 17:34:36.0086 5716 WpdUsb - ok 17:34:36.0203 5716 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys 17:34:36.0204 5716 ws2ifsl - ok 17:34:36.0251 5716 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys 17:34:36.0253 5716 WUDFRd - ok 17:34:36.0292 5716 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 17:34:36.0311 5716 \Device\Harddisk0\DR0 - ok 17:34:36.0315 5716 Boot (0x1200) (e8f839df69be399c11be055b4ac83e9c) \Device\Harddisk0\DR0\Partition0 17:34:36.0316 5716 \Device\Harddisk0\DR0\Partition0 - ok 17:34:36.0340 5716 Boot (0x1200) (e93722ad2fe4ce0a1593a8ef9cee3656) \Device\Harddisk0\DR0\Partition1 17:34:36.0341 5716 \Device\Harddisk0\DR0\Partition1 - ok 17:34:36.0342 5716 ============================================================ 17:34:36.0342 5716 Scan finished 17:34:36.0342 5716 ============================================================ 17:34:36.0353 5704 Detected object count: 0 17:34:36.0353 5704 Actual detected object count: 0 17:35:05.0979 3524 Deinitialize success Und hier die von asw: aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software Run date: 2011-11-09 17:36:12 ----------------------------- 17:36:12.554 OS Version: Windows x64 6.0.6002 Service Pack 2 17:36:12.554 Number of processors: 2 586 0x1706 17:36:12.554 ComputerName: LT UserName: 17:36:13.784 Initialize success 17:42:17.023 AVAST engine defs: 11110900 17:43:48.995 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 17:43:49.000 Disk 0 Vendor: TOSHIBA_ FG01 Size: 381554MB BusType: 3 17:43:49.041 Disk 0 MBR read successfully 17:43:49.046 Disk 0 MBR scan 17:43:49.054 Disk 0 Windows VISTA default MBR code 17:43:49.060 Service scanning 17:43:50.549 Modules scanning 17:43:50.553 Disk 0 trace - called modules: 17:43:50.573 ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys iaStor.sys hal.dll 17:43:50.577 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80082b9060] 17:43:50.581 3 CLASSPNP.SYS[fffffa6000dd0c33] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa8007efc1c0] 17:43:50.584 5 thpdrv.sys[fffffa60011d1c8d] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006480050] 17:43:51.439 AVAST engine scan C:\Windows 17:43:54.772 AVAST engine scan C:\Windows\system32 17:45:59.101 AVAST engine scan C:\Windows\system32\drivers 17:46:13.068 AVAST engine scan C:\Users\Michael 17:54:32.028 AVAST engine scan C:\ProgramData 17:58:31.162 Scan finished successfully 18:01:04.956 Disk 0 MBR has been saved successfully to "C:\Users\Michael\Desktop\MBR.dat" 18:01:04.961 The log file has been saved successfully to "C:\Users\Michael\Desktop\aswMBR.txt" |
|
09.11.2011, 19:32
| #44 |
| /// Malwareteam | Virus aus Russland Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
|
|
10.11.2011, 08:32
| #45 |
| | Virus aus Russland nm habe keine extra bekommen aber hier die OTL:OTL Logfile: Code:
ATTFilter OTL logfile created on: 10.11.2011 01:10:59 - Run 5 OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Michael\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 5,96 Gb Total Physical Memory | 3,82 Gb Available Physical Memory | 64,04% Memory free 12,12 Gb Paging File | 9,68 Gb Available in Paging File | 79,80% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 186,31 Gb Total Space | 11,47 Gb Free Space | 6,16% Space Free | Partition Type: NTFS Drive E: | 184,84 Gb Total Space | 171,18 Gb Free Space | 92,61% Space Free | Partition Type: NTFS Computer Name: LT | User Name: Michael | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Michael\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.) PRC - C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe (DT Soft Ltd) PRC - C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe (McAfee, Inc.) PRC - C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) PRC - c:\PROGRA~2\mcafee.com\agent\mcagent.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\McAfee\MSK\MskSrver.exe (McAfee, Inc.) PRC - c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee, Inc.) PRC - c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\Toshiba\TOSHIBA Web Camera Application\TWebCameraSrv.exe (TOSHIBA) PRC - C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION) PRC - C:\Programme\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe (TOSHIBA Corporation.) PRC - C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\Toshiba\TRCMan\TRCMan.exe (TOSHIBA Corporation) ========== Modules (No Company Name) ========== MOD - c:\PROGRA~2\mcafee\msk\mskapbho.dll () MOD - C:\Windows\SysWOW64\RTCOM\RTCOMDLL.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation) SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV:64bit: - (Thpsrv) -- C:\Windows\SysNative\ThpSrv.exe (TOSHIBA Corporation) SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (McAfee SiteAdvisor Service) -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) SRV - (NIHardwareService) -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH) SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (MpfService) -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe (McAfee, Inc.) SRV - (mcmscsvc) -- C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SRV - (MSK80Service) -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe (McAfee, Inc.) SRV - (McShield) -- C:\Programme\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.) SRV - (McSysmon) -- C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe (McAfee, Inc.) SRV - (McProxy) -- c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee, Inc.) SRV - (McNASvc) -- c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe (McAfee, Inc.) SRV - (camsvc) -- C:\Program Files (x86)\Toshiba\TOSHIBA Web Camera Application\TWebCameraSrv.exe (TOSHIBA) SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation) SRV - (TNaviSrv) -- C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.) SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (ConfigFree Gadget Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION) SRV - (GameConsoleService) -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (BBDemon) -- C:\Program Files (x86)\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe (Dassault Systemes) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (Lbd) -- C:\Windows\SysNative\DRIVERS\Lbd.sys (Lavasoft AB) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\DRIVERS\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltjx64.sys (Nokia) DRV:64bit: - (upperdev) -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64.sys (Nokia) DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia) DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys (Duplex Secure Ltd.) DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation) DRV:64bit: - (MPFP) -- C:\Windows\SysNative\Drivers\Mpfp.sys (McAfee, Inc.) DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.) DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.) DRV:64bit: - (mfesmfk) -- C:\Windows\SysNative\drivers\mfesmfk.sys (McAfee, Inc.) DRV:64bit: - (mferkdk) -- C:\Windows\SysNative\drivers\mferkdk.sys (McAfee, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek ) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\DRIVERS\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (JMCR) -- C:\Windows\SysNative\DRIVERS\jmcr.sys (JMicron Technology Corporation) DRV:64bit: - (Thpdrv) -- C:\Windows\SysNative\DRIVERS\thpdrv.sys (TOSHIBA Corporation) DRV:64bit: - (TosRfSnd) -- C:\Windows\SysNative\drivers\tosrfsnd.sys (TOSHIBA Corporation) DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\DRIVERS\TVALZFL.sys (TOSHIBA Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (Tosrfusb) -- C:\Windows\SysNative\DRIVERS\tosrfusb.sys (TOSHIBA CORPORATION) DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\DRIVERS\pgeffect.sys (TOSHIBA Corporation) DRV:64bit: - (tosrfnds) -- C:\Windows\SysNative\DRIVERS\tosrfnds.sys (TOSHIBA Corporation.) DRV:64bit: - (Tosrfhid) -- C:\Windows\SysNative\DRIVERS\Tosrfhid.sys (TOSHIBA Corporation.) DRV:64bit: - (tosrfbnp) -- C:\Windows\SysNative\Drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV:64bit: - (Tosrfcom) -- C:\Windows\SysNative\Drivers\tosrfcom.sys (TOSHIBA Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys (Intel Corporation) DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys (TOSHIBA Corporation) DRV:64bit: - (enecir) -- C:\Windows\SysNative\DRIVERS\enecir.sys (ENE TECHNOLOGY INC.) DRV:64bit: - (NETw5v64) Intel(R) -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys (Intel Corporation) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (arcvad_ds2dhw) -- C:\Windows\SysNative\drivers\ArcVad.sys (ArcSoft, Inc.) DRV:64bit: - (tosrfbd) -- C:\Windows\SysNative\DRIVERS\tosrfbd.sys (TOSHIBA CORPORATION) DRV:64bit: - (ENTECH64) -- C:\Windows\SysNative\DRIVERS\ENTECH64.sys (EnTech Taiwan) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys (Nokia) DRV:64bit: - (mod7700) -- C:\Windows\SysNative\Drivers\dvb7700all.sys (DiBcom) DRV:64bit: - (enecirhid) -- C:\Windows\SysNative\DRIVERS\enecirhid.sys (ENE TECHNOLOGY INC.) DRV:64bit: - (enecirhidma) -- C:\Windows\SysNative\DRIVERS\enecirhidma.sys (ENE TECHNOLOGY INC.) DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\DRIVERS\ArcSoftKsUFilter.sys (ArcSoft, Inc.) DRV:64bit: - (tosporte) -- C:\Windows\SysNative\DRIVERS\tosporte.sys (TOSHIBA Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation) DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys (TOSHIBA Corporation.) DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation) DRV:64bit: - (Thpevm) -- C:\Windows\SysNative\DRIVERS\Thpevm.SYS (TOSHIBA Corporation) DRV:64bit: - (tosrfec) -- C:\Windows\SysNative\DRIVERS\tosrfec.sys (TOSHIBA Corporation) DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys (Agere Systems) DRV - (LPCFilter) -- C:\Windows\system32\DRIVERS\LPCFilter.sys (COMPAL ELECTRONIC INC.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ig IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.4 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files (x86)\Picasa2\npPicasa2.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011.03.24 19:18:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011.11.09 16:44:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.10.29 00:22:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.28 23:52:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.03.24 19:18:33 | 000,000,000 | ---D | M] [2009.09.15 12:48:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\mozilla\Extensions [2011.10.28 20:24:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\3v3a52fx.default\extensions [2009.09.15 12:50:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\3v3a52fx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.07.20 14:48:39 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\3v3a52fx.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2009.09.15 12:48:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.11.09 16:44:48 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR [2011.10.29 00:22:36 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.10.29 00:22:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.29 00:22:34 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.10.29 00:22:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.10.29 00:22:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.29 00:22:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.29 00:22:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.11.07 17:28:12 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\MSKAPB~1.DLL () O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\mskapbho.dll () O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~2\mcafee\VIRUSS~1\scriptsn.dll (McAfee, Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [HDMICtrlMan] C:\Programme\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.) O4:64bit: - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [ThpSrv] C:\Windows\SysNative\thpsrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [cfFncEnabler.exe] C:\Program Files (x86)\TOSHIBA\ConfigFree\cfFncEnabler.exe (Toshiba Corporation) O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NDSTray.exe] C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA) O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TRCMan] C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe (TOSHIBA Corporation) O4 - HKCU..\Run: [WMPNSCFG] File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.) O8 - Extra context menu item: Free YouTube Download - C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30CF765A-FD14-477F-B8CC-DCCE3264146C}: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75AA1371-8315-4730-955B-7135AE381425}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F02BBD11-BCAB-4C99-A96B-03702D52DEB5}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Michael\Pictures\Autos\2008-Abt-Audi-R8-Section-1920x1440.jpg O24 - Desktop BackupWallPaper: C:\Users\Michael\Pictures\Autos\2008-Abt-Audi-R8-Section-1920x1440.jpg O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk - C:\PROGRA~2\Toshiba\BLUETO~1\TosBtMng.exe - (TOSHIBA CORPORATION.) MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - C:\PROGRA~2\MCAFEE~1\20DEB9~1.181\SSSCHE~1.EXE - (McAfee, Inc.) MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan.lnk - - File not found MsConfig:64bit - StartUpFolder: C:^Users^Michael^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^scandisk.lnk - C:\Windows\SysNative\rundll32.exe - (Microsoft Corporation) MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: AlcoholAutomount - hkey= - key= - File not found MsConfig:64bit - StartUpReg: ArcSoft Connection Service - hkey= - key= - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) MsConfig:64bit - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) MsConfig:64bit - StartUpReg: CanonSolutionMenu - hkey= - key= - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - File not found MsConfig:64bit - StartUpReg: DAEMON Tools Pro Agent - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd) MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MsConfig:64bit - StartUpReg: HWSetup - hkey= - key= - C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.) MsConfig:64bit - StartUpReg: ITSecMng - hkey= - key= - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION) MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig:64bit - StartUpReg: mcagent_exe - hkey= - key= - C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) MsConfig:64bit - StartUpReg: NokiaMServer - hkey= - key= - C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) MsConfig:64bit - StartUpReg: NokiaPCInternetAccess - hkey= - key= - C:\Program Files (x86)\Nokia\PC Internet Access\NPCIA.exe (Nokia) MsConfig:64bit - StartUpReg: NvCplDaemonTool - hkey= - key= - C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) MsConfig:64bit - StartUpReg: SmoothView - hkey= - key= - C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) MsConfig:64bit - StartUpReg: TOSHIBA Online Product Information - hkey= - key= - C:\Program Files (x86)\Toshiba\Toshiba Online Product Information\TOPI.exe (TOSHIBA) MsConfig:64bit - StartUpReg: Toshiba Registration - hkey= - key= - C:\Programme\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH) MsConfig:64bit - StartUpReg: TPCHWMsg - hkey= - key= - C:\Programme\TOSHIBA\TPHM\TPCHWMsg.exe (TOSHIBA Corporation) MsConfig:64bit - StartUpReg: Uvixalosacevez - hkey= - key= - C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: Windows Mobile Device Center - hkey= - key= - C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: WrtMon.exe - hkey= - key= - C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe () MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "services" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.11.09 17:35:58 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Michael\Desktop\aswMBR.exe [2011.11.09 17:32:18 | 001,563,952 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Michael\Desktop\tdsskiller.exe [2011.11.07 17:36:11 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\temp [2011.11.07 17:28:26 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011.11.02 00:14:50 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Uwovg ========== Files - Modified Within 30 Days ========== [2011.11.10 00:05:14 | 001,445,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.11.10 00:05:14 | 000,628,742 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.11.10 00:05:14 | 000,595,996 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.11.10 00:05:14 | 000,126,454 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.11.10 00:05:14 | 000,104,070 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.11.09 23:40:17 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.11.09 23:40:16 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.11.09 19:40:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.11.09 18:01:04 | 000,000,512 | ---- | M] () -- C:\Users\Michael\Desktop\MBR.dat [2011.11.09 17:35:59 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Michael\Desktop\aswMBR.exe [2011.11.09 17:32:20 | 001,563,952 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Michael\Desktop\tdsskiller.exe [2011.11.09 16:39:50 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cc0f9c7af0cc20.job [2011.11.09 16:39:29 | 2110,648,319 | -HS- | M] () -- C:\hiberfil.sys [2011.11.09 07:26:53 | 000,042,335 | ---- | M] () -- C:\Windows\SysNative\Config.MPF [2011.11.07 17:43:04 | 000,035,191 | ---- | M] () -- C:\Users\Michael\Desktop\ComboFix.zip [2011.11.07 17:28:12 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2011.11.07 17:08:50 | 004,285,527 | R--- | M] (Swearware) -- C:\Users\Michael\Desktop\ComboFix.exe [2011.10.31 17:59:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cc0f9c7bb5a2c0.job [2011.10.16 16:37:17 | 000,013,606 | ---- | M] () -- C:\Users\Michael\Documents\Unbenannt.jpg [2011.10.13 08:37:48 | 000,344,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2011.11.09 18:01:04 | 000,000,512 | ---- | C] () -- C:\Users\Michael\Desktop\MBR.dat [2011.11.07 17:43:04 | 000,035,191 | ---- | C] () -- C:\Users\Michael\Desktop\ComboFix.zip [2011.10.28 23:52:32 | 000,000,905 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.10.16 16:37:17 | 000,013,606 | ---- | C] () -- C:\Users\Michael\Documents\Unbenannt.jpg [2011.09.29 08:15:36 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat [2011.09.29 08:15:36 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat [2011.09.03 16:10:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2011.09.03 16:10:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2011.09.03 16:10:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.09.03 16:10:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.09.03 16:10:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2010.09.20 19:17:14 | 000,000,680 | ---- | C] () -- C:\Users\Michael\AppData\Local\d3d9caps.dat [2010.06.10 09:58:26 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE [2010.04.28 23:10:41 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe [2010.04.12 17:10:48 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.04.07 14:58:09 | 000,088,872 | ---- | C] () -- C:\Windows\War3Unin.dat [2010.04.02 16:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2009.09.22 20:12:53 | 000,024,226 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\UserTile.png [2009.09.17 07:27:20 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll [2009.09.15 13:06:01 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009.09.15 13:05:30 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2009.09.15 13:04:53 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.09.15 12:48:25 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009.09.15 12:35:41 | 000,113,664 | ---- | C] () -- C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.09.05 10:33:25 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2009.09.05 10:09:15 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.06.05 08:12:14 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2008.09.02 01:32:38 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\SPCtl.dll [2008.01.21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2006.11.02 16:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2006.11.02 13:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2006.11.02 13:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2006.11.02 10:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin ========== LOP Check ========== [2010.03.15 16:43:56 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DAEMON Tools Lite [2011.04.04 18:31:53 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DAEMON Tools Pro [2009.11.09 13:28:01 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DassaultSystemes [2011.10.02 07:59:22 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DVDVideoSoft [2011.07.20 14:48:38 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers [2011.09.01 09:00:11 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Lufec [2009.11.17 22:05:08 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\myphotobook [2011.03.13 21:30:23 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Nokia [2011.03.13 21:30:26 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Nokia Ovi Suite [2011.03.13 21:28:29 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\PC Suite [2009.09.22 20:12:52 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\PeerNetworking [2010.05.12 16:34:44 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\TOSHIBA [2010.12.15 14:22:36 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\TrafficMonitor [2011.06.09 19:13:16 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\TS3Client [2011.11.06 22:06:55 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Uwovg [2011.01.03 10:52:30 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Web Page Maker [2011.03.15 00:59:59 | 000,000,378 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job [2011.04.01 00:33:33 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job [2011.11.09 07:26:54 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.11.07 17:28:26 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2009.06.05 10:19:58 | 000,000,000 | ---D | M] -- C:\1033 [2009.09.17 08:21:46 | 000,000,000 | ---D | M] -- C:\Boot [2006.11.02 16:42:17 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009.09.05 10:47:02 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2010.02.16 16:59:11 | 000,000,000 | ---D | M] -- C:\Games [2009.06.05 09:22:13 | 000,000,000 | ---D | M] -- C:\Intel [2009.06.05 10:20:05 | 000,000,000 | R--D | M] -- C:\MSOCache [2008.01.21 04:04:13 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.09.02 06:25:55 | 000,000,000 | ---D | M] -- C:\ProcAlyzer Dumps [2011.08.28 10:27:15 | 000,000,000 | R--D | M] -- C:\Program Files [2011.10.16 08:27:05 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2011.09.03 16:25:14 | 000,000,000 | ---D | M] -- C:\ProgramData [2009.09.05 10:47:02 | 000,000,000 | -HSD | M] -- C:\Programme [2011.11.07 17:36:13 | 000,000,000 | ---D | M] -- C:\Qoobox [2011.11.10 01:14:28 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2009.09.05 10:58:35 | 000,000,000 | ---D | M] -- C:\Toshiba [2009.11.20 09:19:51 | 000,000,000 | R--D | M] -- C:\Users [2011.11.09 16:40:23 | 000,000,000 | ---D | M] -- C:\Windows [2009.06.05 10:18:08 | 000,000,000 | ---D | M] -- C:\Works [2011.09.02 10:31:36 | 000,000,000 | ---D | M] -- C:\_OTL < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe [2008.10.29 07:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe [2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe [2009.04.11 08:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\ERDNT\cache86\explorer.exe [2009.04.11 08:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe [2009.04.11 08:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe [2008.10.28 03:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe [2008.10.29 07:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe [2008.10.30 06:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe [2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe [2008.01.21 03:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe [2008.01.21 03:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe < MD5 for: REGEDIT.EXE > [2008.01.21 03:49:53 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe [2008.01.21 03:50:29 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\SysWOW64\regedit.exe [2008.01.21 03:50:29 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_5aa1fb3ac896d9c8\regedit.exe [2008.01.21 03:49:53 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=5DFBCE56E689D90AE9E2FB278F80058E -- C:\Windows\ERDNT\cache86\regedit.exe [2008.01.21 03:49:53 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=5DFBCE56E689D90AE9E2FB278F80058E -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_504d50e8943617cd\regedit.exe < MD5 for: USERINIT.EXE > [2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache86\userinit.exe [2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe [2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2008.01.21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\ERDNT\cache64\userinit.exe [2008.01.21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe [2008.01.21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 03:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache86\wininit.exe [2008.01.21 03:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe [2008.01.21 03:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2008.01.21 03:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\ERDNT\cache64\wininit.exe [2008.01.21 03:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe [2008.01.21 03:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\ERDNT\cache64\winlogon.exe [2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe [2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe [2008.01.21 03:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 03:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < > < End of report > |
|
| Themen zu Virus aus Russland |
| ahnung, bild, datei, dll, fenster, genannt, infiziert, installation, komische, lahm, laptop, natürlich, problem, programme, programmen, richtig, rundll, rundll32.exe, system, total, verdammt, verschiedene, versucht, virus, windows |
Textbox.
Linear-Darstellung
